#16
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2008
    Posts
    24
    Rep Power
    0
    Uninstall.txt

    Ad-Aware SE Personal
    Adobe Flash Player ActiveX
    Adobe Reader 7.0.9
    Adobe Shockwave Player
    AdwareAlert
    Apple Mobile Device Support
    Apple Software Update
    AutoHotkey 1.0.47.05
    AutoPlay Media Studio 5.0 Professional
    AVG 7.5
    Belkin All-in-One Print Server
    BT Home Hub
    BT Softphone 1.5.3.6
    BT Yahoo! Applications
    Calculatem Pro
    CCleaner (remove only)
    CleanUp!
    Combined Community Codec Pack 2007-02-22
    Compatibility Pack for the 2007 Office system
    Creative EAX Console
    Creative Speaker Settings
    Device Control
    Football Manager 2008
    Free DVD MP3 Ripper 1.12
    Free iPod Video Converter 1.32
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB896344)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    InterVideo WinDVD
    IsoBuster 2.1
    iTunes
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2_05
    Java(TM) SE Runtime Environment 6 Update 1
    Macromedia Dreamweaver 8
    Macromedia Extension Manager
    Macromedia Fireworks 8
    Malwarebytes' Anti-Malware
    Microangelo Toolset 6
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft .NET Framework 3.0
    Microsoft .NET Framework 3.0
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2003 Primary Interop Assemblies
    Microsoft Office Professional Edition 2003
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Visio Professional 2007
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Mindjet MindManager Pro 7
    MSXML 4.0 SP2 (KB936181)
    MSXML 6.0 Parser (KB933579)
    Nero OEM
    NeroVision Express 2 SE
    News File Grabber 4.5.0.2
    NVIDIA Drivers
    ODF Add-in for Microsoft Word
    Panda ActiveScan 2.0
    Poker Tracker Version 2.16.03d
    PokerTracker 3 (remove only)
    PostgreSQL 8.3
    PrimoPDF
    PrimoPDF Redistribution Package
    psqlODBC
    QuickTime
    RealPlayer
    Realtek AC'97 Audio
    Samsung CLP-500 Series
    Security Update for Microsoft .NET Framework 2.0 (KB928365)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913433)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    SetIP
    Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
    Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
    SmartTRAK
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.5.2.20
    SQLite ODBC Driver (remove only)
    SUPERAntiSpyware Free Edition
    Texas Calculatem 4 with "AutoRead"
    TomTom HOME
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920342)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB925876)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Windows Communication Foundation
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Workflow Foundation
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    WinRAR archiver
    WinZip
    WordBiz version 1.8
  2. #17
  3. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    Still more to go...

    Copy and paste the following text in the Quote box below into Notepad.
    Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
    Then double click on the fix.reg file on your desktopand agree to merge it into the registry,then reboot...


    REGEDIT4

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=-

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    I will be back in a bit with more
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  4. #18
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2008
    Posts
    24
    Rep Power
    0
    Task completed ...... Once again thank you
  6. #19
  7. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    Items to uninstall...

    AdwareAlert

    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2_05
    Java(TM) SE Runtime Environment 6 Update 1

    Poker Tracker Version 2.16.03d
    PokerTracker 3 (remove only)

    I see PC tools Antivirus running in your logs but not in your list. Is it already uninstalled?

    * Download the latest version of Java Runtime Environment (JRE) 6 Update 5 HERE
    * Scroll to Java Runtime Environment (JRE) 6 Update 5 and click on the download button
    Click on the Accept License Agreement button
    Next select
    Download Now! Windows Offline Installation, Multi-language

    Now close all windows, including your browser.
    Double click on the Java installation that you downloaded and follow the prompts.

    NEXT

    Open HJT and click scan only, place a check by these entries DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


    O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
    O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)
    O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe (file missing
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)



    Close all windows and browsers except HJT and click fix checked.



    NEXT


    * Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the Quote box below:

    Folder::
    C:\Documents and Settings\Russ\Application Data\Azureus
    C:\Documents and Settings\All Users\Application Data\TEMP
    C:\Program Files\DNA

    * Save this as CFScript.txt and place it on your desktop.





    * Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    * ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    * When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

    With a new HJT log


    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.




