Can't get rid of virus

qwertplaywert

Hi. Got some sort of virus on my laptop yesterday. Tried alot of programs to get rid of viruses[programs for anti spyware,anti rootkit,anti malware,hi-jack this, basically everything]. Tried the usually rec's[all sorts of avg,spybot:search and destroy,etc] and they deleted alot of stuff but I'm sure the main virus is still there. It is an icon in my lower right side toolbar, with a flashing image constantly changing from a question mark to an x. Every 10 minutes or so, it pops up saying the following:
Attactment 1


The x in the corner looks like this:
Attactment 2
The question mark:
Attactment 3



Also, if I do a search on internet explorer 7 using my google toolbar, it uses www.asearchgate.com to get results, which all come up as if I just searched ''sex''.

Any help in getting rid of these fiends?

dazftw

Did you try system recovery?

I got a virus before tried everything and then system recovery.. Didnt work had to get the thing reformatted! Lets hope it works for you.

qwertplaywert

May I, a nOOb, ask what system recovery is? Is my guess that it wipes your operating sytems settings and puts them back to default correct? Does it delete normal files on the pc?

ActorSeeksJob

Do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

qwertplaywert

Deckard's System Scanner v20071014.68
Run by eugenemcardle on 2008-01-06 21:41:04
Computer is in Normal Mode.

---

-- System Restore

---

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-01-06 21:41:16 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 495 MiB (512 MiB recommended).


-- HijackThis (run as eugenemcardle.exe)

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:02, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\LDClient\LOCALSCH.EXE
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Reflection\rtsserv.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\UPHClean\uphclean.exe
C:\LDClient\wuser32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\eugenemcardle\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\eugenemcardle.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 80.249.251.22
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 255.255.255.224:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {2012F73E-7427-4AD8-9E9D-6CBA6E0053D4} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = welfare.irlgov.ie
O17 - HKLM\Software\..\Telephony: DomainName = welfare.irlgov.ie
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED9222C5-261E-483C-B72F-E1C6F11C3A88}: Domain = welfare.irlgov.ie
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED9222C5-261E-483C-B72F-E1C6F11C3A88}: NameServer = 80.249.249.249,80.249.249.250
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = welfare.irlgov.ie
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = welfare.irlgov.ie
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = welfare.irlgov.ie
O22 - SharedTaskScheduler: end - {aaad3a22-1c07-45f5-bfb3-e9a8c3b382fe} - C:\WINDOWS\system32\fsehfcu.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\LDClient\LOCALSCH.EXE
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LANDesk(R) Management Agent - Unknown owner - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Reflection TimeSync - WRQ, Inc. - C:\Program Files\Reflection\rtsserv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Intel Remote Control Service (Wuser32) - LANDesk Software Ltd. - C:\LDClient\wuser32.exe
O24 - Desktop Component 0: (no name) - about:home

--
End of file - 11279 bytes

-- File Associations

---

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R0 TVALZ (TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver) - c:\windows\system32\drivers\tvalz.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Common Modules>
R1 TMEI3E - c:\windows\system32\drivers\tmei3e.sys <Not Verified; Toshiba Corporation; Toshiba Mobile Extension>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R3 Intel Remote Control Helper - c:\windows\system32\drivers\rch.sys

S3 AdfuUd (USB 2.0 (FS) ADFU Device) - c:\windows\system32\drivers\adfuud.sys (file missing)
S3 Bmf (Bmf Service) - c:\windows\system32\drivers\bmf.sys (file missing)
S3 BRGSp50 (BRGSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\brgsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 DCamUSBSQTECH (Dual-Mode DSC(2770)) - c:\windows\system32\drivers\sqcaptur.sys <Not Verified; Service & Quality Technology.; SQ913>
S3 ZDCNDIS5 (ZDCNDIS5 NDIS Protocol Driver) - c:\windows\system32\zdcndis5.sys <Not Verified; ZDC., Inc. (ZDC); ZDC Rawether for Windows>
S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Intel Local Scheduler Service - c:\ldclient\localsch.exe <Not Verified; LANDesk Software, Ltd.; LANDesk® Management Suite>
R2 Intel PDS - c:\windows\system32\cba\pds.exe <Not Verified; Intel® Corporation; Intel Common Base Agent>
R2 LANDesk(R) Management Agent - "c:\program files\landesk\shared files\residentagent.exe" <Not Verified; ; LANDesk® Management Suite>
R2 Reflection TimeSync - "c:\program files\reflection\rtsserv.exe" <Not Verified; WRQ, Inc.; Reflection TimeSync>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>
R2 Wuser32 (Intel Remote Control Service) - c:\ldclient\wuser32.exe <Not Verified; LANDesk Software Ltd.; LANDesk® Management Suite>

