Tech Support Forum banner
Cancel

Help!No taskbar or anything

Jump to Latest Follow
Status
Not open for further replies.
1 - 20 of 50 Posts
S

· Registered
Joined
·
65 Posts
Discussion Starter · #1 ·
Hey all,
-I have no Task Bar
-I usually cannot copy n paste stuff from different websites for homework n stuff for Brochures for Socials

Well, i guess thats what happens when u mix 1 computer with 4 other people....:grin:

Heres my Log!!

Deckard's System Scanner v20071014.68
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as michel winegarden.exe) -----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:39 PM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Zero Knowledge\TELUS Security service\starter.exe
C:\Program Files\Zero Knowledge\TELUS Security service\Freedom.exe
C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
C:\Updater.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MYWEBS~1\bar\6.bin\m3SrchMn.exe
C:\WINDOWS\msnmsgs.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NewDotNet\nnrun.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\michel winegarden\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\michel winegarden.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mapleglobal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: HyperSearchHook - {BD5F2C80-9A1B-4425-87F3-503490B8EC06} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\PROGRA~1\MYWEBS~1\SrchAstt\5.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRA~1\MYWEBS~1\SrchAstt\5.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRA~1\MYWEBS~1\bar\6.bin\MWSBAR.DLL
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A5DEC2BA-BC68-BDBF-7F33-37F6EDAEBF08} - (no file)
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\system32\navshext2.dll
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRA~1\MYWEBS~1\bar\6.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ZkStarter] C:\Program Files\Zero Knowledge\TELUS Security service\starter.exe
O4 - HKLM\..\Run: [TELUS Security service] C:\Program Files\Zero Knowledge\TELUS Security service\Freedom.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSN] msnmsgs.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\6.bin\m3SrchMn.exe" /m=2 /w
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ToEESetup.exe] C:\DOWNLO~1\TOEESE~1.EXE /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-4017820729-180901630-3585281211-1007\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe (User '?')
O4 - HKUS\S-1-5-21-4017820729-180901630-3585281211-1007\..\Run: [ToEESetup.exe] C:\DOWNLO~1\TOEESE~1.EXE /r (User '?')
O4 - HKUS\S-1-5-21-4017820729-180901630-3585281211-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzeb029YYCA_ZBxdm199YYCA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\pecosbill22\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://peco19.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zan...817ec238c463:a4208bfa02bc00c28518a46b1946de0c
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: gvs1xz7ejjugigll.dll.dll.dll.dll.dll.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: NNServ - New.net, Inc. - C:\Program Files\NewDotNet\nnrun.exe

