|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
LinkBack | Thread Tools |
12-30-2007, 01:06 AM
|
#1 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 9
OS: WINXP
|
unknown virus.help required
Hi all,
My daughter has been downloading something and has opened a file that she cannot remember,now my computer is not working correctly on re-booting my avg had been removed and also spybot will not run at all, i have tried to boot in safe mode and that wont work either i have done the 5 things i should do before posting the only thing is that i cannot do windows update i believe that has got infected to. i hopr this is enough info for you if you need anymore i will gladly pass it on. My hijack this log is: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:53:44, on 30/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\btbb_wcm\McciTrayApp.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intelligent\Common\RaUI.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Mick\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {3A78EFC5-AFF5-49A3-B84F-9291015A5B65} - C:\WINDOWS\system32\sqlwid32.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [P2kAutostart] C:\DOCUME~1\Mick\LOCALS~1\Temp\Rar$EX00.813\p2k-commander 3.3.0 Beta\P2kAutostart.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Frontier] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Center Agent] C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Versato.exe O4 - Global Startup: Intelligent Wireless Utility.lnk = C:\Program Files\Intelligent\Common\RaUI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O15 - Trusted Zone: http://www.infectioncontrol.nhs.uk O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (Yahoo! Mail Config) - http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 Technologies 3D Room Planner) - http://magnet.2020.net/virtualplanne...erAX_Win32.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://cityview1.ballarat.vic.gov.au...ncRz30View.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1151345905250 O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/temp...control013.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/preq...ivePreQual.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://mickflan.bulldoghome.com/ps/i...re/XUpload.ocx O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - https://register.btinternet.com/temp...control028.cab O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://66.98.130.69/DGTx.CAB O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE -- End of file - 13887 bytes My active scan is: Incident Status Location Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mick\Cookies\mick@112.2o7[1].txt Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Mick\Cookies\mick@adserver.filefront[2].txt Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Mick\Cookies\mick@adviva[1].txt Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Mick\Cookies\mick@anm.co[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mick\Cookies\mick@atdmt[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mick\Cookies\mick@bs.serving-sys[2].txt Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Mick\Cookies\mick@club.cdfreaks[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mick\Cookies\mick@doubleclick[1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Mick\Cookies\mick@ehg-dig.hitbox[1].txt Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Mick\Cookies\mick@hotlog[1].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Mick\Cookies\mick@server.iad.liveperson[2].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Mick\Cookies\mick@statse.webtrendslive[2].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Mick\Cookies\mick@toplist[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mick\Cookies\mick@tribalfusion[1].txt Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Mick\Cookies\mick@webpower[1].txt Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Mick\Cookies\mick@www.myaffiliateprogram[2].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Mick\Cookies\mick@www1.addfreestats[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Mick\Cookies\mick@www3.addfreestats[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Mick\Cookies\mick@xiti[1].txt Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Mick\Cookies\mick@yadro[2].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mick\Desktop\programmes\phone mp3\smitRem.exe[smitRem/Process.exe] Virus:W32/Bagle.QP.worm Disinfected C:\Documents and Settings\Mick\Local Settings\Temporary Internet Files\Content.IE5\051DPB33\b64_3[1].jpg Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\mirc\Mirc\myriad.dll Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\Program Files\eMule\Incoming\Sunfly 242.zip[Myriad/myriad.dll] Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\Program Files\eMule\Incoming\Sunfly 242.zip[Myriad/Myriad/Myriad/myriad.dll] Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\Program Files\eMule\Incoming\Sunfly Hits 236 237 238 & most wanted 868 869 870 CD+G where you can download.zip[Mirc/myriad.dll] Virus:Generic Malware Disinfected C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll Virus:Generic Trojan Disinfected C:\WINDOWS\Downloaded Program Files\btmailcontrol.dll Virus:W32/Bagle.QP.worm Disinfected C:\WINDOWS\system32\wintems.ex_ And my DSS scan is: Deckard's System Scanner v20071014.68 Run by Mick on 2007-12-30 07:45:37 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2007-12-30 07:45:41 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Mick.