S4 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
S4 Tmesrv (Tmesrv3) - "c:\program files\toshiba\tme3\tmesrv31.exe" /service <Not Verified; TOSHIBA; TOSHIBA MobileExtension Service>


-- Device Manager: Disabled

---

Class GUID: {4D36E970-E325-11CE-BFC1-08002BE10318}
Description: M-Systems DiskOnChip 2000
Device ID: ROOT\MTD\0000
Manufacturer: M-Systems Flash Disk Pioneers
Name: M-Systems DiskOnChip 2000
PNP Device ID: ROOT\MTD\0000
Service: tffsport


-- Scheduled Tasks

---

2008-01-06 21:45:00 438 --ah

---

C:\WINDOWS\Tasks\User_Feed_Synchronization-{5A2A246F-0A9A-45DA-9274-47403BA5E7C3}.job
2008-01-06 15:05:32 330 --ah

---

C:\WINDOWS\Tasks\MP Scheduled Scan.job
2005-05-31 12:04:56 428 --a

---

C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2007-12-06 and 2008-01-06

---

2008-01-06 03:17:22 0 d

---

C:\VundoFix Backups
2008-01-06 02:52:11 0 d

---

C:\Documents and Settings\eugenemcardle\.housecall6.6
2008-01-06 02:40:05 0 d

---

C:\Program Files\SpywareBlaster
2008-01-06 02:37:35 0 d

---

C:\Program Files\Trend Micro
2008-01-06 02:36:30 25600 --a

---

C:\WINDOWS\system32\WS2Fix.exe
2008-01-06 02:36:30 81920 --a

---

C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-06 02:36:29 289144 --a

---

C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-06 02:36:29 288417 --a

---

C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-01-06 02:36:29 53248 --a

---

C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-01-06 02:36:29 51200 --a

---

C:\WINDOWS\system32\dumphive.exe
2008-01-06 01:13:51 0 d

---

C:\Program Files\Lavasoft
2008-01-06 01:13:50 0 d

---

C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-06 00:33:00 0 d

---

C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 16:36:02 0 d

---

C:\Documents and Settings\eugenemcardle\Application Data\WinAnonymous
2008-01-05 16:31:49 0 d

---

C:\Documents and Settings\All Users\Application Data\WinAnonymous
2008-01-05 16:31:31 0 d

---

C:\Program Files\Common Files\WinAnonymous
2008-01-05 15:01:52 0 d-a

---

C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-02 13:39:13 0 d

---

C:\Program Files\Bmf
2007-12-31 10:41:50 1158 --a

---

C:\WINDOWS\mozver.dat
2007-12-31 10:39:17 0 --a

---

C:\WINDOWS\nsreg.dat
2007-12-31 10:39:09 0 d

---

C:\Documents and Settings\eugenemcardle\Application Data\Mozilla
2007-12-30 18:31:43 24576 --a

---

C:\WINDOWS\system32\ZyDelReg.exe <Not Verified; ; ZyDelReg Application>
2007-12-30 18:31:43 81920 --a

---

C:\WINDOWS\system32\ZDPN50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-12-30 18:31:43 15872 --a

---

C:\WINDOWS\system32\InsDrvZD64.DLL <Not Verified; ; InsDrvZD Dynamic Link Library>
2007-12-30 18:31:43 28672 --a

---

C:\WINDOWS\system32\InsDrvZD.dll <Not Verified; ; InsDrvZD Dynamic Link Library>
2007-12-30 18:31:36 102400 --a

---

C:\WINDOWS\system32\W32N55.DLL <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-12-30 18:31:33 32256 --a

---

C:\WINDOWS\system32\Zdcndis5a64.sys <Not Verified; ZDC., Inc. (ZDC); ZDC Rawether for Windows>
2007-12-30 18:31:33 19072 --a

---

C:\WINDOWS\system32\ZDCndis5.sys <Not Verified; ZDC., Inc. (ZDC); ZDC Rawether for Windows>
2007-12-30 18:31:33 102400 --a

---

C:\WINDOWS\system32\ZDCN50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-12-30 18:31:33 31744 --a

---

C:\WINDOWS\system32\drivers\ZDPSp50a64.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-12-30 18:31:33 17664 --a

---

C:\WINDOWS\system32\drivers\ZDPSp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-12-30 18:31:33 17151 --a

---

C:\WINDOWS\system32\drivers\ZDPNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-12-30 18:31:33 20608 --a

---

C:\WINDOWS\system32\drivers\BRGSp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-12-29 13:39:51 0 d

---

C:\Program Files\Windows Media Connect 2
2007-12-29 13:36:20 0 d

---

C:\WINDOWS\system32\drivers\UMDF
2007-12-29 11:42:04 0 d

---

C:\Program Files\Kontiki
2007-12-29 11:42:01 0 d

---

C:\Program Files\Channel4
2007-12-29 11:42:01 0 d

---

C:\Documents and Settings\All Users\Application Data\Kontiki
2007-12-29 11:41:21 0 d

