Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).
 
 Closed TopicStart new topic
Help! I don't know what is wrong with my computer [RESOLVED]
simonsmart16
post Dec 19 2007, 01:48 AM
Post #1


Member
**
Posts: 12
OS: Windows XP Professional
I have NOD32 Demo, Spybot Search and Destory, Spysweeper, Clean Up, CCleaner and my computer still doesn't work for me, sometimes, it randomly reboots, the blue screen of death appears, but with line coming down vertically, so i can't read it (the words are jumbled to) and when i reboot, it doesn't to into windows, it stays on a black screen so i have to reboot (after trying to reboot, i repair it with the xp professional cd and it works but it the problems happens again in between 1hr-4days). Here is my Hijackthis report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:49:38 PM, on 12/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xpjava.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188010096318
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151646880381
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 7766 bytes
Go to the top of the page
 
+Quote Post
Rorschach112
post Dec 19 2007, 03:38 AM
Post #2


GeekU Teacher
Group Icon
Posts: 20,009
From: Dublin
OS: XP
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.




Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Go to the top of the page
 
+Quote Post
simonsmart16
post Dec 20 2007, 04:23 PM
Post #3


Member
**
Posts: 12
OS: Windows XP Professional
Ok. i have done the SDFix and here are the results,


SDFix: Version 1.119

Run by Inter Food Emporium on Fri 12/21/2007 at 08:09 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\FTPUPD.EXE - Deleted
C:\4E4.TMP - Deleted
C:\4E6.TMP - Deleted
C:\4E7.TMP - Deleted
C:\WINDOWS\install.exe - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 08:18:18
Windows 5.1.2600 Service Pack 1 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 19 Oct 2003 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv18.bak"
Sun 19 Oct 2003 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 1 Feb 2007 25,600 ...H. --- "C:\Documents and Settings\one-two\My Documents\~WRL0928.tmp"
Thu 27 Nov 2003 24,576 ...H. --- "C:\Documents and Settings\one-two\My Documents\~WRL0655.tmp"
Wed 8 Jun 2005 220,160 ...H. --- "C:\Documents and Settings\one-two\My Documents\~WRL1054.tmp"
Tue 21 Nov 2006 24,064 ...H. --- "C:\Documents and Settings\one-two\My Documents\~WRL3930.tmp"
Wed 6 Dec 2006 34,816 ...H. --- "C:\Documents and Settings\one-two\My Documents\~WRL2506.tmp"
Tue 9 Oct 2007 82,432 ...H. --- "C:\Documents and Settings\Inter Food Emporium\My Documents\~WRL3195.tmp"
Wed 19 Dec 2007 24,064 ...H. --- "C:\Documents and Settings\Inter Food Emporium\My Documents\~WRL2359.tmp"
Wed 19 Dec 2007 24,064 ...H. --- "C:\Documents and Settings\Inter Food Emporium\My Documents\~WRL1666.tmp"
Wed 19 Dec 2007 33,792 ...H. --- "C:\Documents and Settings\Inter Food Emporium\My Documents\~WRL0529.tmp"
Thu 8 Nov 2007 22,989 A..H. --- "C:\Program Files\InterActual\InterActual Player\itiF.tmp"
Mon 14 Mar 2005 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.2\Maint.exe"
Mon 28 Feb 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.2\uinstrsc.dll"
Thu 1 Apr 1999 2,515,608 A..H. --- "C:\eGames\Galaxy_of_Brain_Games\Beetle\WCDEMO.EXE"
Thu 1 Apr 1999 1,995,171 A..H. --- "C:\eGames\Galaxy_of_Brain_Games\Rollem\WCDEMO.EXE"
Sun 11 Jun 2006 35,528 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR128.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS129.tmp"
Sun 11 Jun 2006 35,040 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR12A.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS12B.tmp"
Sun 11 Jun 2006 34,636 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR12C.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS12D.tmp"
Sun 11 Jun 2006 33,832 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR12E.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS12F.tmp"
Sun 11 Jun 2006 44,364 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR130.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS131.tmp"
Sun 11 Jun 2006 47,700 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR132.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS133.tmp"
Sun 11 Jun 2006 33,500 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR134.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS135.tmp"
Sun 11 Jun 2006 44,036 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR136.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS137.tmp"
Sun 11 Jun 2006 46,996 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR138.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS139.tmp"
Sun 11 Jun 2006 44,812 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR13A.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS13B.tmp"
Sun 11 Jun 2006 40,284 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR13C.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS13D.tmp"
Sun 11 Jun 2006 35,528 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR13E.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS13F.tmp"
Sun 11 Jun 2006 35,040 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR140.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS141.tmp"
Sun 11 Jun 2006 34,636 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR142.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS143.tmp"