    Tell me how things are running...
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  8. #20
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2008
    Posts
    24
    Rep Power
    0
    ComboFix 08-04-08.10 - Russ 2008-04-10 16:54:28.6 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.663 [GMT 1:00]
    Running from: C:\Documents and Settings\Russ\Desktop\Combo-Fix.exe
    Command switches used :: C:\Documents and Settings\Russ\Desktop\CFscript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\TEMP
    C:\Documents and Settings\Russ\Application Data\Azureus
    C:\Documents and Settings\Russ\Application Data\Azureus\.certs
    C:\Documents and Settings\Russ\Application Data\Azureus\.keystore
    C:\Documents and Settings\Russ\Application Data\Azureus\.lock
    C:\Documents and Settings\Russ\Application Data\Azureus\active\20E754084F9F3A4DD20D64125897437434C141CB.dat
    C:\Documents and Settings\Russ\Application Data\Azureus\active\9AE5F41377EE1EB261B7FFD87D41138E37967CAA.dat
    C:\Documents and Settings\Russ\Application Data\Azureus\active\A5922085C756BF356947D8526F8E3D272AB94C31.dat
    C:\Documents and Settings\Russ\Application Data\Azureus\active\cache.dat
    C:\Documents and Settings\Russ\Application Data\Azureus\azureus.config
    C:\Documents and Settings\Russ\Application Data\Azureus\azureus.statistics
    C:\Documents and Settings\Russ\Application Data\Azureus\banips.config
    C:\Documents and Settings\Russ\Application Data\Azureus\dht\addresses.dat
    C:\Documents and Settings\Russ\Application Data\Azureus\dht\contacts.dat
    C:\Documents and Settings\Russ\Application Data\Azureus\dht\diverse.dat
    C:\Documents and Settings\Russ\Application Data\Azureus\dht\general.dat
    C:\Documents and Settings\Russ\Application Data\Azureus\dht\version.dat
    C:\Documents and Settings\Russ\Application Data\Azureus\downloads.config
    C:\Documents and Settings\Russ\Application Data\Azureus\ipfilter.cache
    C:\Documents and Settings\Russ\Application Data\Azureus\logs\alerts_1.log
    C:\Documents and Settings\Russ\Application Data\Azureus\logs\debug_1.log
    C:\Documents and Settings\Russ\Application Data\Azureus\logs\seltrace_1.log
    C:\Documents and Settings\Russ\Application Data\Azureus\logs\SpeedMan_1.log
    C:\Documents and Settings\Russ\Application Data\Azureus\logs\thread_1.log
    C:\Documents and Settings\Russ\Application Data\Azureus\logs\v3.ads_1.log
    C:\Documents and Settings\Russ\Application Data\Azureus\logs\v3.CMsgr_1.log
    C:\Documents and Settings\Russ\Application Data\Azureus\logs\v3.MD_1.log
    C:\Documents and Settings\Russ\Application Data\Azureus\logs\v3.PMsgr_1.log
    C:\Documents and Settings\Russ\Application Data\Azureus\logs\v3.Stream_1.log
    C:\Documents and Settings\Russ\Application Data\Azureus\logs\v3.STres_1.log
    C:\Documents and Settings\Russ\Application Data\Azureus\net\pm_2856.dat
    C:\Documents and Settings\Russ\Application Data\Azureus\tmp\speedTestTorrent.torrent
    C:\Documents and Settings\Russ\Application Data\Azureus\tracker.config
    C:\Documents and Settings\Russ\Application Data\Azureus\unsentdata.config
    C:\Documents and Settings\Russ\Application Data\Azureus\update.log
    C:\Documents and Settings\Russ\Application Data\Azureus\update.properties
    C:\Program Files\DNA
    C:\Program Files\DNA\btdna.exe

    .
    ((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
    .

    2008-04-10 16:56 . 2008-04-10 16:56 53,248 --a------ C:\temp\catchme.dll
    2008-04-10 16:50 . 2008-04-10 16:50 <DIR> d-------- C:\Program Files\Java
    2008-04-10 16:50 . 2008-04-10 16:50 <DIR> d-------- C:\Program Files\Common Files\Java
    2008-04-10 16:50 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-04-10 16:41 . 2008-04-10 16:50 <DIR> d-------- C:\temp\hsperfdata_Russ
    2008-04-10 16:41 . 2008-04-10 16:41 16,384 --a----t- C:\temp\Perflib_Perfdata_544.dat
    2008-04-10 15:58 . 2008-04-10 15:58 <DIR> d-------- C:\temp\WPDNSE
    2008-04-10 15:36 . 2008-04-10 16:56 <DIR> d-------- C:\temp
    2008-04-10 15:31 . 2008-04-10 15:31 <DIR> d-------- C:\Program Files\Trend Micro
    2008-04-09 16:27 . 2008-04-09 17:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-04-09 16:27 . 2008-04-09 16:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-09 16:27 . 2008-04-09 16:27 <DIR> d-------- C:\Documents and Settings\Russ\Application Data\SUPERAntiSpyware.com
    2008-04-09 16:27 . 2008-04-09 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-04-09 16:07 . 2008-04-09 23:55 <DIR> d-------- C:\Program Files\CleanUp!
    2008-04-09 12:42 . 2008-04-09 12:42 <DIR> d-------- C:\Documents and Settings\Russ\Application Data\Malwarebytes
    2008-04-09 12:41 . 2008-04-09 12:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-09 12:41 . 2008-04-09 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-09 10:31 . 2008-04-09 12:08 <DIR> d-------- C:\Documents and Settings\Russ\Application Data\AVG7
    2008-04-09 10:31 . 2008-04-09 10:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-04-09 10:31 . 2008-04-09 10:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-04-09 10:31 . 2008-04-09 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2008-04-09 09:57 . 2008-04-09 09:58 <DIR> d-------- C:\Program Files\CCleaner
    2008-04-09 09:21 . 2008-04-09 09:25 <DIR> d-------- C:\Program Files\Panda Security
    2008-04-09 00:01 . 2008-04-09 00:01 <DIR> d-------- C:\Program Files\Advantage Analysis
    2008-04-08 23:03 . 2008-04-09 04:25 <DIR> d-------- C:\Documents and Settings\Russ\.housecall6.6
    2008-04-08 22:53 . 2008-04-10 10:25 <DIR> d-------- C:\WINDOWS\BDOSCAN8
    2008-04-08 21:25 . 2008-04-10 13:24 <DIR> d-------- C:\Program Files\Comodo
    2008-04-08 21:25 . 2007-11-26 10:38 238,848 --a------ C:\WINDOWS\UNBOC.EXE
    2008-04-08 21:25 . 2007-05-08 17:01 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
    2008-04-08 21:25 . 2004-08-04 13:00 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb
    2008-04-08 21:11 . 2008-04-08 21:11 <DIR> d-------- C:\Program Files\Common Files\PC Tools
    2008-04-03 15:13 . 2008-04-03 15:13 <DIR> d-------- C:\Program Files\iPod
    2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
    2008-03-25 18:35 . 2008-03-25 18:35 <DIR> d-------- C:\Program Files\WordBiz