--
End of file - 10699 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
4 cbidf - c:\windows\system32\drivers\cbidf2k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 cheetah1 - c:\documents and settings\evan.w\desktop\things\cheetah.sys (file missing)
4 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys <Not Verified; Mylex Corporation; Mylex Disk Array Controller Driver>
3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
2 dsunidrv (DellSupport UniDriver) - c:\windows\system32\drivers\dsunidrv.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
3 EL90XBC (3Com EtherLink XL 90XB/C Adapter Driver) - c:\windows\system32\drivers\el90xbc5.sys <Not Verified; 3Com Corporation; 3Com EtherLink PCI>
3 Freedom (Freedom Miniport) - c:\windows\system32\drivers\freedom.sys <Not Verified; Zero-Knowledge Systems Inc.; Freedom>
1 FreeTdi (Freedom Filter) - c:\windows\system32\drivers\freetdi.sys <Not Verified; Zero-Knowledge Systems Inc.; Freedom>
3 geebers12 - c:\program files\maple-fun\vicious\nvid888.sys (file missing)
3 giveio - c:\windows\system32\giveio.sys
3 i81x - c:\windows\system32\drivers\i81xnt5.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
3 iAimFP0 - c:\windows\system32\drivers\wadv01nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
3 iAimFP1 - c:\windows\system32\drivers\wadv02nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
3 iAimFP2 - c:\windows\system32\drivers\wadv05nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
3 iAimFP3 - c:\windows\system32\drivers\wsiintxx.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
3 iAimFP4 - c:\windows\system32\drivers\wvchntxx.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
3 iAimTV0 - c:\windows\system32\drivers\watv01nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
3 iAimTV1 - c:\windows\system32\drivers\watv02nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
3 iAimTV2 - system32\drivers\watv03nt.sys (file missing)
3 iAimTV3 - c:\windows\system32\drivers\watv04nt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
3 iAimTV4 - c:\windows\system32\drivers\wch7xxnt.sys <Not Verified; Intel(R) Corporation; Intel(R) Graphics Accelerator Drivers for Windows NT(R)>
3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT(R)>
0 IFP300 (iriver Internet Audio Player IFP-300) - c:\windows\system32\drivers\ifp300.sys <Not Verified; iRiver, Inc.; IFP-100>
0 IFP700 (iRiver Internet Audio Player IFP-700) - c:\windows\system32\drivers\ifp700.sys <Not Verified; iRiver, Inc.; IFP-100>
3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 mohfilt - c:\windows\system32\drivers\mohfilt.sys <Not Verified; Intel Corporation; Intel(R) 537EP V9x DFV PCI Modem>
2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
3 SDDMI2 - c:\windows\system32\ddmi2.sys (file missing)
3 sejt1 - c:\documents and settings\evan.w\desktop\akuma engine\sejt.sys (file missing)
3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
3 spuce1 - c:\documents and settings\evan.w\my documents\my psp8 files\spuce\spuce.sys (file missing)
3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)>
3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2 zntport (NTPort Library Driver) - c:\windows\system32\zntport.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 Apple Mobile Device - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
3 DSBrokerService - c:\program files\dellsupport\brkrsvc.exe
2 dvpapi - c:\program files\common files\command software\dvpapi.exe
2 NNServ - c:\program files\newdotnet\nnrun.exe
2 SNMP (SNMP Service) - c:\windows\system32\snmp.exe
3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2007-07-28 16:00:19 288 --ah----- C:\WINDOWS\Tasks\A515383391BAAA9B.job
2007-07-25 15:16:17 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-10-30 and 2007-11-30 -----------------------------

2007-11-30 17:42:27 0 d-------- C:\Program Files\Trend Micro
2007-11-30 17:22:09 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-11-29 20:11:53 0 d-------- C:\Program Files\eGames
2007-11-29 20:09:06 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-11-29 20:09:05 0 d-------- C:\Program Files\SpywareBlaster
2007-11-29 18:11:04 0 d-------- C:\Fraps
2007-11-27 21:56:05 0 dr-h----- C:\Documents and Settings\michel winegarden\Recent
2007-11-24 19:40:56 0 d-------- C:\Program Files\Porrasturvat - Stair Dismount
2007-11-24 19:23:46 0 d-------- C:\Program Files\Truck Dismount
2007-11-16 16:37:24 28672 --a------ C:\WINDOWS\system32\Popular Screensavers.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2007-11-13 20:58:13 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-11-06 17:18:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2007-11-24 11:47:55 0 d-------- C:\Program Files\World of Warcraft
2007-11-24 11:46:44 0 d-------- C:\Program Files\Google
2007-11-22 15:49:48 0 d-------- C:\Program Files\CamStudio
2007-11-16 22:02:32 0 d-------- C:\Program Files\MSN Messenger
2007-11-13 20:58:13 0 d-------- C:\Program Files\Common Files
2007-11-12 17:52:32 0 d-a-s---- C:\Program Files\NewDotNet
2007-10-18 20:54:30 0 d-------- C:\Program Files\LimeWire
2007-10-16 18:24:09 0 d-------- C:\Documents and Settings\michel winegarden\Application Data\GetRightToGo
2007-10-10 17:41:03 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-10 16:51:40 0 d-------- C:\Program Files\CCleaner
2007-08-30 00:42:20 55808 -r-hs---- C:\WINDOWS\msnmsgs.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A5DEC2BA-BC68-BDBF-7F33-37F6EDAEBF08}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB}]
11/03/2006 12:44 PM 71680 --a------ C:\WINDOWS\system32\navshext2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D80C4E21-C346-4E21-8E64-20746AA20AEB}]
09/21/2006 02:28 PM 331776 --a------ C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5AA06644-BC46-4220-A460-47A6EB47C96D}"= C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll [09/21/2006 02:28 PM 331776]