---

C:\Documents and Settings\All Users\Application Data\Channel4
2007-12-28 20:27:00 0 d

---

C:\Program Files\uTorrent
2007-12-28 19:59:43 0 d

---

C:\Documents and Settings\All Users\Application Data\Azureus
2007-12-28 19:59:37 0 d

---

C:\Documents and Settings\eugenemcardle\Application Data\Azureus
2007-12-28 19:57:40 0 d

---

C:\Program Files\Azureus
2007-12-18 18:38:04 0 d

---

C:\Program Files\iDump
2007-12-18 18:33:01 0 d

---

C:\Program Files\Tansee iPod Transfer
2007-12-13 19:14:06 0 d

---

C:\Program Files\Soulseek
2007-12-10 20:53:17 0 d

---

C:\Documents and Settings\eugenemcardle\Application Data\Free Download Manager


-- Find3M Report

---

2008-01-06 15:05:20 0 d

---

C:\Program Files\Symantec AntiVirus
2008-01-06 02:36:17 0 d

---

C:\Program Files\Free Download Manager
2008-01-06 00:33:00 0 d

---

C:\Program Files\Common Files
2008-01-05 21:54:26 0 d

---

C:\Program Files\Common Files\Real
2008-01-05 21:53:56 0 d

---

C:\Documents and Settings\eugenemcardle\Application Data\Real
2008-01-04 18:08:54 13312 --a-s---- C:\WINDOWS\system32\fsehfcu.dll
2008-01-03 19:59:46 0 d

---

C:\Documents and Settings\eugenemcardle\Application Data\uTorrent
2007-12-31 19:14:19 0 d--h

---

C:\Program Files\InstallShield Installation Information
2007-12-31 10:41:56 0 d

---

C:\Documents and Settings\eugenemcardle\Application Data\Adobe
2007-12-28 15:32:29 0 d

---

C:\Program Files\DivX
2007-12-18 22:08:29 0 d

---

C:\Program Files\Handbrake
2007-12-09 17:07:19 0 d

---

C:\Program Files\iTunes
2007-12-02 22:04:31 0 d

---

C:\Program Files\iPod
2007-12-02 22:02:50 0 d

---

C:\Program Files\QuickTime
2007-12-02 22:00:11 0 d

---

C:\Program Files\Apple Software Update
2007-12-02 21:59:30 0 d

---

C:\Program Files\Common Files\Apple
2007-12-02 16:54:58 0 d

---

C:\Program Files\Red Kawa


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2012F73E-7427-4AD8-9E9D-6CBA6E0053D4}]
C:\Program Files\Video Add-on\isfmdl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/10/2004 16:56]
"TPSMain"="TPSMain.exe" [28/06/2004 08:29 C:\WINDOWS\system32\TPSMain.exe]
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.exe" [13/04/2004 10:54]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe" [19/08/2004 15:11]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [05/08/2004 16:23]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [24/03/2004 10:56]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [03/08/2003 15:01]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [26/01/2004 17:03]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [26/01/2004 17:03]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/06/2004 19:31]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [30/10/2003 15:46]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 18:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 23:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 16:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{aaad3a22-1c07-45f5-bfb3-e9a8c3b382fe}"= C:\WINDOWS\system32\fsehfcu.dll [04/01/2008 18:08 13312]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=&quot;Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Inventory Scan.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Inventory Scan.LNK
backup=C:\WINDOWS\pss\Inventory Scan.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
000StTHK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
C:\WINDOWS\system32\00THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csr]
csrrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
c:\windows\newname12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\services32]
C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
TFncKy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
TFNF5.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchED]
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cmdService"=2 (0x2)
"CFSvcs"=2 (0x2)




-- Hosts

---

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7822 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-01-06 21:45:55

---

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

---

-- System Information

---

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) M processor 1.60GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 494.8 MiB / 155.41 MiB
Pagefile Memory (total/avail): 1154.82 MiB / 797.84 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.21 MiB

C: is Fixed (NTFS) - 37.25 GiB total, 11.42 GiB free.
is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK4025GAS - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.25 GiB - C:



-- Security Center

---

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v9.0.2.1000 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Disabled:RTC App Sharing"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.6.6337-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.6.6337-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Downloads\\utorrent.exe"="C:\\Downloads\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe:*:Enabled:Rise of Nations"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Red Alert 2\\game.exe"="C:\\Program Files\\Red Alert 2\\game.exe:*:Enabled:Main executable for Red Alert 2"
"C:\\Westwood\\RA2\\game.exe"="C:\\Westwood\\RA2\\game.exe:*:Enabled:Main executable for Red Alert 2"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:btdna"
"C:\\Program Files\\ZyXEL\\ZyXEL G-202 Wireless Adapter Utility\\ZyXEL G-202.exe"="C:\\Program Files\\ZyXEL\\ZyXEL G-202 Wireless Adapter Utility\\ZyXEL G-202.exe:*:Enabled:ZyXEL G-202 Wireless Adapter Utility"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"