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-10 12:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-09 16:31 --------- d-----w C:\Program Files\btbb_wcm
    2008-04-09 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-09 15:08 --------- d-----w C:\Documents and Settings\Russ\Application Data\Pro Cycling Manager 2007
    2008-04-03 18:47 --------- d-----w C:\Documents and Settings\Russ\Application Data\Kontiki
    2008-04-03 14:13 --------- d-----w C:\Program Files\iTunes
    2008-04-03 14:12 --------- d-----w C:\Program Files\QuickTime
    2008-03-27 17:19 --------- d-----w C:\Documents and Settings\Russ\Application Data\Apple Computer
    2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-06 15:54 --------- d-----w C:\Program Files\RVG Software
    2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-27 06:20 --------- d-----w C:\Documents and Settings\Russ\Application Data\Microgaming
    2008-02-24 18:33 --------- d-----w C:\Documents and Settings\Russ\Application Data\postgresql
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-18 19:31 --------- d-----w C:\Program Files\Clever Age
    2008-02-18 19:30 --------- d-----w C:\Program Files\MSECache
    2008-02-13 15:21 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-02-12 07:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-02-10 20:52 691,545 ----a-w C:\WINDOWS\unins000.exe
    2008-01-29 11:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
    2008-01-21 20:02 737,280 ----a-w C:\WINDOWS\iun6002.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-10_13.54.55.23 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-03-13 23:31:24 135,168 ----a-w C:\WINDOWS\system32\java.exe
    + 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
    - 2007-03-13 23:31:28 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
    + 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
    - 2007-03-14 01:04:46 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
    + 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
    - 2008-04-10 12:50:45 71,084 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-04-10 14:59:47 71,084 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-04-10 12:50:45 439,572 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-04-10 14:59:47 439,572 ----a-w C:\WINDOWS\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07A11D74-9D25-4fea-A833-8B0D76A5577A}]
    2007-05-18 00:05 71184 -ra------ C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Server Application for MFP Server"="C:\Program Files\Belkin\All-in-One Print Server\ServoApp.exe" [2006-08-03 16:21 290816]
    "MFP Server Agent"="C:\Program Files\Belkin\All-in-One Print Server\MFPAgent.exe" [2006-08-31 08:44 716800]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43 7630848]
    "btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [ ]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-09 15:37 579072]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-09 15:29 219136]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    Trusted 107e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "eyeBeam SIP Client"="C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    "YBrowser"=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    "btbb_wcm_McciTrayApp"=C:\Program Files\btbb_wcm\McciTrayApp.exe
    "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    "P17Helper"=Rundll32 P17.dll,P17Helper
    "WinGuard Pro"=C:\WINDOWS\system32\wgp.exe
    "btbb_McciTrayApp"=C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
    "PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "C:\\WINDOWS\\kdx\\KHost.exe"=
    "C:\\Program Files\\BT Broadband Desktop Help\\bin\\BTHelpBrowser.exe"=
    "C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "C:\\WINDOWS\\system32\\mmc.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

    R2 ALIWEHCD;Belkin All-In-One Print Server Enhanced Controller;C:\WINDOWS\system32\Drivers\mfpec.sys [2006-07-24 17:54]
    R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Poker\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N "pgsql-8.3" -D "C:\Poker\PostgreSQL\8.3\data\" []
    R3 WUSBVBus;MFP Server Detector;C:\WINDOWS\system32\DRIVERS\mfpvbus.sys [2006-08-03 16:52]
    S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 18:34]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-10 13:51:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-10 16:56:12
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    ? [400]

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-04-10 16:56:40
    ComboFix-quarantined-files.txt 2008-04-10 15:56:35
    ComboFix2.txt 2008-04-10 14:36:30
    ComboFix3.txt 2008-04-10 12:55:13
    ComboFix4.txt 2008-04-09 15:59:33
    Pre-Run: 19,981,803,520 bytes free
    Post-Run: 19,966,472,192 bytes free
    .
    2008-04-09 20:07:30 --- E O F ---
  10. #21
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2008
    Posts
    24
    Rep Power
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:58, on 2008-04-10
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
    C:\Program Files\Belkin\All-in-One Print Server\ServoApp.exe
    C:\Program Files\Belkin\All-in-One Print Server\MFPAgent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Server Application for MFP Server] "C:\Program Files\Belkin\All-in-One Print Server\ServoApp.exe"
    O4 - HKLM\..\Run: [MFP Server Agent] "C:\Program Files\Belkin\All-in-One Print Server\MFPAgent.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-1229272821-963894560-1801674531-1014\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'postgres')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://safeharbor.dyndns.org/plugin/h263ctrl.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
    O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) -
    O16 - DPF: {FB5FBB7F-92B4-11D3-8332-00C04F8B209E} (Genesys Webtour Control) - https://content101.mc.iconf.net/gcc_installer/webtour/astbrowserquery.cab
    O16 - DPF: {FBE37597-190E-4A06-978F-E39037999049} (Genesys Component Installer) - http://content101.mc.iconf.net/gcc_installer/gmcinstaller.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Poker\PostgreSQL\8.3\bin\pg_ctl.exe
    O23 - Service: Wireless Adapter Configurator - Tech Mahindra- PUNE - C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 8697 bytes
  12. #22
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2008
    Posts
    24
    Rep Power
    0
    Tell me how things are running...[/QUOTE]