Sun 11 Jun 2006 33,832 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR144.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS145.tmp"
Sun 11 Jun 2006 44,812 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR146.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS147.tmp"
Sun 11 Jun 2006 44,364 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR148.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS149.tmp"
Sun 11 Jun 2006 47,700 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR14A.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS14B.tmp"
Sun 11 Jun 2006 33,500 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR14C.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS14D.tmp"
Sun 11 Jun 2006 44,036 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR14E.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS14F.tmp"
Sun 11 Jun 2006 46,996 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR150.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS151.tmp"
Sun 11 Jun 2006 40,284 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTR152.tmp"
Sun 11 Jun 2006 1,409 ...H. --- "C:\Documents and Settings\one-two\Local Settings\Temp\ZTS153.tmp"
Thu 8 Mar 2007 47,104 ...H. --- "C:\Documents and Settings\one-two\My Documents\assignment cert 4\~WRL2344.tmp"
Mon 20 Aug 2007 663,040 ...H. --- "C:\Documents and Settings\Inter Food Emporium\My Documents\Forms\~WRL1935.tmp"
Sat 16 Jun 2007 260,096 ...H. --- "C:\Documents and Settings\Inter Food Emporium\My Documents\My Videos\~WRL1973.tmp"
Wed 5 Sep 2007 646,144 ...H. --- "C:\Documents and Settings\Inter Food Emporium\My Documents\Recipe & Nutrition\~WRL0005.tmp"
Sat 11 Aug 2007 964,096 ...H. --- "C:\Documents and Settings\Inter Food Emporium\My Documents\Label & Card & Sign\~WRL1131.tmp"
Sun 10 Jun 2007 47,616 A..H. --- "C:\Documents and Settings\Inter Food Emporium\Desktop\New Folder\~WRL2513.tmp"
Sun 19 Feb 2006 401 A..H. --- "C:\Documents and Settings\one-two\My Documents\My Music\License Backup\drmv1lic.bak"
Sun 19 Oct 2003 4,348 ...H. --- "C:\Documents and Settings\one-two\My Documents\My Music\License Backup\drmv1key.bak"
Tue 4 Nov 2003 400 A.SH. --- "C:\Documents and Settings\one-two\My Documents\My Music\License Backup\drmv2key.bak"
Wed 7 May 2003 23,040 ...H. --- "C:\Documents and Settings\one-two\Application Data\Microsoft\Word\~WRL0005.tmp"
Thu 8 May 2003 23,040 ...H. --- "C:\Documents and Settings\one-two\Application Data\Microsoft\Word\~WRL0003.tmp"
Thu 8 May 2003 26,112 ...H. --- "C:\Documents and Settings\one-two\Application Data\Microsoft\Word\~WRL3813.tmp"
Thu 8 May 2003 26,624 ...H. --- "C:\Documents and Settings\one-two\Application Data\Microsoft\Word\~WRL2845.tmp"
Thu 8 May 2003 27,136 ...H. --- "C:\Documents and Settings\one-two\Application Data\Microsoft\Word\~WRL2328.tmp"
Thu 8 May 2003 27,648 ...H. --- "C:\Documents and Settings\one-two\Application Data\Microsoft\Word\~WRL2738.tmp"
Thu 8 May 2003 28,160 ...H. --- "C:\Documents and Settings\one-two\Application Data\Microsoft\Word\~WRL1011.tmp"
Mon 1 Sep 2003 34,816 ...H. --- "C:\Documents and Settings\one-two\Application Data\Microsoft\Word\~WRL0001.tmp"
Tue 2 Sep 2003 34,816 ...H. --- "C:\Documents and Settings\one-two\Application Data\Microsoft\Word\~WRL1706.tmp"
Tue 2 Sep 2003 34,816 ...H. --- "C:\Documents and Settings\one-two\Application Data\Microsoft\Word\~WRL0548.tmp"
Mon 28 Feb 2005 64,000 ...H. --- "C:\Documents and Settings\one-two\Application Data\Microsoft\Word\~WRL2471.tmp"
Mon 28 Feb 2005 64,000 ...H. --- "C:\Documents and Settings\one-two\Application Data\Microsoft\Word\~WRL2284.tmp"
Thu 2 Oct 2003 23,552 ...H. --- "C:\Documents and Settings\one-two\Application Data\Microsoft\Word\~WRL2403.tmp"
Tue 2 Sep 2003 34,816 ...H. --- "C:\Documents and Settings\one-two\Application Data\Microsoft\Word\~WRL2549.tmp"
Mon 28 Feb 2005 64,512 ...H. --- "C:\Documents and Settings\one-two\Application Data\Microsoft\Word\~WRL3674.tmp"
Fri 19 Sep 2003 19,456 ...H. --- "C:\Documents and Settings\Rachel\Application Data\Microsoft\Word\~WRL0005.tmp"
Fri 15 Dec 2006 118,272 A.SH. --- "C:\Documents and Settings\Inter Food Emporium\Desktop\Akka USB Files\BAS Small Business templates\~WRL0002.tmp"
Sat 16 Jun 2007 402,944 ...H. --- "C:\Documents and Settings\Inter Food Emporium\Application Data\Microsoft\Word\~WRL0005.tmp"
Wed 4 May 2005 7,163 A..H. --- "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-au\BIT3.tmp"
Wed 4 May 2005 7,163 A..H. --- "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-au\BIT6.tmp"
Wed 4 May 2005 7,163 A..H. --- "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-au\BIT5.tmp"
Wed 4 May 2005 7,163 A..H. --- "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-au\BIT4.tmp"
Wed 4 May 2005 7,163 A..H. --- "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-au\BIT112.tmp"
Wed 4 May 2005 7,163 A..H. --- "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-au\BIT7.tmp"
Wed 4 May 2005 7,163 A..H. --- "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-au\BITE3.tmp"
Wed 4 May 2005 7,163 A..H. --- "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-au\BIT35.tmp"
Wed 4 May 2005 7,163 A..H. --- "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-au\BIT29.tmp"
Sun 14 Mar 2004 60,928 ...H. --- "C:\Documents and Settings\Rosaline\My Documents\My Word\My Assignments\Religion\~WRL2375.tmp"
Wed 3 Oct 2007 5,181 ..SH. --- "C:\Documents and Settings\Inter Food Emporium\Local Settings\Application Data\NewSoft\PageManager\7.15.11A\Setting\PM65.BAK"