-- Environment Variables

---

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\eugenemcardle\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PCDUD0152
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\eugenemcardle
LDMS_LOCAL_DIR=C:\LDClient\Data
LOGONSERVER=\\PCDUD0152
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\EUGENE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\EUGENE~1\LOCALS~1\Temp
USERDOMAIN=PCDUD0152
USERNAME=eugenemcardle
USERPROFILE=C:\Documents and Settings\eugenemcardle
windir=C:\WINDOWS


-- User Profiles

---

eugenemcardle (admin)
Administrator (admin)
peterconnolly (admin)


-- Add/Remove Programs

---

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
4oD --> MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A00000000001}
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D} /l1033
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decoder Pak for Windows XP --> MsiExec.exe /X{92C5DB3D-9D6F-4324-BB11-57825F4C2635}
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
FinePixViewer Ver.3.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{24ED4D80-8294-11D5-96CD-0040266301AD} /l1033
Free Download Manager 2.5 --> "C:\Program Files\Free Download Manager\unins000.exe"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
iDump Build: 24 --> C:\Program Files\iDump\uninst.exe
ImageMixer VCD for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
InterVideo WinDVD for Toshiba --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140010_6a152\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LANDesk(R) Common Base Agent 8 --> MsiExec.exe /X{45734758-4041-4EA8-8E62-DE661FC3879C}
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Microsoft Bootvis --> MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office OneNote 2003 --> MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft Tool Web Package : EXCTRLST.EXE --> MsiExec.exe /X{B0650E3D-FDCA-4908-B74B-0CC1731BDB93}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Modem Setup for Nokia 6310i --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Nokia\Modem Setup for Nokia 6310i\Setup.exe"
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
My DSC --> C:\Program Files\InstallShield Installation Information\{225af9a1-b556-88d5-94aa-0010b5426419}\setup.exe
Nokia Connectivity Cable Driver --> MsiExec.exe /X{B7757137-0A71-4A9F-8A82-1AE4A1B73420}
Nokia PC Connectivity SDK 3.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D2BAD7A0-610B-4691-A054-D8A9F15FF708}
Nokia PC Suite --> MsiExec.exe /I{FF059F2A-62A7-4E6A-B305-559591D2769E}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Pelles C for Windows (remove only) --> "C:\Program Files\PellesC\uninst.exe"
PL-2303 USB-to-Serial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
Reflection for UNIX and OpenVMS 9.0 --> MsiExec.exe /I{0E8949A7-CBBA-4AF6-B209-1C060164755E}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SigmaTel AC97 Audio Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tansee iPod Transfer v3.62 --> "C:\Program Files\Tansee iPod Transfer\unins000.exe"
Tapani Patch Addition --> rundll32.exe dfshim.dll,ShArpMaintain Tapani Patch Addition.application, Culture=neutral, PublicKeyToken=b9cb9cadbaafeb31, processorArchitecture=msil
TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -l0x9
TOSHIBA Controls --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Display Devices Change Utility --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TDspBtn.inf,DefaultUninstall,5
TOSHIBA Hotkey Utility for Display Devices --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA Manuals --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}\Setup.exe" -l0x9
TOSHIBA Mobile Extension3 for Windows XP V3.65.00.XP --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TME3\Uninst.isu" -c"C:\Program Files\TOSHIBA\TME3\uninstx.dll"
TOSHIBA PC Diagnostic Tool --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA TouchPad On/Off Utility V2.05.00 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TouchED\Uninst.isu" -c"C:\Program Files\TOSHIBA\TouchED\tpedinst.dll"
TOSHIBA Utilities --> tutildel.exe
TOSHIBA Zooming Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\setup.exe"
Ulead Photo Express 4.0 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}\setup.exe"
User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
Videora iPod classic Converter 3.05 --> C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Westwood Shared Internet Components --> C:\Westwood\Internet\UnstllAP.EXE
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Vista Upgrade Advisor --> MsiExec.exe /I{B79FBFDD-8B0C-4B8E-B70E-499E39978281}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}


-- Application Event Log

---

Event Record #/Type25603 / Success
Event Submitted/Written: 01/06/2008 03:06:14 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type25600 / Error
Event Submitted/Written: 01/06/2008 03:03:46 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type25594 / Error
Event Submitted/Written: 01/06/2008 03:02:46 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event Record #/Type25585 / Success
Event Submitted/Written: 01/06/2008 01:21:08 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type25582 / Error
Event Submitted/Written: 01/06/2008 00:13:52 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.