    Problems resolved:-
    Not a valid win32 application - resolved
    no firewall - resolved
    no antivirus will load on startup. - resolved
    cannot boot into 'safe' mode - resolved

    Problems still apparent:-
    Wireless icon indicating not connected but i have a wireless connection - not resolved

    Also if i 'right-click' on any network connection i get the following message 'unexpected error'
  14. #23
  15. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    Lets take a different look


    Download Deckard's System Scanner. HERE

    1. Close all applications and windows.
    2. Double-click on dss.exe to run it, and follow the prompts.
    3. When the scan is complete, a text file will open - Main.txt
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread here.
    5. A folder, C:\Deckard, will also open. In it will be another text file, Extra.txt.
    6. Attach Extra.txt to your post.

    Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

    What Deckard's System Scanner will do:

    * create a new System Restore point in Windows XP and Vista.
    * clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
    * check some important areas of your system and produce a report for your analyst to review. Deckard's System Scanner automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.


    When you get the two notepad documents, click somewhere inside the notepad document and hold CTRL/Control and press A then C. This will "select all" and "copy" the text.

    Please post both of the logs.
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  16. #24
  17. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2008
    Posts
    24
    Rep Power
    0
    Main Txt

    Deckard's System Scanner v20071014.68
    Run by Russ on 2008-04-10 17:34:34
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    14: 2008-04-10 16:34:40 UTC - RP14 - Deckard's System Scanner Restore Point
    13: 2008-04-10 16:07:50 UTC - RP13 - Installed AVG 7.5
    12: 2008-04-10 15:54:18 UTC - RP12 - ComboFix created restore point
    11: 2008-04-10 15:50:07 UTC - RP11 - Installed Java(TM) 6 Update 5
    10: 2008-04-10 15:41:55 UTC - RP10 - Removed Java(TM) SE Runtime Environment 6 Update 1


    -- First Restore Point --
    1: 2008-04-10 09:24:53 UTC - RP1 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Russ.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:35, on 2008-04-10
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Belkin\All-in-One Print Server\ServoApp.exe
    C:\Program Files\Belkin\All-in-One Print Server\MFPAgent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Russ\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Russ.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Server Application for MFP Server] "C:\Program Files\Belkin\All-in-One Print Server\ServoApp.exe"
    O4 - HKLM\..\Run: [MFP Server Agent] "C:\Program Files\Belkin\All-in-One Print Server\MFPAgent.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-1229272821-963894560-1801674531-1014\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'postgres')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://safeharbor.dyndns.org/plugin/h263ctrl.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
    O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) -
    O16 - DPF: {FB5FBB7F-92B4-11D3-8332-00C04F8B209E} (Genesys Webtour Control) - https://content101.mc.iconf.net/gcc_installer/webtour/astbrowserquery.cab
    O16 - DPF: {FBE37597-190E-4A06-978F-E39037999049} (Genesys Component Installer) - http://content101.mc.iconf.net/gcc_installer/gmcinstaller.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Poker\PostgreSQL\8.3\bin\pg_ctl.exe
    O23 - Service: Wireless Adapter Configurator - Tech Mahindra- PUNE - C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 9067 bytes

    -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

    backup-20080410-165327-115 O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file)
    backup-20080410-165327-753 O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
    backup-20080410-165327-833 O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
    backup-20080410-165327-845 O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)
    backup-20080410-165328-131 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    backup-20080410-165328-202 O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    backup-20080410-165328-345 O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe (file missing)
    backup-20080410-165328-858 O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

    -- File Associations -----------------------------------------------------------

    .js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R2 ALIWEHCD (Belkin All-In-One Print Server Enhanced Controller) - c:\windows\system32\drivers\mfpec.sys <Not Verified; None; None mfpec>
    R2 DgiVecp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; DeviceGuys, Inc.; DeviceGuys, Inc. Team MFP for Windows NT, 9x, and 3.1>
    R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
    R3 WUSBVBus (MFP Server Detector) - c:\windows\system32\drivers\mfpvbus.sys <Not Verified; None; None mfpvbus>

    S0 sptd - c:\windows\system32\drivers\sptd.sys (file missing)
    S3 BOCDRIVE (BOClean Kernel Monitor.) - c:\program files\comodo\cboclean\bocdrive.sys (file missing)
    S3 catchme - c:\temp\catchme.sys (file missing)
    S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
    S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 pgsql-8.3 (PostgreSQL Database Server 8.3) - c:\poker\postgresql\8.3\bin\pg_ctl.exe runservice -w -n "pgsql-8.3" -d "c:\poker\postgresql\8.3\data\" <Not Verified; PostgreSQL Global Development Group; PostgreSQL>
    R2 Wireless Adapter Configurator - c:\program files\bt home hub\wireless configuration\wirelessdaemon.exe <Not Verified; Tech Mahindra- PUNE; MBT- PUNE WirelessDaemon>

    S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2008-04-10 14:51:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2008-03-10 and 2008-04-10 -----------------------------

