Tech Support banner

Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
34 Posts
Discussion Starter #1
Deckard's System Scanner v20071014.68
Run by Babes on 2007-11-21 18:08:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2007-11-21 18:08:05 UTC - RP927 - Deckard's System Scanner Restore Point
2: 2007-11-20 21:52:45 UTC - RP926 - System Checkpoint
1: 2007-11-20 21:05:12 UTC - RP925 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Babes.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:10:12, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark P910 Series\lxbymon.exe
C:\Program Files\Lexmark P910 Series\ezprint.exe
C:\Program Files\Common Files\AOL\1190756965\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\lxbycoms.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Babes\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Babes.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.gameshadow.biz/order/default.asp?promo=EID001&buy=0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\Program files\bitcomet\tools\BitCometBHO_1.1.7.4.dll
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [lxbymon.exe] "C:\Program Files\Lexmark P910 Series\lxbymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark P910 Series\ezprint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,[email protected]
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1190756965\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [AVP] "C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe"
O4 - HKLM\..\RunServices: [Mircosoft Windows Developer Enviroment] devenv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Dialer] "C:\Program Files\Common Files\AOL\ACS\AOlDial.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - G:\Program files\bitcomet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O22 - SharedTaskScheduler: convalescently - {cea2e5cd-e849-427b-80f0-59298caef1c4} - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: The Shield Deluxe 2008 (AVP) - PCSecurityShield - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Babes/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Babes/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 6102 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - c:\windows\system32\drivers\sfsync03.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 ppsio2 (PPDevice) - c:\windows\system32\drivers\ppsio2.sys <Not Verified; ; Flatbed DevDriver/NT4>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys

S3 Amps2prt (A4Tech PS/2 Port Mouse Driver) - c:\windows\system32\drivers\amps2prt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech iWheelWorks Mouse Driver>
S3 AR5211 (NETGEAR WG311T V1H3 Wireless Adapter Service) - c:\windows\system32\drivers\wg311t13.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter>
S3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys (file missing)
S3 PPJoyBus (Parallel Port Joystick Bus device driver) - c:\windows\system32\drivers\ppjoybus.sys <Not Verified; Deon van der Westhuysen; Parallel Port Joystick Bus Enumerator>
S3 Profos - c:\program files\common files\bitdefender\bitdefender threat scanner\profos.sys (file missing)
S3 Trufos - c:\program files\common files\bitdefender\bitdefender threat scanner\trufos.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S4 freenet-darknet-8888 (Freenet 0.7 darknet-8888) -
S4 freenet-darknet-8888-8888 (Freenet 0.7 darknet-8888-8888) -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_80A71043&REV_A1\3&13C0B0C5&0&20
Manufacturer: Nvidia
Name: NVIDIA nForce Networking Controller
PNP Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_80A71043&REV_A1\3&13C0B0C5&0&20
Service: NVENET

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Standard Game Port
Device ID: CMI\CHILD0000\5&39569AEB&0&0000
Manufacturer: (Standard system devices)
Name: Standard Game Port
PNP Device ID: CMI\CHILD0000\5&39569AEB&0&0000
Service: gameenum

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: NERO IMAGEDRIVE SCSI Controller
Device ID: IMAGEDRV\NEROIMAGEDRV\0000
Manufacturer: Unknown Manufacturer
Name: NERO IMAGEDRIVE SCSI Controller
PNP Device ID: IMAGEDRV\NEROIMAGEDRV\0000
Service: imagedrv


-- Scheduled Tasks -------------------------------------------------------------

2007-11-21 18:00:00 264 --ah----- C:\WINDOWS\Tasks\AC0700BB9184B487.job
2007-11-21 17:00:02 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2007-11-21 09:16:57 372 --a------ C:\WINDOWS\Tasks\RegCure.job
2007-11-16 10:10:16 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-10-21 and 2007-11-21 -----------------------------