-- Security Event Log

---

No Errors/Warnings found.


-- System Event Log

---

Event Record #/Type54780 / Warning
Event Submitted/Written: 01/06/2008 09:45:20 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PCDUD015227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PCDUD015227 can't undo changes that you allow.

For more information please see the following:
%PCDUD0152275

Scan ID: {0C73FD97-A22B-4612-B0BA-9AB0EBE84391}

User: PCDUD0152\eugenemcardle

Name: %PCDUD0152271

ID: %PCDUD0152272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %PCDUD0152276

Alert Type: %PCDUD0152278

Detection Type: 1.1.1593.02

Event Record #/Type54779 / Warning
Event Submitted/Written: 01/06/2008 09:45:20 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PCDUD015227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PCDUD015227 can't undo changes that you allow.

For more information please see the following:
%PCDUD0152275

Scan ID: {428B25AD-D5D2-47EC-A5E0-57B1E3D1BD2B}

User: PCDUD0152\eugenemcardle

Name: %PCDUD0152271

ID: %PCDUD0152272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %PCDUD0152276

Alert Type: %PCDUD0152278

Detection Type: 1.1.1593.02

Event Record #/Type54774 / Error
Event Submitted/Written: 01/06/2008 07:02:48 PM
Event ID/Source: 5719 / NETLOGON
Event Description:
No Domain Controller is available for domain WELFARE due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Event Record #/Type54773 / Error
Event Submitted/Written: 01/06/2008 06:48:05 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 240 minutes.
NtpClient has no source of accurate time.

Event Record #/Type54772 / Warning
Event Submitted/Written: 01/06/2008 06:48:05 PM
Event ID/Source: 14 / W32Time
Event Description:
The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 240 minutes.



-- End of Deckard's System Scanner: finished at 2008-01-06 21:45:55

---

ActorSeeksJob

Hello

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum

• Click on "New Topic"
• Put your name, e-mail address, and this as the title: "C:\WINDOWS\system32\fsehfcu.dll"
• Put a link to this topic in the description box.
• Then next to the file box, at the bottom, click the browse button, then navigate to this file:
  
  
  • C:\WINDOWS\system32\fsehfcu.dll
  
  
• Click Open.
• Click Post.

Thank you!



1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {2012F73E-7427-4AD8-9E9D-6CBA6E0053D4} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O22 - SharedTaskScheduler: end - {aaad3a22-1c07-45f5-bfb3-e9a8c3b382fe} - C:\WINDOWS\system32\fsehfcu.dll

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download OTMoveIt by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  c:\windows\newname12.exe
  C:\WINDOWS\system32\fsehfcu.dll
  C:\Program Files\Video Add-on
  
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
• Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.




Backup Your Registry with ERUNT

• Please use the following link and scroll down to ERUNT and download it.
  http://aumha.org/freeware/freeware.php
• For version with the Installer:
  Use the setup program to install ERUNT on your computer
• For the zipped version:
  Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe



Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csr]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]

Then double click on the fix.reg file, when it prompts to merge click "Yes".



Reboot and post a new DSS log after all that

qwertplaywert

Deckard's System Scanner v20071014.68
Run by eugenemcardle on 2008-01-06 22:43:22
Computer is in Normal Mode.

---

Percentage of Memory in Use: 79% (more than 75%).
Total Physical Memory: 495 MiB (512 MiB recommended).


-- HijackThis (run as eugenemcardle.exe)

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:31, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\LDClient\LOCALSCH.EXE
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Reflection\rtsserv.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\LDClient\wuser32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\eugenemcardle\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\EUGENE~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 80.249.251.22
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 255.255.255.224:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = welfare.irlgov.ie
O17 - HKLM\Software\..\Telephony: DomainName = welfare.irlgov.ie
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED9222C5-261E-483C-B72F-E1C6F11C3A88}: Domain = welfare.irlgov.ie
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED9222C5-261E-483C-B72F-E1C6F11C3A88}: NameServer = 80.249.249.249,80.249.249.250
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = welfare.irlgov.ie
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = welfare.irlgov.ie
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = welfare.irlgov.ie
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\LDClient\LOCALSCH.EXE
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LANDesk(R) Management Agent - Unknown owner - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Reflection TimeSync - WRQ, Inc. - C:\Program Files\Reflection\rtsserv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Intel Remote Control Service (Wuser32) - LANDesk Software Ltd. - C:\LDClient\wuser32.exe
O24 - Desktop Component 0: (no name) - about:home