    2008-04-10 17:08:21 0 d-------- C:\Documents and Settings\Russ\Application Data\AVG7
    2008-04-10 17:08:08 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-04-10 17:07:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-04-10 17:05:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2008-04-10 16:56:41 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
    2008-04-10 16:50:09 0 d-------- C:\Program Files\Java
    2008-04-10 16:50:08 0 d-------- C:\Program Files\Common Files\Java
    2008-04-10 15:36:31 0 d-------- C:\temp
    2008-04-10 15:31:54 0 d-------- C:\Program Files\Trend Micro
    2008-04-10 13:50:41 0 dr-h----- C:\Documents and Settings\Russ\Recent
    2008-04-09 16:27:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-04-09 16:27:17 0 d-------- C:\Program Files\SUPERAntiSpyware
    2008-04-09 16:27:17 0 d-------- C:\Documents and Settings\Russ\Application Data\SUPERAntiSpyware.com
    2008-04-09 16:27:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-09 15:31:24 68096 --a------ C:\WINDOWS\zip.exe
    2008-04-09 15:31:24 49152 --a------ C:\WINDOWS\VFind.exe
    2008-04-09 15:31:24 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
    2008-04-09 15:31:24 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
    2008-04-09 15:31:24 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
    2008-04-09 15:31:24 98816 --a------ C:\WINDOWS\sed.exe
    2008-04-09 15:31:24 80412 --a------ C:\WINDOWS\grep.exe
    2008-04-09 15:31:24 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-04-09 12:42:27 0 d-------- C:\Documents and Settings\Russ\Application Data\Malwarebytes
    2008-04-09 12:41:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-09 12:41:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-09 09:57:58 0 d-------- C:\Program Files\CCleaner
    2008-04-09 09:21:02 0 d-------- C:\Program Files\Panda Security
    2008-04-09 00:01:18 0 d-------- C:\Program Files\Advantage Analysis
    2008-04-08 23:03:25 0 d-------- C:\Documents and Settings\Russ\.housecall6.6
    2008-04-08 22:53:42 0 d-------- C:\WINDOWS\BDOSCAN8
    2008-04-08 21:25:26 208896 --a------ C:\WINDOWS\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware>
    2008-04-08 21:25:13 0 d-------- C:\Program Files\Comodo
    2008-04-08 21:11:33 0 d-------- C:\Program Files\Common Files\PC Tools
    2008-04-05 14:54:40 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
    2008-04-03 15:13:06 0 d-------- C:\Program Files\iPod
    2008-03-25 18:35:47 0 d-------- C:\Program Files\WordBiz


    -- Find3M Report ---------------------------------------------------------------

    2008-04-10 16:50:08 0 d-------- C:\Program Files\Common Files
    2008-04-10 13:25:56 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-04-09 17:31:17 0 d-------- C:\Program Files\btbb_wcm
    2008-04-09 16:08:08 0 d-------- C:\Documents and Settings\Russ\Application Data\Pro Cycling Manager 2007
    2008-04-03 19:47:14 0 d-------- C:\Documents and Settings\Russ\Application Data\Kontiki
    2008-04-03 15:13:15 0 d-------- C:\Program Files\iTunes
    2008-04-03 15:12:15 0 d-------- C:\Program Files\QuickTime
    2008-03-27 18:19:51 0 d-------- C:\Documents and Settings\Russ\Application Data\Apple Computer
    2008-03-06 16:54:30 0 d-------- C:\Program Files\RVG Software
    2008-02-27 07:20:21 0 d-------- C:\Documents and Settings\Russ\Application Data\Microgaming
    2008-02-24 19:33:48 0 d-------- C:\Documents and Settings\Russ\Application Data\postgresql
    2008-02-18 20:31:22 0 d-------- C:\Program Files\Clever Age
    2008-02-18 20:30:25 0 d-------- C:\Program Files\MSECache
    2008-02-13 16:21:33 0 d-------- C:\Program Files\Microsoft Silverlight
    2008-02-10 21:54:55 3448 --a------ C:\WINDOWS\unins000.dat
    2008-02-10 21:52:01 691545 --a------ C:\WINDOWS\unins000.exe
    2008-01-21 21:02:47 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07A11D74-9D25-4fea-A833-8B0D76A5577A}]
    2007-05-18 00:05 71184 -ra------ C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Server Application for MFP Server"="C:\Program Files\Belkin\All-in-One Print Server\ServoApp.exe" [2006-08-03 16:21]
    "MFP Server Agent"="C:\Program Files\Belkin\All-in-One Print Server\MFPAgent.exe" [2006-08-31 08:44]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43]
    "btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" []
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-10 17:07]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=1 (0x1)
    "HideStartupScripts"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=1 (0x1)
    "HideStartupScripts"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "eyeBeam SIP Client"="C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    "YBrowser"=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    "btbb_wcm_McciTrayApp"=C:\Program Files\btbb_wcm\McciTrayApp.exe
    "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    "P17Helper"=Rundll32 P17.dll,P17Helper
    "WinGuard Pro"=C:\WINDOWS\system32\wgp.exe
    "btbb_McciTrayApp"=C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
    "PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN




    -- End of Deckard's System Scanner: finished at 2008-04-10 17:36:16 ------------
  18. #25
  19. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2008
    Posts
    24
    Rep Power
    0
    Extra.txt

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Home Edition (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Pentium(R) 4 CPU 3.40GHz
    CPU 1: Intel(R) Pentium(R) 4 CPU 3.40GHz
    Percentage of Memory in Use: 38%
    Physical Memory (total/avail): 1023.48 MiB / 633.07 MiB
    Pagefile Memory (total/avail): 2465.71 MiB / 2122.91 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1936.61 MiB