2007-11-21 18:10:03 0 d-------- C:\Program Files\Trend Micro
2007-11-21 17:57:59 0 d-------- C:\Program Files\SpywareBlaster
2007-11-19 21:30:51 0 d-------- C:\Documents and Settings\Babes\Application Data\BitDefender
2007-11-19 21:26:31 0 d-------- C:\Program Files\BitDefender
2007-11-19 21:26:31 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-11-19 21:24:05 0 d-------- C:\Program Files\Common Files\BitDefender
2007-11-19 18:29:25 0 d-------- C:\Program Files\Ubisoft
2007-11-19 18:28:57 0 d-------- C:\Documents and Settings\Babes\Application Data\InstallShield
2007-11-17 21:04:12 0 d-------- C:\Program Files\RegistryFix
2007-11-17 11:57:15 0 d-------- C:\Program Files\RegCure
2007-11-03 12:19:56 0 d-------- C:\Program Files\Apple Software Update
2007-11-03 12:19:02 0 d-------- C:\Program Files\Common Files\Apple
2007-11-03 12:19:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-10-30 14:12:28 200704 --a------ C:\WINDOWS\system32\WG1v2Lib.dll <Not Verified; NETGEAR Inc.; WG1v2lib Dynamic Link Library>
2007-10-30 12:35:53 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-30 12:35:32 0 d-------- C:\Program Files\Common Files\ODBC
2007-10-28 15:14:03 0 d-------- C:\Program Files\Hide My IP Address
2007-10-28 15:07:08 16803704 --a------ C:\Program Files\hidemyipaddress_dl.exe
2007-10-21 17:21:51 0 d-------- C:\Program Files\Guild Wars


-- Find3M Report ---------------------------------------------------------------

2007-11-21 18:07:13 0 d-------- C:\Program Files\Lx_cats
2007-11-19 21:24:05 0 d-------- C:\Program Files\Common Files
2007-11-19 18:29:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-19 13:23:58 0 d-------- C:\Program Files\Common Files\AOL
2007-11-18 21:49:37 0 d-------- C:\Program Files\Decoupage
2007-11-18 19:45:42 2880 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-18 11:09:03 0 d-------- C:\Documents and Settings\Babes\Application Data\LimeWire
2007-11-17 12:22:00 0 d-------- C:\Documents and Settings\Babes\Application Data\dvdcss
2007-11-15 19:37:38 0 d-------- C:\Documents and Settings\Babes\Application Data\Ahead
2007-10-30 14:20:47 0 d-------- C:\Program Files\VoyagerTest
2007-10-30 14:18:11 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-10-30 12:42:06 0 d-------- C:\Program Files\NETGEAR
2007-10-28 12:47:19 0 d-------- C:\Program Files\WinAVI Video Converter
2007-10-28 12:47:08 0 d-------- C:\Program Files\WinAVI MP4 Converter
2007-10-27 10:41:59 0 d-------- C:\Program Files\DVD Decrypter
2007-10-25 19:53:55 0 d-------- C:\Program Files\AOL 9.0
2007-10-09 13:23:38 0 d-------- C:\Documents and Settings\Babes\Application Data\ThatCdromBody
2007-10-08 12:03:07 0 d-------- C:\Program Files\PCSecurityShield
2007-10-07 00:46:14 0 d-------- C:\Documents and Settings\Babes\Application Data\DivX
2007-10-06 15:15:46 0 d-------- C:\Program Files\DivX
2007-10-06 11:58:33 80 -r-hs---- C:\WINDOWS\system32\89227CDA9C.dll
2007-10-05 09:17:52 0 d-------- C:\Program Files\ThatCdromBody
2007-10-04 16:31:48 0 d-------- C:\Documents and Settings\Babes\Application Data\AVSMedia
2007-10-04 16:31:20 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-10-04 16:30:39 0 d-------- C:\Program Files\AVSMedia
2007-10-04 08:09:38 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-10-04 07:46:00 0 d-------- C:\Program Files\Common Files\aolshare
2007-10-03 18:19:11 0 --a------ C:\Documents and Settings\Babes\Application Data\AVSDVDPlayer.m3u
2007-10-02 09:38:58 0 d-------- C:\Program Files\WinAVI VideoConverter
2007-10-02 09:27:24 2572 --a------ C:\WINDOWS\WINDVDBOOTRECDOE.sys
2007-10-02 09:27:19 0 d-------- C:\Program Files\winavi dvd copy
2007-10-02 09:25:58 0 d-------- C:\Program Files\winavi ipod
2007-10-02 09:22:53 0 d-------- C:\Program Files\WinAVI Video Capture
2007-09-28 16:07:52 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 16:05:50 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-09-28 16:05:50 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-09-28 16:05:40 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-28 16:05:40 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-28 16:05:40 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-28 16:05:40 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-28 16:05:08 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-09-26 12:58:25 0 d-------- C:\Program Files\VoyagerModem105Drivers
2007-09-25 22:11:04 0 d-------- C:\Program Files\AOL Companion
2007-09-25 19:03:30 0 d-------- C:\Documents and Settings\Babes\Application Data\AOL
2007-09-25 18:35:58 0 d-------- C:\Program Files\QuickTime
2007-09-24 20:45:34 0 d-------- C:\Program Files\Common Files\Real
2007-09-24 20:45:02 0 d-------- C:\Program Files\Real
2007-09-24 20:34:25 0 d-------- C:\Program Files\Windows Media Components
2007-09-24 12:58:40 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-09-22 11:24:45 0 d-------- C:\Program Files\MOVAVI
2007-09-13 15:56:24 31 --a------ C:\WINDOWS\system32\getfile.dat
2007-08-31 21:03:46 4064 --a------ C:\WINDOWS\mozver.dat
2007-08-23 13:03:48 204864 --a------ C:\WINDOWS\system32\klogon.dll <Not Verified; PCSecurityShield; The Shield Deluxe 2008>
2007-08-21 22:14:36 32 --a------ C:\WINDOWS\go