--
End of file - 10397 bytes

-- Files created between 2007-12-06 and 2008-01-06

---

2008-01-06 03:17:22 0 d

---

C:\VundoFix Backups
2008-01-06 02:52:11 0 d

---

C:\Documents and Settings\eugenemcardle\.housecall6.6
2008-01-06 02:40:05 0 d

---

C:\Program Files\SpywareBlaster
2008-01-06 02:37:35 0 d

---

C:\Program Files\Trend Micro
2008-01-06 02:36:30 25600 --a

---

C:\WINDOWS\system32\WS2Fix.exe
2008-01-06 02:36:30 81920 --a

---

C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-06 02:36:29 289144 --a

---

C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-06 02:36:29 288417 --a

---

C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-01-06 02:36:29 53248 --a

---

C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-01-06 02:36:29 51200 --a

---

C:\WINDOWS\system32\dumphive.exe
2008-01-06 01:13:51 0 d

---

C:\Program Files\Lavasoft
2008-01-06 01:13:50 0 d

---

C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-06 00:33:00 0 d

---

C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 16:36:02 0 d

---

C:\Documents and Settings\eugenemcardle\Application Data\WinAnonymous
2008-01-05 16:31:49 0 d

---

C:\Documents and Settings\All Users\Application Data\WinAnonymous
2008-01-05 16:31:31 0 d

---

C:\Program Files\Common Files\WinAnonymous
2008-01-05 15:01:52 0 d-a

---

C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-02 13:39:13 0 d

---

C:\Program Files\Bmf
2007-12-31 10:41:50 1158 --a

---

C:\WINDOWS\mozver.dat
2007-12-31 10:39:17 0 --a

---

C:\WINDOWS\nsreg.dat
2007-12-31 10:39:09 0 d

---

C:\Documents and Settings\eugenemcardle\Application Data\Mozilla
2007-12-30 18:31:43 24576 --a

---

C:\WINDOWS\system32\ZyDelReg.exe <Not Verified; ; ZyDelReg Application>
2007-12-30 18:31:43 81920 --a

---

C:\WINDOWS\system32\ZDPN50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-12-30 18:31:43 15872 --a

---

C:\WINDOWS\system32\InsDrvZD64.DLL <Not Verified; ; InsDrvZD Dynamic Link Library>
2007-12-30 18:31:43 28672 --a

---

C:\WINDOWS\system32\InsDrvZD.dll <Not Verified; ; InsDrvZD Dynamic Link Library>
2007-12-30 18:31:36 102400 --a

---

C:\WINDOWS\system32\W32N55.DLL <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-12-30 18:31:33 32256 --a

---

C:\WINDOWS\system32\Zdcndis5a64.sys <Not Verified; ZDC., Inc. (ZDC); ZDC Rawether for Windows>
2007-12-30 18:31:33 19072 --a

---

C:\WINDOWS\system32\ZDCndis5.sys <Not Verified; ZDC., Inc. (ZDC); ZDC Rawether for Windows>
2007-12-30 18:31:33 102400 --a

---

C:\WINDOWS\system32\ZDCN50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-12-30 18:31:33 31744 --a

---

C:\WINDOWS\system32\drivers\ZDPSp50a64.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-12-30 18:31:33 17664 --a

---

C:\WINDOWS\system32\drivers\ZDPSp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-12-30 18:31:33 17151 --a

---

C:\WINDOWS\system32\drivers\ZDPNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-12-30 18:31:33 20608 --a

---

C:\WINDOWS\system32\drivers\BRGSp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-12-29 13:39:51 0 d

---

C:\Program Files\Windows Media Connect 2
2007-12-29 13:36:20 0 d

---

C:\WINDOWS\system32\drivers\UMDF
2007-12-29 11:42:04 0 d

---

C:\Program Files\Kontiki
2007-12-29 11:42:01 0 d

---

C:\Program Files\Channel4
2007-12-29 11:42:01 0 d

---

C:\Documents and Settings\All Users\Application Data\Kontiki
2007-12-29 11:41:21 0 d

---

C:\Documents and Settings\All Users\Application Data\Channel4
2007-12-28 20:27:00 0 d

---

C:\Program Files\uTorrent
2007-12-28 19:59:43 0 d

---

C:\Documents and Settings\All Users\Application Data\Azureus
2007-12-28 19:59:37 0 d

---

C:\Documents and Settings\eugenemcardle\Application Data\Azureus
2007-12-28 19:57:40 0 d