Finished!

I will start on DSS now.
Go to the top of the page
 
+Quote Post
simonsmart16
post Dec 20 2007, 04:32 PM
Post #4


Member
**
Posts: 12
OS: Windows XP Professional
There is the main.txt from dss,

Deckard's System Scanner v20071014.68
Run by Inter Food Emporium on 2007-12-21 08:24:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2007-12-20 22:25:01 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2007-12-20 01:36:52 UTC - RP2 - System Checkpoint
1: 2007-12-17 00:02:41 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 224 MiB (512 MiB recommended).


-- HijackThis (run as Inter Food Emporium.exe) ---------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:32 AM, on 12/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Inter Food Emporium\Desktop\dss.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Inter Food Emporium.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xpjava.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188010096318
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151646880381
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 7920 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver>
R2 AMON - c:\windows\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>
R2 DVDAccss - c:\windows\system32\drivers\dvdaccss.sys <Not Verified; Apple Computer, Inc.; DVDAccss Driver>
R3 catchme - c:\docume~1\interf~1\locals~1\temp\catchme.sys (file missing)
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 FETNDIS (VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\fetnd5.sys (file missing)
S3 GVCplDrv - c:\windows\system32\drivers\gvcpldrv.sys
S3 GVTDrv - c:\windows\system32\drivers\gvtdrv.sys
S3 naecd - c:\docume~1\one-two\locals~1\temp\naecd.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-11-21 and 2007-12-21 -----------------------------