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/01/2007 11:06]
"NvCplDaemon"="RUNDLL32.exe" [04/08/2004 00:56 C:\WINDOWS\system32\rundll32.exe]
"lxbymon.exe"="C:\Program Files\Lexmark P910 Series\lxbymon.exe" [18/01/2005 03:50]
"EzPrint"="C:\Program Files\Lexmark P910 Series\ezprint.exe" [17/09/2004 07:24]
"NvMediaCenter"="RUNDLL32.exe" [04/08/2004 00:56 C:\WINDOWS\system32\rundll32.exe]
"LXBYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll" [02/11/2004 09:13]
"HostManager"="C:\Program Files\Common Files\AOL\1190756965\ee\AOLSoftware.exe" [17/11/2006 13:21]
"nwiz"="nwiz.exe" [22/10/2006 12:22 C:\WINDOWS\system32\nwiz.exe]
"AVP"="C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe" [23/08/2007 13:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
"AOL Dialer"="C:\Program Files\Common Files\AOL\ACS\AOlDial.exe" [10/01/2007 11:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Mircosoft Windows Developer Enviroment"=devenv.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [25/09/2007 19:01:47]
NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [29/05/2006 20:24:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Spy Sweeper Updater V 2.0.0.lnk]
backup=C:\WINDOWS\pss\Spy Sweeper Updater V 2.0.0.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mircosoft Windows Developer Enviroment]
devenv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"nwiz.exe" /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTBatteryMeter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Program Files\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"InCDsrv"=2 (0x2)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"StarWindService"=2 (0x2)
"WANMiniportService"=2 (0x2)
"iPod Service"=3 (0x3)
"freenet-darknet-8888-8888"=2 (0x2)
"freenet-darknet-8888"=2 (0x2)
"usnjsvc"=3 (0x3)




-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

60 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-11-21 18:10:53 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 2600+
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 1279.49 MiB / 876.34 MiB
Pagefile Memory (total/avail): 3053.68 MiB / 2810.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.16 MiB

C: is Fixed (NTFS) - 38.28 GiB total, 5.8 GiB free.
E: is CDROM (No Media)
F: is Fixed (NTFS) - 93.16 GiB total, 35.73 GiB free.
G: is Fixed (NTFS) - 93.6 GiB total, 50.36 GiB free.
H: is Fixed (NTFS) - 92.72 GiB total, 80.05 GiB free.
I: is CDROM (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE1 - Maxtor 6B300R0 - 279.48 GiB - 3 partitions
\PARTITION0 - Installable File System - 93.16 GiB - F:
\PARTITION1 - Extended w/Extended Int 13 - 186.32 GiB - G: - H:

\\.\PHYSICALDRIVE0 - Maxtor 6E040L0 - 38.29 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 38.28 GiB - C:

\\.\PHYSICALDRIVE2 - Lexmark USB Mass Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.
FirewallOverride is set.