---

C:\Program Files\Azureus
2007-12-18 18:38:04 0 d

---

C:\Program Files\iDump
2007-12-18 18:33:01 0 d

---

C:\Program Files\Tansee iPod Transfer
2007-12-13 19:14:06 0 d

---

C:\Program Files\Soulseek
2007-12-10 20:53:17 0 d

---

C:\Documents and Settings\eugenemcardle\Application Data\Free Download Manager


-- Find3M Report

---

2008-01-06 22:38:45 0 d

---

C:\Program Files\Symantec AntiVirus
2008-01-06 02:36:17 0 d

---

C:\Program Files\Free Download Manager
2008-01-06 00:33:00 0 d

---

C:\Program Files\Common Files
2008-01-05 21:54:26 0 d

---

C:\Program Files\Common Files\Real
2008-01-05 21:53:56 0 d

---

C:\Documents and Settings\eugenemcardle\Application Data\Real
2008-01-03 19:59:46 0 d

---

C:\Documents and Settings\eugenemcardle\Application Data\uTorrent
2007-12-31 19:14:19 0 d--h

---

C:\Program Files\InstallShield Installation Information
2007-12-31 10:41:56 0 d

---

C:\Documents and Settings\eugenemcardle\Application Data\Adobe
2007-12-28 15:32:29 0 d

---

C:\Program Files\DivX
2007-12-18 22:08:29 0 d

---

C:\Program Files\Handbrake
2007-12-09 17:07:19 0 d

---

C:\Program Files\iTunes
2007-12-02 22:04:31 0 d

---

C:\Program Files\iPod
2007-12-02 22:02:50 0 d

---

C:\Program Files\QuickTime
2007-12-02 22:00:11 0 d

---

C:\Program Files\Apple Software Update
2007-12-02 21:59:30 0 d

---

C:\Program Files\Common Files\Apple
2007-12-02 16:54:58 0 d

---

C:\Program Files\Red Kawa


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/10/2004 16:56]
"TPSMain"="TPSMain.exe" [28/06/2004 08:29 C:\WINDOWS\system32\TPSMain.exe]
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.exe" [13/04/2004 10:54]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe" [19/08/2004 15:11]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [05/08/2004 16:23]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [24/03/2004 10:56]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [03/08/2003 15:01]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [26/01/2004 17:03]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [26/01/2004 17:03]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/06/2004 19:31]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [30/10/2003 15:46]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 18:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 23:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=&quot;Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Inventory Scan.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Inventory Scan.LNK
backup=C:\WINDOWS\pss\Inventory Scan.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
000StTHK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
C:\WINDOWS\system32\00THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\services32]
C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
TFncKy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
TFNF5.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchED]
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cmdService"=2 (0x2)
"CFSvcs"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-01-06 22:43:45

---

ActorSeeksJob

Hello

Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

Also tell me how your PC is running now

qwertplaywert

About to do instructions in your latest post. The icon is no longer in the corner, or popping up ,and using google toolbar in internet explorer works as normal.
Will update you after these steps.

qwertplaywert

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/07/2008 at 07:14 PM

Application Version : 3.9.1008

Core Rules Database Version : 3375
Trace Rules Database Version: 1369

Scan type : Complete Scan
Total Scan Time : 02:18:37

Memory items scanned : 476
Memory threats detected : 0
Registry items scanned : 5627
Registry threats detected : 98
File items scanned : 75508
File threats detected : 70

Adware.Tracking Cookie
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@bluestreak[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@fastclick[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@mediaplex[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@zedo[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@advertising[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@sonycorporate.122.2o7[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@audit.median[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@tradedoubler[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@adverts[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@revsci[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@www.malwareburn[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@ehg-futurepub.hitbox[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@msnportal.112.2o7[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@apmebf[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@ads.boards[3].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@questionmarket[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@serving-sys[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@www.adverts[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@realmedia[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@specificclick[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@hitbox[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@ads.as4x.tmcs[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@adopt.euroclick[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@adtech[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@sonyeurope.112.2o7[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@adinterax[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@ads.mediamayhemcorp[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@doubleclick[3].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@atdmt[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@brightcove.112.2o7[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@ads.pointroll[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@rdr.hitmngr[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@statcounter[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@virusranger[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@tribalfusion[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@bs.serving-sys[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@divx.112.2o7[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@richmedia.yahoo[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@adopt.euroclick[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@ads.boards[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@ads.revsci[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@adtech[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@advertising[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@anad.tacoda[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@clicks.smartbizsearch[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@dealtime[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@doubleclick[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@enhance[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@imrworldwide[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@msnportal.112.2o7[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@questionmarket[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@revsci[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@server.iad.liveperson[1].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@server.iad.liveperson[4].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@tacoda[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@tribalfusion[2].txt
C:\Documents and Settings\eugenemcardle\Cookies\eugenemcardle@videoegg.adbureau[2].txt