[-HKEY_CLASSES_ROOT\CLSID\{5AA06644-BC46-4220-A460-47A6EB47C96D}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/19/2005 07:59 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/19/2005 07:59 AM]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 06:12 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/18/2003 11:01 PM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [04/08/2004 06:56 AM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [07/23/2004 05:22 AM]
"ZkStarter"="C:\Program Files\Zero Knowledge\TELUS Security service\starter.exe" [09/30/2003 02:36 PM]
"TELUS Security service"="C:\Program Files\Zero Knowledge\TELUS Security service\Freedom.exe" [11/25/2004 04:26 PM]
"Motive SmartBridge"="C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe" [11/12/2006 04:53 PM]
"navapp"="C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe" [12/08/2004 11:40 AM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [03/12/2005 06:25 AM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe" [11/16/2007 04:37 PM]
"iRiver Updater"="\Updater.exe" [07/01/2004 02:20 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 02:43 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 08:41 AM]
"MSN"="msnmsgs.exe" [08/30/2007 12:42 AM C:\WINDOWS\msnmsgs.exe]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\6.bin\m3SrchMn.exe" [11/16/2007 04:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe" [11/16/2007 04:37 PM]
"ToEESetup.exe"="C:\DOWNLO~1\TOEESE~1.exe" [12/17/2005 05:46 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarsOnTaskbar"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=gvs1xz7ejjugigll.dll.dll.dll.dll.dll.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - MSISERVER
*Newly Created Service* - WUAUSERV



-- Hosts -----------------------------------------------------------------------

127.0.0.1 dl1.avgate.net
127.0.0.1 dl2.avgate.net
127.0.0.1 dl3.avgate.net
127.0.0.1 dl4.avgate.net
127.0.0.1 dl5.avgate.net
127.0.0.1 dl6.avgate.net
127.0.0.1 dl7.avgate.net
127.0.0.1 dl8.avgate.net
127.0.0.1 dl9.avgate.net
127.0.0.1 bin.errorprotector.com ## added by CiD

69 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-11-30 17:43:43 ------------
 
S

· Registered
Joined
·
65 Posts
Discussion Starter · #2 ·
And, here is my Extra.txt Log!

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 43%
Physical Memory (total/avail): 510 MiB / 286.02 MiB
Pagefile Memory (total/avail): 1246.8 MiB / 1071.17 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1950.16 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 71.46 GiB total, 35.49 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\michel winegarden\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D5CVPC51
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\michel winegarden
LOGONSERVER=\\D5CVPC51
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp
USERDOMAIN=D5CVPC51
USERNAME=michel winegarden
USERPROFILE=C:\Documents and Settings\michel winegarden
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------



-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\TELUSE~1\Uninstall.exe TELUS
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
AOL (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_ca.exe
AOL Connectivity Services --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Mobile Device Support --> MsiExec.exe /I{8FC46258-0843-4D79-B7F0-F2B82FE6173B}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Broadcom Management Programs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
CamStudio --> C:\Program Files\CamStudio\uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Classic PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support --> MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Fraps --> "C:\Fraps\uninstall.exe"
Galaxy of Mahjongg 2 --> C:\PROGRA~1\eGames\GALAXY~1\UNWISE.EXE C:\PROGRA~1\eGames\GALAXY~1\INSTALL.LOG
In-Fisherman Freshwater Trophies --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64963FAF-E357-4B8E-BDB6-A02C9F6C2D4E}
Intel(R) 537EP V9x DFV PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DFV PCI Modem"
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iPhoto Plus 4 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\iPhoto Plus 4\DeIsL1.isu"
iriver Music Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{072D2077-9E22-4F7F-B817-A92CA6CCC843}\Setup.exe" -l0x9 anything
iriver plus 3 (remove only) --> "C:\Program Files\iriver\iriver plus 3\uninstall.exe"
iRiver Updater --> \uninst.exe
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Mahjongg Master 4 --> C:\PROGRA~1\eGames\MAHJON~1\UNWISE.EXE C:\PROGRA~1\eGames\MAHJON~1\INSTALL.LOG
MapleStory --> MsiExec.exe /I{F99C5427-4D78-43E2-B97E-F4C4E622D612}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 2000 --> MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (1.0.7) --> C:\WINDOWS\UninstallFirefox.exe /ua "1.0.7 (en-US)"
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
My Web Search (Cursor Mania) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsbar.dll,O
NavExcel Search Toolbar (remove only) --> C:\WINDOWS\nxstinst.exe -u
New.net Domains 8.0 build 832 --> C:\Program Files\NewDotNet\uninstall.exe
PC Camera (6029 CIF) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{54DC27A1-2708-421E-8915-119955DB3B92}\Setup.exe" -l0x9
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Search Plugin --> C:\DOCUME~1\MICHEL~1\APPLIC~1\BUILDK~1\BIRD GLOBAL.exe -uninstall
Snood for Windows version 3.52-W --> "C:\Program Files\Snood\unins000.exe"
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SP2 Connection Patcher --> C:\Program Files\WXPSP2ConnectionPatcher\uninstall.exe
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Startnow Navigation Helper (v1.0.1.1) --> MsiExec.exe /X{EDE0985B-D652-4573-A89E-803CB2597247}
Stronghold Crusader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe" -l0x9
System Process --> C:\WINDOWS\system32\ccapp.exe
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TELUS eCare --> C:\WINDOWS\Motive\TELUS\MCCUninst.exe
TELUS eCare Plugin --> C:\PROGRA~1\TELUSE~1\SMARTC~1\UNWISE.EXE C:\PROGRA~1\TELUSE~1\SMARTC~1\INSTALL.LOG
TELUS Security & Privacy --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{5DFC8B0F-D5E8-4715-AFAA-5F137977CE6D}
ThumbsPlus version 7.0 --> C:\PROGRA~1\Thumbs7\UNWISE.EXE C:\PROGRA~1\Thumbs7\INSTALL.LOG
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type273022 / Error
Event Submitted/Written: 11/30/2007 05:42:52 PM
Event ID/Source: 1500 / Userenv
Event Description:
Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.