FW: Bitdefender Firewall v8.0 (BitDefender) Disabled
AV: Bitdefender Antivirus v8.0 (BitDefender) Disabled
AV: The Shield Deluxe 2008 v6.0.2.621 () Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\WINDOWS\\system32\\lxbycoms.exe"="C:\\WINDOWS\\system32\\lxbycoms.exe:*:Disabled:p910 Series Server"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"G:\\bitcomet\\BitComet.exe"="G:\\bitcomet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"G:\\Program files\\bitcomet\\BitComet.exe"="G:\\Program files\\bitcomet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"G:\\Program files\\world of warcraft\\World of Warcraft\\Repair.exe"="G:\\Program files\\world of warcraft\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"G:\\Program files\\world of warcraft\\World of Warcraft\\Launcher.exe"="G:\\Program files\\world of warcraft\\World of Warcraft\\Launcher.exe:*:Enabled:World of Warcraft"
"C:\\Documents and Settings\\Babes\\MUTE\\fileSharingMUTE.exe"="C:\\Documents and Settings\\Babes\\MUTE\\fileSharingMUTE.exe:*:Enabled:fileSharingMUTE"
"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Disabled:File Transfer Program"
"G:\\Program files\\world of warcraft\\World of Warcraft\\BackgroundDownloader.exe"="G:\\Program files\\world of warcraft\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Babes\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=INC-JMKHVTA5XDB
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Babes
LOGONSERVER=\\INC-JMKHVTA5XDB
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=G:\PROGRA~1\MOZILL~1;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Babes\LOCALS~1\Temp
TMP=C:\DOCUME~1\Babes\LOCALS~1\Temp
USERDOMAIN=INC-JMKHVTA5XDB
USERNAME=Babes
USERPROFILE=C:\Documents and Settings\Babes
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Babes (admin)

Administrator.INC-JMKHVTA5XDB (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
A4Tech iWheelWorks V7.40 --> C:\WINDOWS\system32\Amuninst.exe
Ad-Aware SE Professional --> G:\PROGRA~1\AD-AWA~1\UNWISE.EXE G:\PROGRA~1\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Ahead InCD EasyWrite Reader --> C:\WINDOWS\unmrw.exe /UNINSTALL
AOL Coach Version 1.0(Build:20040229.1 uk) --> "C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
AVS DVDMenu Editor 1.2.1.19 --> "C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"
AVS Video Tools 5.6 --> "C:\Program Files\AVSMedia\VideoTools\unins000.exe"
BitComet 0.91 --> G:\Program files\BitComet\uninst.exe
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
CSI-Hard Evidence --> C:\Program Files\InstallShield Installation Information\{FC1C2427-5954-451C-9ED8-A92D48ED7E07}\setup.exe -runfromtemp -l0x0009 -removeonly
Decoupage --> C:\WINDOWS\DecoupageUninstall.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
eMusic - 50 Free MP3 offer --> "G:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
FileSpecs extension for Ad-aware 6 --> \FILESP~1\UNWISE.EXE \FILESP~1\INSTALL.LOG
FinePixViewer Ver.4.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FL Studio 7 --> C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Greeting Card Factory --> MsiExec.exe /X{41DC9B1E-BB88-43F0-B886-99CF70AE6626}
Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
HexDump extension for Ad-aware 6 --> \HEXDUM~1\UNWISE.EXE \HEXDUM~1\INSTALL.LOG
Hide My IP Address --> "C:\Program Files\Hide My IP Address\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
ImageMixer VCD2 for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934E9442-D305-4ACF-AD87-A6C11D677CB9}\setup.exe"
iTunes --> MsiExec.exe /I{B8A204BC-7177-470E-BBDD-47256D05B325}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) SE Development Kit 6 Update 2 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160020}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 3.4.5 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lavasoft VX2 Cleaner --> G:\PROGRA~1\AD-AWA~1\Plugins\UNWISE.EXE G:\PROGRA~1\AD-AWA~1\Plugins\INSTALL.LOG
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark P910 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbyUNST.EXE -NOLICENSE
Lexmark Z600 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
LimeWire 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Max Media Creator --> "C:\Program Files\Datel\Max Media Creator\unins000.exe"
Microsoft Office Publisher 2003 --> MsiExec.exe /I{90190409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Mozilla Firefox (2.0.0.6) --> G:\PROGRA~1\MOZILL~1\uninstall\helper.exe
Mozilla Firefox (2.0.0.7) --> G:\Program files\MOZILL~1\uninstall\helper.exe
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
NETGEAR WG111v3 wireless USB 2.0 adapter --> C:\Program Files\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x0409
NETGEAR WG311T Wireless Adapter --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FC321AD2-48B4-4013-B997-A65D5FBBD006}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NvMixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
PCI Audio Driver --> cmuninst.exe
PrimaScan 2400U --> C:\PROGRA~1\PRIMAS~1\UNWISE.EXE C:\PROGRA~1\PRIMAS~1\INSTALL.LOG
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
Real Alternative 1.48 --> "C:\Program Files\Real Alternative\unins000.exe"
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RegCure 1.3.0.2 --> C:\Program Files\RegCure\uninst.exe
RegistryFix v6.3 --> "C:\Program Files\RegistryFix\unins000.exe"
Sony ACID Pro 6.0 --> MsiExec.exe /X{87DABCF7-2C38-4996-8FBE-053CA6536168}
Sony Media Manager 2.2 --> MsiExec.exe /X{47AA42FD-0450-4CB4-ADAF-B6E770AA7B2F}
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
The Shield Deluxe 2008 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
The Shield Deluxe 2008 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
VideoEgg Publisher --> C:\Documents and Settings\Babes\Application Data\VideoEgg\Uninstall.exe
VideoLAN VLC media player 0.8.6b --> G:\Program files\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Westwood Shared Internet Components --> G:\Program files\Westwood\Internet\UnstllAP.EXE
Win AVI HelixSDK --> "C:\Program Files\WinAVI Video Converter\HelixSDK\unins000.exe"
Winamp (remove only) --> "G:\Program Files\Winamp\UninstWA.exe"
WinAVI DVD Copy --> "C:\Program Files\WinAVI DVD Copy\unins000.exe"
WinAVI Video Capture 2.0 --> "C:\Program Files\WinAVI Video Capture\unins000.exe"
WinAVI Video Converter --> "C:\Program Files\WinAVI Video Converter\unins000.exe"
WinAVI VideoConverter --> "C:\Program Files\WinAVI VideoConverter\unins000.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (3)\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1167 / Error
Event Submitted/Written: 11/21/2007 01:53:38 PM
Event ID/Source: 11704 / MsiInstaller
Event Description:
Product: Adobe Reader 8.1.1 -- Error 1704.An installation for BitDefender Total Security 2008 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Event Record #/Type1161 / Error
Event Submitted/Written: 11/21/2007 07:29:47 AM
Event ID/Source: 490 / ESENT
Event Description:
wuauclt (1752) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type1160 / Error
Event Submitted/Written: 11/21/2007 07:22:32 AM
Event ID/Source: 439 / ESENT
Event Description:
wuauclt (792) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb. Error -1032.