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:47:53, on 30/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\btbb_wcm\McciTrayApp.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intelligent\Common\RaUI.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Mick\Desktop\dss.exe C:\DOCUME~1\Mick\Desktop\Mick.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {3A78EFC5-AFF5-49A3-B84F-9291015A5B65} - C:\WINDOWS\system32\sqlwid32.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [P2kAutostart] C:\DOCUME~1\Mick\LOCALS~1\Temp\Rar$EX00.813\p2k-commander 3.3.0 Beta\P2kAutostart.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Frontier] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Center Agent] C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Versato.exe O4 - Global Startup: Intelligent Wireless Utility.lnk = C:\Program Files\Intelligent\Common\RaUI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O15 - Trusted Zone: http://www.infectioncontrol.nhs.uk O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (Yahoo! Mail Config) - http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 Technologies 3D Room Planner) - http://magnet.2020.net/virtualplanne...erAX_Win32.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://cityview1.ballarat.vic.gov.au...ncRz30View.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1151345905250 O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/temp...control013.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/preq...ivePreQual.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://mickflan.bulldoghome.com/ps/i...re/XUpload.ocx O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - https://register.btinternet.com/temp...control028.cab O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://66.98.130.69/DGTx.CAB O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE -- End of file - 13915 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System> R0 vax347b - c:\windows\system32\drivers\vax347b.sys R0 vax347s - c:\windows\system32\drivers\vax347s.sys R1 kbfilter (Keyboard Filter Driver) - c:\windows\system32\drivers\kbfilter.sys <Not Verified; WayTech Development, Inc.; Keyboard filter driver> R1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys R1 StarOpen - c:\windows\system32\drivers\staropen.sys R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0> R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT> R3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows> S3 3xHybrid (3xHybrid service) - c:\windows\system32\drivers\3xhybrid.sys (file missing) S3 Cap7134 (Philips Cap7134 Capture) - c:\windows\system32\drivers\cap7134.sys <Not Verified; Philips Semiconductors; Philips cap7134> S3 CnxTgNW (Conexant AccessRunner ADSL WAN PPPoA Adapter Driver) - c:\windows\system32\drivers\cnxtgnw.sys (file missing) S3 MotoSwitchService (MotoSwitch Service) - c:\windows\system32\drivers\motswch.sys (file missing) S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver> S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus> S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64> S3 usb2vcom (USB Data Cable) - c:\windows\system32\drivers\usb2vcom.sys <Not Verified; USB World; USB Data Cable> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 AVG Anti-Spyware Guard - c:\program files\grisoft\avg anti-spyware 7.5\guard.exe (file missing) S3 LiveUpdate - "c:\progra~1\symantec\liveup~1\lucoms~1.exe" (file missing) S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2007-12-21 07:34:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-11-30 and 2007-12-30 ----------------------------- 2007-12-29 20:07:13 0 d-------- C:\Program Files\SpywareBlaster 2007-12-29 20:04:49 0 d-------- C:\ie-spyad_zo 2007-12-29 18:13:56 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus> 2007-12-29 18:12:42 8576 --a------ C:\WINDOWS\system32\drivers\pqjjxhxqihwl.sys <Not Verified; Panda Software International; RKPavProc Driver> 2007-12-29 17:57:37 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-12-29 15:03:34 0 d-------- C:\Documents and Settings\Mick\.housecall6.6 2007-12-29 13:45:48 0 d-------- C:\Program Files\Enigma Software Group 2007-12-29 00:40:48 0 d-------- C:\Program Files\Karaoke Song List Creator 2007-12-29 00:34:03 9761 --a------ C:\www.exe 2007-12-25 11:09:19 0 d-------- C:\Program Files\Flight3 