DETAIL - Access is denied.

Event Record #/Type273021 / Error
Event Submitted/Written: 11/30/2007 05:42:48 PM
Event ID/Source: 1500 / Userenv
Event Description:
Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.


DETAIL - Access is denied.

Event Record #/Type273020 / Error
Event Submitted/Written: 11/30/2007 05:42:47 PM
Event ID/Source: 1500 / Userenv
Event Description:
Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.


DETAIL - Access is denied.

Event Record #/Type273019 / Error
Event Submitted/Written: 11/30/2007 05:42:44 PM
Event ID/Source: 1500 / Userenv
Event Description:
Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.


DETAIL - Access is denied.

Event Record #/Type273018 / Error
Event Submitted/Written: 11/30/2007 05:42:44 PM
Event ID/Source: 1500 / Userenv
Event Description:
Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.


DETAIL - Access is denied.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type6074 / Warning
Event Submitted/Written: 11/30/2007 08:42:51 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2007-11-30 17:43:43 ------------
 
forhockey

· Registered
Joined
·
3,028 Posts
#3 ·
Hi SDiablo123,

Sorry for the long delay, as we are extremely busy this time of the year.

This is going to take a few rounds to cleanup, so please stick with me until I say your system is clean.

--------------------------------------------------------------

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to C:\SDFix

DO NOT run SDFix yet. We will shortly

--------------------------------------------------------------

Enter Safe Mode

  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8
  3. Instead of Windows loading as normal, a menu should appear
  4. Use the up arrow key to highlight Safe Mode and press Enter.
  5. Login with your usual account
  6. Once you have logged in, a warning message will appear regarding starting windows in Safe mode, click OK and windows will load your desktop environment

Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.

--------------------------------------------------------------

Run SDFix

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  • Paste the contents of the Report.txt back on the forum

--------------------------------------------------------------

Restart your computer in Normal Mode

--------------------------------------------------------------

  1. Download Combofix from Here or Alternate link

    **Save it directly to your desktop**
  2. Disable your real time protection of your Anti-Virus. Exit the program via the SystemTray icon.
  3. Double click on combofix.exe & follow the prompts. Type "1" and press Enter to begin the scan.
  4. When finished, it shall produce a log for you ( C:\ComboFix.txt ). Post that log in your next reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    --------------------------------------------------------------

No AntiVirus Onboard

I see no evidence of an AntiVirus program on your system. This must be resolved. Here are three very good free Antivirus products which are available:Select one of these, or another of your choice. Download, install, update definitions, and run a full system scan.

Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.