Event Record #/Type1159 / Error
Event Submitted/Written: 11/21/2007 07:22:32 AM
Event ID/Source: 490 / ESENT
Event Description:
wuauclt (792) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type1158 / Error
Event Submitted/Written: 11/21/2007 03:36:24 AM
Event ID/Source: 473 / ESENT
Event Description:
Catalog Database (1668) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb was partially detached. Error -1032 encountered updating database headers.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type14920 / Error
Event Submitted/Written: 11/21/2007 04:29:59 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The HID Input Service service terminated with the following error:
%%2

Event Record #/Type14876 / Error
Event Submitted/Written: 11/21/2007 01:31:41 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The HID Input Service service terminated with the following error:
%%2

Event Record #/Type14840 / Error
Event Submitted/Written: 11/21/2007 11:59:08 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The HID Input Service service terminated with the following error:
%%2

Event Record #/Type14793 / Error
Event Submitted/Written: 11/20/2007 10:53:33 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The HID Input Service service terminated with the following error:
%%2

Event Record #/Type14756 / Error
Event Submitted/Written: 11/20/2007 07:19:25 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The HID Input Service service terminated with the following error:
%%2



-- End of Deckard's System Scanner: finished at 2007-11-21 18:10:53 ------------
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Hello susieb123

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Please download SmitfraudFix (by S!Ri) to your Desktop. Do not run it yet.

--------------------------------------------------------------------

-----------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. (into Normal Mode.)

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:\rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

--------------------------------------------------------------------

Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
· "Security Info"
· "Warning Message"
· "Security Desktop"
· "Warning Homepage"
· "Desktop Uninstall"


Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

--------------------------------------------------------------------

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

--------------------------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Notes

1. If you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

2. As many of the variants of Smitfraud have begun invading the Hosts file, this tool will reset your Hosts file as a necessary precaution. You will also have to reset any specific modifications you may require such as Hosts MVPS.

--------------------------------------------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
        [*]Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
--------------------------------------------------------------------

Run a new scan with dss.exe

--------------------------------------------------------------------

Then post the following logs in your next reply...

c:\rapport.txt
AVG A/S results
Kaspersky results
main.txt
Update on system behavior
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top