    C: is Fixed (NTFS) - 49.73 GiB total, 18.48 GiB free.
    D: is Fixed (NTFS) - 183.15 GiB total, 104.92 GiB free.
    E: is CDROM (No Media)
    G: is Removable (No Media)
    H: is Removable (No Media)
    I: is Removable (No Media)
    J: is Removable (No Media)
    K: is CDROM (No Media)
    L: is Removable (No Media)
    M: is Removable (FAT32)

    \\.\PHYSICALDRIVE0 - WDC WD2500JD-55HBB0 - 232.88 GiB - 2 partitions
    \PARTITION0 (bootable) - Installable File System - 49.73 GiB - C:
    \PARTITION1 - Extended w/Extended Int 13 - 183.15 GiB - D:

    \\.\PHYSICALDRIVE1 - Generic STORAGE DEVICE USB Device

    \\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device

    \\.\PHYSICALDRIVE3 - Generic STORAGE DEVICE USB Device

    \\.\PHYSICALDRIVE4 - Generic STORAGE DEVICE USB Device

    \\.\PHYSICALDRIVE5 - Generic STORAGE DEVICE USB Device

    \\.\PHYSICALDRIVE6 - Ut163 USB2FlashStorage USB Device - 3.84 GiB - 1 partition
    \PARTITION0 (bootable) - MS-DOS V4 Huge - 3.84 GiB - M:



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    FirstRunDisabled is set.

    AV: AVG 7.5.519 v7.5.519 (Grisoft)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\H elpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
    "C:\\WINDOWS\\kdx\\KHost.exe"="C:\\WINDOWS\\kdx\\KHost.exe:*:Enabledelivery Manager"
    "C:\\Program Files\\BT Broadband Desktop Help\\bin\\BTHelpBrowser.exe"="C:\\Program Files\\BT Broadband Desktop Help\\bin\\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help Browser"
    "C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe:*:Enabled:LaunchPad"
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
    "C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Russ\Application Data
    CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=RUSS_DESKTOP
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Russ
    LOGONSERVER=\\RUSS_DESKTOP
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0304
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=c:\temp
    TMP=c:\temp
    USERDOMAIN=RUSS_DESKTOP
    USERNAME=Russ
    USERPROFILE=C:\Documents and Settings\Russ
    windir=C:\WINDOWS
    __COMPAT_LAYER=EnableNXShowUI


    -- User Profiles ---------------------------------------------------------------

    Russ (admin)
    postgres (new local)
    postgres1 (new local)
    postgres
    postgres.RUSS_DESKTOP (new local)
    postgres.RUSS_DESKTOP.000
    postgres.RUSS_DESKTOP.001
    Administrator (new local, admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\WINDOWS\Motive\btbb\UninstallHelper.exe
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
    Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
    Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    AutoHotkey 1.0.47.05 --> C:\Program Files\AutoHotkey\uninst.exe
    AutoPlay Media Studio 5.0 Professional --> C:\WINDOWS\iun6002.exe "C:\Program Files\AutoPlay Media Studio 5.0 Professional\Uninstall\irunin.ini"
    AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
    Belkin All-in-One Print Server --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94AEAB3C-36E5-4CB7-BEE3-2B7C3C78E9E6}\Setup.exe" -l0x9
    BT Home Hub --> C:\Program Files\BT Home Hub\Uninstall.exe
    BT Softphone 1.5.3.6 --> "C:\Program Files\BT Broadband Talk Softphone\unins000.exe"
    BT Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
    Calculatem Pro --> "C:\Program Files\CalculatemPro\unins000.exe"
    CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
    CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
    Combined Community Codec Pack 2007-02-22 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
    Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Creative EAX Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove
    Creative Speaker Settings --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
    Device Control --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
    Football Manager 2008 --> "C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
    Free DVD MP3 Ripper 1.12 --> "C:\Program Files\Free DVD MP3 Ripper\unins000.exe"
    Free iPod Video Converter 1.32 --> "C:\Program Files\Free iPod Video Converter\unins000.exe"
    FreePHG V2.12 --> C:\Program Files\FreePHG\Uninstal.exe
    High Definition Audio Driver Package - KB835221 -->
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
    IsoBuster 2.1 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
    iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
    Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
    Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
    Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
    Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microangelo Toolset 6 --> MsiExec.exe /I{71414EC2-0684-4A15-A85A-E0E259D117AF}
    Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office 2003 Primary Interop Assemblies --> MsiExec.exe /X{91490409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Visio MUI (English) 2007 --> MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
    Microsoft Office Visio Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
    Microsoft Office Visio Professional 2007 --> MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
    Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mindjet MindManager Pro 7 --> MsiExec.exe /I{BEA0F6C2-EC26-4366-90AE-D5E4CE7FD5EB}
    MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    NeroVision Express 2 SE --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    News File Grabber 4.5.0.2 --> "C:\Program Files\RSBR-Software\News File Grabber\unins000.exe"
    NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    ODF Add-in for Microsoft Word --> MsiExec.exe /I{8D774B5B-A1D9-45B3-AFB4-3F85604961BC}
    Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
    PostgreSQL 8.3 --> MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}
    PrimoPDF --> "C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
    PrimoPDF Redistribution Package --> MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
    psqlODBC --> MsiExec.exe /I{838E187D-8B7A-473D-B93C-C8E970B15D2B}
    QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
    Samsung CLP-500 Series --> "C:\WINDOWS\Samsung\CLP500\setup.exe" /L0009
    SetIP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C206015D-DAC5-407C-A54B-6D7776A0881C}\Setup.exe" -l0x9
    SmartTRAK --> C:\PROGRA~1\SMARTT~1\\UNWISE.EXE C:\PROGRA~1\SMARTT~1\\INSTALL.LOG
    Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
    Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
    SQLite ODBC Driver (remove only) --> C:\Program Files\SQLite ODBC Driver\Uninstall.exe
    SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    Texas Calculatem 4 with "AutoRead" --> "C:\Program Files\TexasCalculatem\unins000.exe"
    TomTom HOME --> C:\Program Files\InstallShield Installation Information\{3C9EEFEF-1F71-4213-AC41-4BF5FE0FED95}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
    Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
    Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
    Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
    WordBiz version 1.8 --> "C:\Program Files\WordBiz\unins000.exe"
    XML Paper Specification Shared Components Pack 1.0 -->