--------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

--------------------------------------------------------------

Please reply back with the following logs:

C:\SDFix\report.txt
C:\ComboFix.txt
Anti-Virus Scan Log
New HiJackThis Log
 
S

· Registered
Joined
·
65 Posts
Discussion Starter · #4 ·
Well, im sorry but i do not think u understand how bad this virus is!
Not yelling at you but:
-When i try to download ANY AV it says, This operating System does not support Unicode.
-I CANNOT Copy n Paste, i even used Ctl+C Ctl+V
-No taskbar/so i dont have start button to get to stuff i need.
-Sometimes i cant even get the thing to even start!!I hit the power button and nothing happens!

Soooo I have NO idea how to do anything u said.
 
forhockey

· Registered
Joined
·
3,028 Posts
#5 ·
Hi SDiablo123,

First, run through the steps. Then try installing the AV.. Malware could be preventing you from installing any AV at this time. Let me know if you still have trouble installing an AV after running SDFix and ComboFix.

Thanks
 
S

· Registered
Joined
·
65 Posts
Discussion Starter · #6 ·
forhockey said:
Hi SDiablo123,

First, run through the steps. Then try installing the AV.. Malware could be preventing you from installing any AV at this time. Let me know if you still have trouble installing an AV after running SDFix and ComboFix.

Thanks
Click to expand...
Ok, ill do that, and i cant really Copy n paste still
So is it ok to Switch between Safe n normal mode?

I have gotten an AV on my computer finally, i have Spybot Search & Destroy,
And that AntiVir one on

Personally i dont really like AntiVir.
Becuase when it finds a detection it makes that Beep sound,
VERY annoying when it gets 10,000 detections > . >
 
forhockey

· Registered
Joined
·
3,028 Posts
#10 ·
Hi SDiablo123,

We are going to try something different, so please scratch my old instructions.

--------------------------------------------------------------

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

--------------------------------------------------------------

Enter Safe Mode

  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8
  3. Instead of Windows loading as normal, a menu should appear
  4. Use the up arrow key to highlight Safe Mode and press Enter.
  5. Login with your usual account
  6. Once you have logged in, a warning message will appear regarding starting windows in Safe mode, click OK and windows will load your desktop environment

Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.

--------------------------------------------------------------

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

My Web Search (Cursor Mania)
New.net Domains 8.0 build 832
Startnow Navigation Helper (v1.0.1.1)
Viewpoint Media Player <<<this is considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". Read this article: http://www.clickz.com/news/article.php/3561546

Additional info: http://vil.nai.com/vil/content/v_137262.htm

--------------------------------------------------------------

Restart your computer in Normal Mode

--------------------------------------------------------------

  1. Download Combofix from Here or Alternate link

    **Save it directly to your desktop**
  2. Disable your real time protection of your Anti-Virus. Exit the program via the SystemTray icon.
  3. Double click on combofix.exe & follow the prompts. Type "1" and press Enter to begin the scan.
  4. When finished, it shall produce a log for you ( C:\ComboFix.txt ). Post that log in your next reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    --------------------------------------------------------------
  5. Re-enable your Anti-Virus if it is not active...a reboot should have re-activated it.
  6. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

    --------------------------------------------------------------

Please reply back with the following logs:

C:\ComboFix.txt
New HiJackThis Log
 
S

· Registered
Joined
·
65 Posts
Discussion Starter · #11 ·
forhockey said:
Hi SDiablo123,

We are going to try something different, so please scratch my old instructions.

--------------------------------------------------------------

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

--------------------------------------------------------------

Enter Safe Mode

  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8
  3. Instead of Windows loading as normal, a menu should appear
  4. Use the up arrow key to highlight Safe Mode and press Enter.
  5. Login with your usual account
  6. Once you have logged in, a warning message will appear regarding starting windows in Safe mode, click OK and windows will load your desktop environment

Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.