2007-12-22 17:44:56 0 d-------- C:\mirc 2007-12-15 01:20:09 0 d-------- C:\Program Files\Windows Journal Viewer 2007-12-15 01:13:56 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2007-12-15 01:09:20 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller 2007-12-15 01:09:13 0 d-------- C:\Program Files\Windows Live 2007-12-15 01:09:04 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-05 08:27:12 0 dr------- C:\Documents and Settings\LocalService\Favorites -- Find3M Report --------------------------------------------------------------- 2007-12-30 07:42:49 0 d-------- C:\Documents and Settings\Mick\Application Data\Skype 2007-12-29 19:31:51 0 d-------- C:\Program Files\QuickTime 2007-12-29 19:13:10 0 d-------- C:\Program Files\EditPlus 2 2007-12-29 19:11:02 0 d-------- C:\Program Files\DAEMON Tools 2007-12-29 19:05:07 0 d-------- C:\Program Files\BT Broadband Talk Softphone 2007-12-29 18:55:50 0 d-------- C:\Program Files\Acoustica MP3 To Wave Converter PLUS 2007-12-29 17:51:59 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-12-29 17:51:31 0 d-------- C:\Program Files\tvants 2007-12-29 17:51:00 0 d-------- C:\Program Files\MSN Games 2007-12-29 17:50:50 0 d-------- C:\Program Files\Common Files 2007-12-29 17:50:43 0 d-------- C:\Program Files\SopCast 2007-12-29 17:49:05 0 d-------- C:\Program Files\MySpace 2007-12-29 17:46:10 0 d-------- C:\Program Files\honestech TVR 2.0 Trial 2007-12-29 17:45:46 0 d-------- C:\Program Files\GameSpy Arcade 2007-12-29 17:45:17 0 d-------- C:\Program Files\eMule 2007-12-29 14:08:52 0 d-------- C:\Program Files\PeerGuardian2 2007-12-28 18:18:44 0 d-------- C:\Program Files\MP3+G Toolz .NET 4 2007-12-27 15:20:23 0 d-------- C:\Program Files\Call of Duty 2007-12-25 11:32:21 0 d-------- C:\Program Files\Activision 2007-12-19 23:27:56 0 d-------- C:\Documents and Settings\Mick\Application Data\Canon 2007-12-15 19:29:19 0 d-------- C:\Documents and Settings\Mick\Application Data\n-Track Studio5 2007-12-15 01:13:36 0 d-------- C:\Program Files\MSN Messenger 2007-11-26 23:40:13 0 d-------- C:\Program Files\Canon 2007-11-26 23:35:33 0 d-------- C:\Documents and Settings\Mick\Application Data\ScanSoft 2007-11-26 23:35:28 0 d-------- C:\Program Files\Common Files\ScanSoft Shared 2007-11-26 23:35:28 0 d-------- C:\Program Files\Common Files\InstallShield 2007-11-26 23:35:03 0 d-------- C:\Program Files\ScanSoft 2007-11-26 23:33:09 0 d-------- C:\Program Files\ArcSoft 2007-11-26 23:28:16 0 d--h----- C:\Program Files\CanonBJ 2007-11-08 08:23:04 0 d-------- C:\Program Files\KaraokeDX 2007-10-29 21:33:07 86280 --a------ C:\Documents and Settings\Mick\Application Data\GDIPFONTCACHEV1.DAT 2007-10-23 17  08 585728 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>-- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A78EFC5-AFF5-49A3-B84F-9291015A5B65}] C:\WINDOWS\system32\sqlwid32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [28/06/2007 23:43] "nwiz"="nwiz.exe" [28/06/2007 23:43 C:\WINDOWS\system32\nwiz.exe] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [02/11/2004 19:24] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/01/2006 19:52] "@"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 05:24] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [10/12/2005 14:57] "EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [26/10/2007 19:35] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [28/06/2007 09:04] "btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [29/12/2005 10:22] "YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [21/07/2006 16:19] "YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [31/08/2006 16:01] "SoundMan"="SOUNDMAN.EXE" [17/05/2005 10:48 C:\WINDOWS\SOUNDMAN.EXE] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [28/06/2007 23:43] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 21:32] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [30/09/2003 00:14] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [21/03/2006 13:19] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34] "P2kAutostart"="C:\DOCUME~1\Mick\LOCALS~1\Temp\Rar$EX00.813\p2k-commander 3.3.0 Beta\P2kAutostart.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 23:56] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [27/03/2007 14:22] "eyeBeam SIP Client"="" [] "Frontier"="C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe" [26/01/2007 12:00] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [10/05/2007 15:13] "Center Agent"="C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe" [] "drvsyskit"="C:\WINDOWS\system32\drivers\hldrrr.exe" [24/07/2006 03:07] "german.exe"="C:\WINDOWS\system32\wintems.exe" [29/12/2007 20:13] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [28/08/2006 14:07:02] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [05/08/2007 13:34:01] Enable Wireless Keyboard Driver.lnk - C:\Program Files\Wireless Device\Wireless Keyboard\Versato.exe [01/07/2007 20:01:45] Intelligent Wireless Utility.lnk - C:\Program Files\Intelligent\Common\RaUI.exe [24/07/2007 09:16:18] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 00:01:04] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [05/03/2007 20:10:30] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" -- End of Deckard's System Scanner: finished at 2007-12-30 07:49:00 ------------ that was the main and the extra is: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon(tm) 64 Processor 4000+ Percentage of Memory in Use: 20% Physical Memory (total/avail): 2047.48 MiB / 1620.61 MiB Pagefile Memory (total/avail): 3939.49 MiB / 3629.33 MiB Virtual Memory (total/avail): 2047.88 MiB / 1923.91 MiB C: is Fixed (NTFS) - 233.75 GiB total, 100.37 GiB free. D: is CDROM (CDFS) E: is CDROM (No Media) F: is CDROM (No Media) G: is CDROM (No Media) \\.\PHYSICALDRIVE0 - NVIDIA STRIPE 233.76G - 233.76 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 233.75 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe" "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe" "C:\\Program Files\\Thomson SpeedTouch\\ST330\\WebInstaller\\STHIW\\stInstall.exe"="C:\\Program Files\\Thomson SpeedTouch\\ST330\\WebInstaller\\STHIW\\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard" "C:\\Program Files\\Thomson SpeedTouch\\ST330\\service\\st330service.exe"="C:\\Program Files\\Thomson SpeedTouch\\ST330\\service\\st330service.exe:*:Enabled:ST330 service" "C:\\Program Files\\TrackMania Nations ESWC Special Edition\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC Special Edition\\TmNationsESWC.exe:*:Enabled:TmNationsESWC" "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade" "C:\\Program Files\\dwyco2\\cdc32.exe"="C:\\Program Files\\dwyco2\\cdc32.exe:*:Enabled:dwyco cdc32 for Windows95/98/ME/NT4/2K/XP" "C:\\Program Files\\ScanDBX\\ScanDBX.exe"="C:\\Program Files\\ScanDBX\\ScanDBX.exe:*:Enabled:ScanDBX Application" "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail" "C:\\Program Files\\Outlook Express\\msimn.exe"="C:\\Program Files\\Outlook Express\\msimn.exe:*:Enabled:Outlook Express" "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\Program Files\\Paltalk Messenger\\paltalk.exe"="C:\\Program Files\\Paltalk Messenger\\paltalk.exe:*:Enabled:Paltalk Messenger 8.5" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Motorola\\Software Update\\msu.exe"="C:\\Program Files\\Motorola\\Software Update\\msu.exe:*:Enabled:msu" "C:\\Program Files\\Call of Duty\\CoDUOMP.exe"="C:\\Program Files\\Call of Duty\\CoDUOMP.exe:*:Enabled:CoDUOMP" "C:\\Program Files\\Call of Duty\\CoDMP.exe"="C:\\Program Files\\Call of Duty\\CoDMP.exe:*:Enabled:CoDMP" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Program Files\\BT Broadband Talk Softphone\\BTSoftphone.exe"="C:\\Program Files\\BT Broadband Talk Softphone\\BTSoftphone.exe:*:Enabled:BT Softphone" "C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate" "C:\\Program Files\\PPMate\\ppmnet.exe"="C:\\Program Files\\PPMate\\ppmnet.exe:*:Enabled:PPMate" "C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream" "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "C:\\Program Files\\Gigabyte\\ET5\\update.exe"="C:\\Program Files\\Gigabyte\\ET5\\update.exe:*:Enabled:ftptest" "C:\\Documents and Settings\\Mick\\Local Settings\\Temp\\Rar$EX14.328\\Myriad\\mirc.exe"="C:\\Documents and Settings\\Mick\\Local Settings\\Temp\\Rar$EX14.328\\Myriad\\mirc.exe:*:Enabled:mIRC" "C:\\Documents and Settings\\Mick\\Local Settings\\Temp\\Rar$EX01.562\\Myriad\\mirc.exe"="C:\\Documents and Settings\\Mick\\Local Settings\\Temp\\Rar$EX01.562\\Myriad\\mirc.exe:*:Enabled:mIRC" "C:\\Myriad\\mirc.exe"="C:\\Myriad\\mirc.exe:*:Enabled:mIRC" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\mirc\\Mirc\\mirc.exe"="C:\\mirc\\Mirc\\mirc.exe:*:Enabled:mIRC" "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) " "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Mick\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=HOME-GRIL1W5IL7 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Mick LOGONSERVER=\\HOME-GRIL1W5IL7 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 39 Stepping 1, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=2701 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Mick\LOCALS~1\Temp TMP=C:\DOCUME~1\Mick\LOCALS~1\Temp USERDOMAIN=HOME-GRIL1W5IL7 USERNAME=Mick USERPROFILE=C:\Documents and Settings\Mick windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- Mick (admin) -- Add/Remove Programs --------------------------------------------------------- --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 802.11b/g Wireless LAN USB 2.0 Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe" -l0x9 -removeonly Adobe Acrobat 7.0 Professional --> Adobe Acrobat 7.0.9 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002} Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe" Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6} ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9 Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9 AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Bejeweled 2 Deluxe --> C:\WINDOWS\iun6002ev.exe "C:\Program Files\Bejeweled 2 Deluxe\irunin.ini" Belkin keyboard --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Wireless Device\Wireless Keyboard\uninst.isu" -c"C:\Program Files\Wireless Device\Wireless Keyboard\KbUnInst.dll" BT Broadband Talk Softphone 2.0 --> "C:\Program Files\BT Broadband Talk Softphone\unins000.exe" BT Home Hub --> C:\Program Files\BT Home Hub\Uninstall.exe BT Wireless Connection Manager --> C:\Program Files\Common Files\Motive\InstallHelper.exe /dir=C:\Program Files\Common Files\Motive /uninstallvendor=btbb_wcm /uninstallkey=BT Wireless Connection Manager BT Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe BT Yahoo! Login --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ylogin.dll Call of Duty --> C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log Call of Duty - United Offensive --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A662E280-64A8-4CF5-8407-13D0808602B3} Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057 Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409 Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini Canon MP180 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP180\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP180 /L0x0009 Canon MP180 User Registration --> C:\Program Files\Canon\IJEREG\MP180\UNINST.EXE Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini Direct WAV MP3 Splitter 2.4 --> "C:\Program Files\Direct WAV MP3 Splitter\unins000.exe" DocBuilder History Removal Tool --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\DocBuilder\ST6UNST.LOG" DocBuilder History Removal Tool (C:\Program Files\DocBuilder\) --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\DocBuilder\ST6UNST.000" Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" EasyTune5 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Gigabyte\ET5\Uninst.isu" -c"C:\Program Files\Gigabyte\ET5\uninstdrv.dll" EditPlus 2 --> C:\Program Files\EditPlus 2\remove.exe FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\Setup.exe" Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} HijackThis 2.0.2 --> "C:\Documents and Settings\Mick\Desktop\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Instant Photo Effects 2.0 --> C:\Program Files\Instant Photo Effects 2\Uninstall.exe Intel(R) Integrated Performance Primitives RTI 4.0 --> MsiExec.exe /X{E8599535-D16C-488C-8DCE-E0BFC8BA7F8C} J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070} J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080} J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Karaoke Builder Studio 3.x --> C:\KBStudio\UNWISE.EXE C:\KBStudio\INSTALL.LOG Karaoke for DirectX (remove only) --> "C:\Program Files\KaraokeDX\uninstall.exe" LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9} Microsoft Publisher 2002 --> MsiExec.exe /I{90190409-6000-11D3-8CFE-0050048383C9} Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8} mIRC --> "C:\mirc\Mirc\mirc.exe" -uninstall Motorola Driver Installation --> MsiExec.exe /I{9579E862-5FC7-4337-B1CC-5E37451524C5} Motorola Software Update --> MsiExec.exe /I{CCF32FF9-D408-42AB-AE29-46B9183E4EB7} MP3 To Wave Converter PLUS --> C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG MP3+G Toolz --> MsiExec.exe /I{F50A4470-7A45-4A5A-97F8-806990B736C2} MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} MultitrackStudio Professional --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\MTSTUDIO.INF, DefaultUninstall.ntx86 n-Track Studio 5 --> MsiExec.exe /I{D0D6AF0F-A943-4295-9A49-B25A2B807C63} Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NetShow Tools 3.0 --> C:\Program Files\NetShow Services\Tools\_insttoo.exe /U NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan Power CD+G to Video Karaoke Converter --> "C:\Program Files\Doblon\Power CD+G to Video Converter\unins000.exe" PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} QuickTime 3.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\QuickTime\DeIsL1.isu" -c"C:\WINDOWS\system32\QTUninst.dll Random's Flash&Backup 3 --> C:\Documents and Settings\Mick\Desktop\PHONE BACK UP\Flash&Backup 3\uninstall.exe SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem ^^ --> C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio --> Samsung PC Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly Samsung PC Studio II 2.0 Image Editor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8148F35A-B15C-465B-80C2-DC0E1234EC20}\setup.exe" -l0x9 Samsung PC Studio II 2.0 PIMS & File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4E01931-9B3F-49BD-B19B-511000A1E039}\Setup.exe" -l0x9 Samsung USB Driver (MCCI 4.24) --> Samsung USB Driver (MCCI 4.24) --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{77F09242-A107-4CB6-A295-D8656C2C3795} Sandlot Games Client Services --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe" ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5} Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe USB Storage Driver --> DelUIDrv.exe WebFldrs XP --> WiDESYNC 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11AEA686-CD61-4C11-B410-330119375147}\setup.exe" -l0x9 Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7} Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live Photo Gallery --> MsiExec.exe /X{257E440F-781F-459B-9A68-A0872B80C1D6} Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe" XML Paper Specification Shared Components Pack 1.0 --> -- Application Event Log ------------------------------------------------------- Event Record #/Type2888 / Error Event Submitted/Written: 12/30/2007 07:47:03 AM Event ID/Source: 101 / Automatic LiveUpdate Scheduler Event Description: Information Level: error Failed launching Automatic LiveUpdate: err:0x2; The system cannot find the file specified. Event Record #/Type2887 / Error Event Submitted/Written: 12/30/2007 07:47:03 AM Event ID/Source: 101 / Automatic LiveUpdate Scheduler Event Description: Information Level: error Initialization of the COM subsystem failed. Error code: 0x80070002 Event Record #/Type2885 / Error Event Submitted/Written: 12/30/2007 07:42:03 AM Event ID/Source: 101 / Automatic LiveUpdate Scheduler Event Description: Information Level: error Failed launching Automatic LiveUpdate: err:0x2; The system cannot find the file specified. Event Record #/Type2884 / Error Event Submitted/Written: 12/30/2007 07:42:03 AM Event ID/Source: 101 / Automatic LiveUpdate Scheduler Event Description: Information Level: error Initialization of the COM subsystem failed. Error code: 0x80070002 Event Record #/Type2880 / Error Event Submitted/Written: 12/29/2007 08:17:22 PM Event ID/Source: 101 / Automatic LiveUpdate Scheduler Event Description: Information Level: error Failed launching Automatic LiveUpdate: err:0x2; The system cannot find the file specified. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type22770 / Error Event Submitted/Written: 12/30/2007 07:47:03 AM Event ID/Source: 7000 / Service Control Manager Event Description: The LiveUpdate service failed to start due to the following error: %%2 Event Record #/Type22769 / Error Event Submitted/Written: 12/30/2007 07:47:03 AM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%LiveUpdate" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435} Event Record #/Type22764 / Error Event Submitted/Written: 12/30/2007 07:42:06 AM Event ID/Source: 7023 / Service Control Manager Event Description: The Computer Browser service terminated with the following error: %%1460 Event Record #/Type22762 / Error Event Submitted/Written: 12/30/2007 07:42:03 AM Event ID/Source: 7000 / Service Control Manager Event Description: The LiveUpdate service failed to start due to the following error: %%2 Event Record #/Type22761 / Error Event Submitted/Written: 12/30/2007 07:42:03 AM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%LiveUpdate" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435} -- End of Deckard's System Scanner: finished at 2007-12-30 07:49:00 --------- I have tried to do a format but it wont even let me do that it says i dont have a fixed drive in the machine , any help would be greatly appreciated. Thanks : mick |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
01-03-2008, 09:50 AM
|
#2 (permalink) |
|
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Jun 2006
Location: USA
Posts: 7,326
OS: XP SP3
|
Re: unknown virus.help required
Hello and welcome to TSF
 Download Combofix from one of the links below, and save it to your desktop. Link 1 Link 2 Link 3 **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- 1. Disconnect from the internet. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. -------------------------------------------------------------------- Double click on ComboFix.exe & follow the prompts.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall ========================= Download & run this tool > SafeBootKeyRepair-CF It shall only take a short moment for it to finish running. A log shall be produced at C:\SafeBoot_Repair.txt. Please post that in your next reply ===============================
__________________
My services are free. However, you can donate to TSF to help keep it running.   Member of ASAP since 2005 Member of UNITE since 2006 Last edited by amateur; 01-03-2008 at 09:51 AM. |
|
|
|
|
01-03-2008, 10:15 AM
|
#4 (permalink) |
|
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Jun 2006
Location: USA
Posts: 7,326
OS: XP SP3
|
Re: unknown virus.help required
You're welcome. Thanks for letting us know.
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online in future: http://boards.cexx.org/viewtopic.php?t=957 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml Stay safe!
__________________
My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006 |
|
|
|
| Thread Tools | |
|
|