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type3931 / Error
    Event Submitted/Written: 04/10/2008 01:51:52 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application Cleanup.exe, version 4.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Event Record #/Type3928 / Error
    Event Submitted/Written: 04/10/2008 01:49:35 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application Cleanup.exe, version 4.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Event Record #/Type3927 / Error
    Event Submitted/Written: 04/10/2008 01:49:32 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application Cleanup.exe, version 4.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Event Record #/Type3911 / Error
    Event Submitted/Written: 04/10/2008 00:05:59 AM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application Cleanup.exe, version 4.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Event Record #/Type3910 / Error
    Event Submitted/Written: 04/10/2008 00:05:57 AM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application Cleanup.exe, version 4.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type22198 / Error
    Event Submitted/Written: 04/10/2008 05:11:11 PM
    Event ID/Source: 7026 / Service Control Manager
    Event Description:
    The following boot-start or system-start driver(s) failed to load:
    sptd

    Event Record #/Type22197 / Error
    Event Submitted/Written: 04/10/2008 05:11:11 PM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    The Belkin All-In-One Print Server Enhanced Controller service failed to start due to the following error:
    %%1058

    Event Record #/Type22164 / Error
    Event Submitted/Written: 04/10/2008 05:06:37 PM
    Event ID/Source: 7026 / Service Control Manager
    Event Description:
    The following boot-start or system-start driver(s) failed to load:
    sptd

    Event Record #/Type22163 / Error
    Event Submitted/Written: 04/10/2008 05:06:32 PM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    The Belkin All-In-One Print Server Enhanced Controller service failed to start due to the following error:
    %%1058

    Event Record #/Type22156 / Error
    Event Submitted/Written: 04/10/2008 05:04:36 PM
    Event ID/Source: 7026 / Service Control Manager
    Event Description:
    The following boot-start or system-start driver(s) failed to load:
    Fips
    intelppm
    SASDIFSV
    SASKUTIL
    sptd



    -- End of Deckard's System Scanner: finished at 2008-04-10 17:36:16 ------------
  20. #26
  21. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    Do this again please..

    Copy and paste the following text in the Quote box below into Notepad.
    Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
    Then double click on the fix.reg file on your desktopand agree to merge it into the registry,then reboot...


    REGEDIT4
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "Trusted 107e"=-

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=-

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  22. #27
  23. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2008
    Posts
    24
    Rep Power
    0
    Done

    Do you want new log files?

    Deckard's System Scanner v20071014.68
    Run by Russ on 2008-04-10 17:50:59
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Russ.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:51, on 2008-04-10
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Belkin\All-in-One Print Server\ServoApp.exe
    C:\Program Files\Belkin\All-in-One Print Server\MFPAgent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Russ\Desktop\dss.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Russ.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Server Application for MFP Server] "C:\Program Files\Belkin\All-in-One Print Server\ServoApp.exe"
    O4 - HKLM\..\Run: [MFP Server Agent] "C:\Program Files\Belkin\All-in-One Print Server\MFPAgent.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-1229272821-963894560-1801674531-1014\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'postgres')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://safeharbor.dyndns.org/plugin/h263ctrl.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
    O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) -
    O16 - DPF: {FB5FBB7F-92B4-11D3-8332-00C04F8B209E} (Genesys Webtour Control) - https://content101.mc.iconf.net/gcc_installer/webtour/astbrowserquery.cab
    O16 - DPF: {FBE37597-190E-4A06-978F-E39037999049} (Genesys Component Installer) - http://content101.mc.iconf.net/gcc_installer/gmcinstaller.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Poker\PostgreSQL\8.3\bin\pg_ctl.exe
    O23 - Service: Wireless Adapter Configurator - Tech Mahindra- PUNE - C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 9134 bytes