--------------------------------------------------------------

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

My Web Search (Cursor Mania)
New.net Domains 8.0 build 832
Startnow Navigation Helper (v1.0.1.1)
Viewpoint Media Player <<<this is considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". Read this article: http://www.clickz.com/news/article.php/3561546

Additional info: http://vil.nai.com/vil/content/v_137262.htm

--------------------------------------------------------------

Restart your computer in Normal Mode

--------------------------------------------------------------

  1. Download Combofix from Here or Alternate link

    **Save it directly to your desktop**
  2. Disable your real time protection of your Anti-Virus. Exit the program via the SystemTray icon.
  3. Double click on combofix.exe & follow the prompts. Type "1" and press Enter to begin the scan.
  4. When finished, it shall produce a log for you ( C:\ComboFix.txt ). Post that log in your next reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    --------------------------------------------------------------
  5. Re-enable your Anti-Virus if it is not active...a reboot should have re-activated it.
  6. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

    --------------------------------------------------------------

Please reply back with the following logs:

C:\ComboFix.txt
New HiJackThis Log
Click to expand...

Well, u dont understand..
I DO NOT HAVE A START BAR!!!(not yellin)

And ok i got ComboFix.exe

And i CANNOT Copy n paste
.
 
forhockey

· Registered
Joined
·
3,028 Posts
#12 · (Edited)
Hi SDiablo123,

Well, u dont understand..
I DO NOT HAVE A START BAR!!!(not yellin)
Click to expand...
Please remain calm as there are many ways around this. Please do not use CAPS as it is considered yelling (even though you do not mean it)


Do you have another computer in your household, which you can use to access this page, so that you can follow these instructions? Another way is to manually type the main points and save the text document to your desktop, like what program names need to be uninstalled, how to run ComboFix, etc.


Lets try accessing Add/ Remove Programs a different way then...

Open Task Manager by pressing all 3 of these keys Ctrl Alt Del.
In the top left corner of the dialog box, click 'File'
Select 'New Task (Run...)

Type "appwiz.cpl" in the textbox
Click OK

Add / Remove Programs will now appear.

Uninstall the following programs:

My Web Search (Cursor Mania)
New.net Domains 8.0 build 832
Startnow Navigation Helper (v1.0.1.1)
Viewpoint Media Player

--------------------------------------------------------------

Next.... Run ComboFix.exe (Make sure it is on your desktop)

Make sure no web browsers are open.

If you have trouble copying and pasting the ComboFix log, then you can attach it by following these instructions:

To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and then click on Browse
  2. Navigate to the file
  3. Click Upload.
 
S

· Registered
Joined
·
65 Posts
Discussion Starter · #13 ·
Ok, sorry for yellin its just, having to use this computer for bout 3 months is VERY annoying/frustrating

no i do not have another computer in my house,

Ok i took all those out.

Allright ill post it in bout 10 mins( ComboFix.exe
 
S

· Registered
Joined
·
65 Posts
Discussion Starter · #14 ·
ok well, i just scanned my computer with ComboFix.exe
Took bout, 10-15 mins, not bad.

ComboFix 07-12-12.3 - 2007-12-13 19:41:16.1 - NTFSx86
Running from: C:\Documents and Settings\michel winegarden\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\sbsdwin95req.exe
C:\Documents and Settings\Application Data\FunWebProducts
C:\Documents and Settings\Application Data\FunWebProducts\Data\Evan.W\avatar.dat
C:\Documents and Settings\Application Data\FunWebProducts\Data\Evan.W\register.dat
C:\WINDOWS\images.zip
C:\WINDOWS\system32\drivers\fad.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FAD
-------\LEGACY_NNSERV
-------\nm
-------\NNServ


((((((((((((((((((((((((( Files Created from 2007-11-14 to 2007-12-14 )))))))))))))))))))))))))))))))
.

2007-12-09 15:29 . 2007-12-09 15:29 <DIR> d-------- C:\Program Files\HyCam2
2007-12-07 14:46 . 2007-12-07 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-06 21:16 . 2007-12-06 21:16 <DIR> d-------- C:\Documents and Settings\michel winegarden\Application Data\Spybot - Search & Destroy
2007-12-06 20:48 . 2007-12-06 20:48 <DIR> d-------- C:\Program Files\Avira
2007-12-06 20:48 . 2007-12-06 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-05 16:17 . 2007-12-05 16:17 <DIR> d-------- C:\Program Files\Mu Gods
2007-12-05 15:25 . 2007-12-05 15:25 <DIR> d-------- C:\Fraps
2007-12-05 15:25 . 2007-12-06 20:35 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-30 17:42 . 2007-11-30 17:42 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-30 17:22 . 2007-11-30 17:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot2
2007-11-29 20:11 . 2007-11-29 20:11 <DIR> d-------- C:\Program Files\eGames
2007-11-29 20:09 . 2007-12-03 21:48 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-29 20:09 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL
2007-11-24 19:40 . 2007-11-29 19:08 <DIR> d-------- C:\Program Files\Porrasturvat - Stair Dismount
2007-11-24 19:23 . 2007-12-11 18:44 <DIR> d-------- C:\Program Files\Truck Dismount