Trojan.NetMon/DNSChange
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

Adware.ClickSpring/Yazzle
HKLM\Software\Yazzle Snowball Wars

Trojan.DollarRevenue
C:\WINDOWS\keyboard1.dat

Trojan.Media-Codec/V4
HKCR\videoPl.chl
HKCR\videoPl.chl\CLSID

Malware.VirusProtect
HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}
HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}\1.0
HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}\1.0\0
HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}\1.0\0\win32
HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}\1.0\FLAGS
HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}\1.0\HELPDIR
HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}
HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}\ProxyStubClsid
HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}\ProxyStubClsid32
HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}\TypeLib
HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}\TypeLib#Version
HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}
HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}\ProxyStubClsid
HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}\ProxyStubClsid32
HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}\TypeLib
HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}\TypeLib#Version
HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}
HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}\ProxyStubClsid
HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}\ProxyStubClsid32
HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}\TypeLib
HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}\TypeLib#Version
HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}
HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}\ProxyStubClsid
HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}\ProxyStubClsid32
HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}\TypeLib
HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}\TypeLib#Version
HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}
HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}\ProxyStubClsid
HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}\ProxyStubClsid32
HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}\TypeLib
HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}\TypeLib#Version
HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}
HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}\ProxyStubClsid
HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}\ProxyStubClsid32
HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}\TypeLib
HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}\TypeLib#Version
HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}
HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}\ProxyStubClsid
HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}\ProxyStubClsid32
HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}\TypeLib
HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}\TypeLib#Version
HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}
HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}\ProxyStubClsid
HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}\ProxyStubClsid32
HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}\TypeLib
HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}\TypeLib#Version
HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}
HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}\ProxyStubClsid
HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}\ProxyStubClsid32
HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}\TypeLib
HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}\TypeLib#Version
HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}
HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}\ProxyStubClsid
HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}\ProxyStubClsid32
HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}\TypeLib
HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}\TypeLib#Version
HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}
HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}\ProxyStubClsid
HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}\ProxyStubClsid32
HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}\TypeLib
HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}\TypeLib#Version
HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}
HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}\ProxyStubClsid
HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}\ProxyStubClsid32
HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}\TypeLib
HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}\TypeLib#Version
HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}
HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}\ProxyStubClsid
HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}\ProxyStubClsid32
HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}\TypeLib
HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}\TypeLib#Version
HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}
HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}\ProxyStubClsid
HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}\ProxyStubClsid32
HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}\TypeLib
HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}\TypeLib#Version
HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}
HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}\ProxyStubClsid
HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}\ProxyStubClsid32
HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}\TypeLib
HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}\TypeLib#Version
HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}
HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}\ProxyStubClsid
HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}\ProxyStubClsid32
HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}\TypeLib
HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}\TypeLib#Version
C:\DECKARD\SYSTEM SCANNER\20080106223934\BACKUP\DOCUME~1\EUGENE~1\LOCALS~1\TEMP\BR1D4.EXE

Malware.LocusSoftware Inc/ErrClean
C:\DECKARD\SYSTEM SCANNER\20080106223934\BACKUP\DOCUME~1\EUGENE~1\LOCALS~1\TEMP\NI.UGDC_0001_N122M1912\SETUP.EXE

Rogue.AdvancedCleaner
C:\DECKARD\SYSTEM SCANNER\20080106223934\BACKUP\DOCUME~1\EUGENE~1\LOCALS~1\TEMP\UADC_0001_D10M0210\INSTALLER.EXE
C:\DOCUMENTS AND SETTINGS\EUGENEMCARDLE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\IX9A6CNC\ADCFREEINSTALLER[1].EXE

Malware.LocusSoftware Inc/BestSellerAntivirus
C:\DOCUMENTS AND SETTINGS\EUGENEMCARDLE\APPLICATION DATA\INSTALLER_EN[1].EXE
C:\DOCUMENTS AND SETTINGS\EUGENEMCARDLE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\IX9A6CNC\INSTALLER_EN[1].EXE

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\EUGENEMCARDLE\FAVORITES\ONLINE SECURITY TEST.URL

Malware.VirusRanger
C:\DOCUMENTS AND SETTINGS\EUGENEMCARDLE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\GYC5WGQN\VRG_SETUP[1].EXE

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\WTSSVIT.EXE







Seems to be working grand now.

ActorSeeksJob

Looking good, a few things to do

Some clean up :

Please double-click OTMoveIt.exe to run it.
Click the Clean up button
Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
Click Yes to the reboot



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com/products/acrobat/readstep2.html


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

qwertplaywert

No, thank you for helping me through it! Prop saved me a 100 euro trip to Pc Reapir Center!

Everythings working grand now, in the process of uninstalling all the virus checking programs I used, going to leave Spybot Search and Destroy,those two malware programs you recommended. Also, for a general anti virus program, will install AVG, as its been highly recommended around these parts.

qwertplaywert

Nop, not quite fixed yet. Just googled something using toolbar in Internet Explorer, same thing as before happened. Will I just follow those steps again?

ActorSeeksJob

No, just post me a new DSS log.