    -- Files created between 2008-03-10 and 2008-04-10 -----------------------------

    2008-04-10 17:08:21 0 d-------- C:\Documents and Settings\Russ\Application Data\AVG7
    2008-04-10 17:08:08 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-04-10 17:07:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-04-10 17:05:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2008-04-10 16:56:41 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
    2008-04-10 16:50:09 0 d-------- C:\Program Files\Java
    2008-04-10 16:50:08 0 d-------- C:\Program Files\Common Files\Java
    2008-04-10 15:36:31 0 d-------- C:\temp
    2008-04-10 15:31:54 0 d-------- C:\Program Files\Trend Micro
    2008-04-10 13:50:41 0 dr-h----- C:\Documents and Settings\Russ\Recent
    2008-04-09 16:27:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-04-09 16:27:17 0 d-------- C:\Program Files\SUPERAntiSpyware
    2008-04-09 16:27:17 0 d-------- C:\Documents and Settings\Russ\Application Data\SUPERAntiSpyware.com
    2008-04-09 16:27:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-09 15:31:24 68096 --a------ C:\WINDOWS\zip.exe
    2008-04-09 15:31:24 49152 --a------ C:\WINDOWS\VFind.exe
    2008-04-09 15:31:24 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
    2008-04-09 15:31:24 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
    2008-04-09 15:31:24 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
    2008-04-09 15:31:24 98816 --a------ C:\WINDOWS\sed.exe
    2008-04-09 15:31:24 80412 --a------ C:\WINDOWS\grep.exe
    2008-04-09 15:31:24 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-04-09 12:42:27 0 d-------- C:\Documents and Settings\Russ\Application Data\Malwarebytes
    2008-04-09 12:41:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-09 12:41:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-09 09:57:58 0 d-------- C:\Program Files\CCleaner
    2008-04-09 09:21:02 0 d-------- C:\Program Files\Panda Security
    2008-04-09 00:01:18 0 d-------- C:\Program Files\Advantage Analysis
    2008-04-08 23:03:25 0 d-------- C:\Documents and Settings\Russ\.housecall6.6
    2008-04-08 22:53:42 0 d-------- C:\WINDOWS\BDOSCAN8
    2008-04-08 21:25:26 208896 --a------ C:\WINDOWS\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware>
    2008-04-08 21:25:13 0 d-------- C:\Program Files\Comodo
    2008-04-08 21:11:33 0 d-------- C:\Program Files\Common Files\PC Tools
    2008-04-05 14:54:40 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
    2008-04-03 15:13:06 0 d-------- C:\Program Files\iPod
    2008-03-25 18:35:47 0 d-------- C:\Program Files\WordBiz


    -- Find3M Report ---------------------------------------------------------------

    2008-04-10 16:50:08 0 d-------- C:\Program Files\Common Files
    2008-04-10 13:25:56 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-04-09 17:31:17 0 d-------- C:\Program Files\btbb_wcm
    2008-04-09 16:08:08 0 d-------- C:\Documents and Settings\Russ\Application Data\Pro Cycling Manager 2007
    2008-04-03 19:47:14 0 d-------- C:\Documents and Settings\Russ\Application Data\Kontiki
    2008-04-03 15:13:15 0 d-------- C:\Program Files\iTunes
    2008-04-03 15:12:15 0 d-------- C:\Program Files\QuickTime
    2008-03-27 18:19:51 0 d-------- C:\Documents and Settings\Russ\Application Data\Apple Computer
    2008-03-06 16:54:30 0 d-------- C:\Program Files\RVG Software
    2008-02-27 07:20:21 0 d-------- C:\Documents and Settings\Russ\Application Data\Microgaming
    2008-02-24 19:33:48 0 d-------- C:\Documents and Settings\Russ\Application Data\postgresql
    2008-02-18 20:31:22 0 d-------- C:\Program Files\Clever Age
    2008-02-18 20:30:25 0 d-------- C:\Program Files\MSECache
    2008-02-13 16:21:33 0 d-------- C:\Program Files\Microsoft Silverlight
    2008-02-10 21:54:55 3448 --a------ C:\WINDOWS\unins000.dat
    2008-02-10 21:52:01 691545 --a------ C:\WINDOWS\unins000.exe
    2008-01-21 21:02:47 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07A11D74-9D25-4fea-A833-8B0D76A5577A}]
    2007-05-18 00:05 71184 -ra------ C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Server Application for MFP Server"="C:\Program Files\Belkin\All-in-One Print Server\ServoApp.exe" [2006-08-03 16:21]
    "MFP Server Agent"="C:\Program Files\Belkin\All-in-One Print Server\MFPAgent.exe" [2006-08-31 08:44]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43]
    "btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" []
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-10 17:07]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=1 (0x1)
    "HideStartupScripts"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=1 (0x1)
    "HideStartupScripts"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "eyeBeam SIP Client"="C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    "YBrowser"=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    "btbb_wcm_McciTrayApp"=C:\Program Files\btbb_wcm\McciTrayApp.exe
    "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    "P17Helper"=Rundll32 P17.dll,P17Helper
    "WinGuard Pro"=C:\WINDOWS\system32\wgp.exe
    "btbb_McciTrayApp"=C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
    "PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN




    -- End of Deckard's System Scanner: finished at 2008-04-10 17:51:28 ------------
  24. #28
  25. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    Now to delete some services

    Click Start > Run and copy and paste these commands hitting enter after each one:..


    sc stop sptd

    sc delete sptd

    sc stop BOCDRIVE

    sc delete BOCDRIVE



    As for your wireless issue, The only thing I can think of is to uninstall and reinstall the software.


    Are there any other issues?
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  26. #29
  27. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2008
    Posts
    24
    Rep Power
    0
    Porthos,

    Everything looks fine apart for the network connection issue. Thank you for all of your hard work it is really appreciated.

    regards

    Daarc
  28. #30
  29. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    You have several startups disabled with msconfig.

    Since I see you have ccleaner installed you can remove those for good.

    Enable all of those disabled startups and start ccleaner and go to the tools/startups section and delete these that are not being used.

    "eyeBeam SIP Client"="C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"


    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    "YBrowser"=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    "btbb_wcm_McciTrayApp"=C:\Program Files\btbb_wcm\McciTrayApp.exe
    "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    "P17Helper"=Rundll32 P17.dll,P17Helper
    "WinGuard Pro"=C:\WINDOWS\system32\wgp.exe
    "btbb_McciTrayApp"=C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
    "PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.


IMN logo majestic logo threadwatch logo seochat tools logo