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 04:12 --------- d-----w C:\Documents and Settings\pecosbill22\Application Data\buildkindiso
2007-12-07 03:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Rect Third Bend Soap
2007-12-05 02:43 --------- d-----w C:\Program Files\LimeWire
2007-12-04 04:37 --------- d-----w C:\Program Files\NavExcel Search Toolbar
2007-11-24 18:47 --------- d-----w C:\Program Files\World of Warcraft
2007-11-22 22:49 --------- d-----w C:\Program Files\CamStudio
2007-11-17 05:02 --------- d-----w C:\Program Files\MSN Messenger
2007-11-14 03:58 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-11-09 05:22 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Talkback
2007-11-07 00:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-17 01:24 --------- d-----w C:\Documents and Settings\michel winegarden\Application Data\GetRightToGo
2006-03-05 03:03 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2007-08-30 07:42 55,808 --sh--r C:\WINDOWS\msnmsgs.exe
2005-10-25 23:15 24,576 --sh--w C:\WINDOWS\SYSTEM32\bzofygw\lsass.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarsOnTaskbar"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli

.
Contents of the 'Scheduled Tasks' folder
"2007-07-28 23:00:19 C:\WINDOWS\Tasks\A515383391BAAA9B.job"
- c:\docume~1\pecosb~1\applic~1\buildk~1\Info Skip Default.exe
"2007-07-25 22:16:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 19:51:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-13 19:53:59 - machine was rebooted
 
forhockey

· Registered
Joined
·
3,028 Posts
#15 · (Edited)
Hi SDiablo123,

If you could stop quoting my whole replies, as it makes the posts very lengthy and hard on the eyes. I'm aware of what I've posted in my replies.

Thank you

--------------------------------------------------------------

I want you to try the following and let me know what happens.

Press Ctrl + Esc

OR

Press the Windows key on your keyboard

--------------------------------------------------------------

I Forgot a program which needs to be removed.

Open Task Manager by pressing all 3 of these keys Ctrl Alt Del.
In the top left corner of the dialog box, click 'File'
Select 'New Task (Run...)

Type "appwiz.cpl" in the textbox
Click OK

Add / Remove Programs will now appear.

Uninstall the following programs:

NavExcel Search Toolbar (remove only)

--------------------------------------------------------------

Please download CFScript.txt, which I've attached to this post and save it on your desktop.

It can be downloaded **EDIT**


Referring to the picture above, drag CFScript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------

Please run DSS again, and post the resulting log (only main.txt should appear)

--------------------------------------------------------------

Please reply back with the following:

Answers to inquiry.
C:\ComboFix.txt
main.txt (From DSS)
Update on system behavior?
 
S

· Registered
Joined
·
65 Posts
Discussion Starter · #16 · (Edited)
:(
Ok, i tried that Windows Button on the keyboard, it doesnt really do anything
I tried to take off the NavExcel Search Toolbar and it wont come off, i used the Remove button and nothin happened.
Nvm, its on the top left of the screen ( CFScript.txt)
Oh and just wundering, is there any chance that anything u post here will screw up my computer even more?
 
forhockey

· Registered
Joined
·
3,028 Posts
#17 ·
1. What about pressing Ctrl + ESC on your keyboard?

2. Skip uninstalling that program.

3. I've been helping people in your situation for quite awhile now, and will only post fixes to better your machine. I'll leave the screwing up of your computer to Malware/Viruses :mad:
 
S

· Registered
Joined
·
65 Posts
Discussion Starter · #18 ·
Haha, ok, do u have any suggestions to what i should do to fix the Coypy n paste thing.
And Ctrl + Esc doesnt do anything either :(

And honestly do u think we can get this computer clean enough so i can download games?
 
1 - 20 of 50 Posts
Status
Not open for further replies.
About this Discussion
49 Replies
2 Participants
Last post:
forhockey
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top