2007-12-21 08:07:29 0 d-------- C:\WINDOWS\ERUNT
2007-12-19 17:11:50 0 d--hs---- C:\FOUND.057
2007-12-19 16:48:51 0 d-------- C:\Program Files\Trend Micro
2007-12-19 16:07:06 0 d--hs---- C:\FOUND.056
2007-12-19 14:21:28 0 dr-h----- C:\Documents and Settings\Inter Food Emporium\Recent
2007-12-17 09:59:44 0 d-------- C:\WINDOWS\Prefetch
2007-12-17 09:17:42 0 d--hs---- C:\FOUND.055
2007-12-13 09:16:56 0 d-------- C:\Documents and Settings\Inter Food Emporium\Application Data\Help
2007-12-11 14:12:29 0 d-------- C:\Program Files\uTorrent
2007-12-11 14:12:24 0 d-------- C:\Documents and Settings\Inter Food Emporium\Application Data\uTorrent
2007-12-08 09:49:03 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-08 09:48:45 0 d-------- C:\Documents and Settings\Inter Food Emporium\Application Data\Mozilla
2007-12-06 09:54:08 0 d-------- C:\WINDOWS\java
2007-12-06 09:39:04 0 d--hs---- C:\FOUND.054
2007-12-03 13:53:17 274432 --a------ C:\WINDOWS\System32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-12-03 13:53:16 502368 --a------ C:\WINDOWS\System32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>
2007-12-03 13:46:57 0 d-------- C:\Program Files\SpywareBlaster
2007-12-03 13:38:12 0 d--hs---- C:\FOUND.053
2007-12-03 09:30:17 0 d-------- C:\Program Files\Alwil Software
2007-12-01 11:28:52 0 d-------- C:\Sysclean
2007-12-01 10:24:05 0 d-------- C:\Documents and Settings\Inter Food Emporium\.housecall6.6
2007-12-01 10:17:48 0 d-------- C:\Documents and Settings\Inter Food Emporium\Application Data\Symantec
2007-12-01 09:28:59 0 d-------- C:\Program Files\LimeWire
2007-12-01 09:27:09 0 d--hs---- C:\FOUND.009
2007-12-01 09:27:09 0 d--hs---- C:\FOUND.008
2007-12-01 09:27:09 0 d--hs---- C:\FOUND.007
2007-12-01 09:27:09 0 d--hs---- C:\FOUND.006
2007-12-01 09:27:09 0 d--hs---- C:\FOUND.005
2007-12-01 09:27:09 0 d--hs---- C:\FOUND.004
2007-12-01 09:27:09 0 d--hs---- C:\FOUND.003
2007-12-01 09:27:09 0 d--hs---- C:\FOUND.002
2007-12-01 09:27:09 0 d--hs---- C:\FOUND.001
2007-12-01 09:27:09 0 d--hs---- C:\FOUND.000
2007-11-30 16:20:28 0 d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2007-11-26 16:34:50 0 d--hs---- C:\FOUND.052
2007-11-24 13:56:16 0 d--hs---- C:\FOUND.051
2007-11-24 11:20:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater(2)
2007-11-24 10:53:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-24 10:27:38 0 d-------- C:\Program Files\CCleaner
2007-11-24 10:08:16 0 d-------- C:\Documents and Settings\Inter Food Emporium\Application Data\Uniblue


-- Find3M Report ---------------------------------------------------------------

2007-12-01 09:52:14 8447 --a------ C:\Documents and Settings\Inter Food Emporium\Application Data\CleanUp!.log
2007-11-10 10:33:40 5725 --a------ C:\Program Files\install.log
2007-11-09 17:46:50 0 d-------- C:\Documents and Settings\Inter Food Emporium\Application Data\GlarySoft
2007-11-08 17:47:40 0 d-------- C:\Documents and Settings\Inter Food Emporium\Application Data\Real
2007-11-03 13:41:16 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-11-03 10:31:36 0 d-------- C:\Documents and Settings\Inter Food Emporium\Application Data\AVG7
2007-11-03 10:30:28 0 d-------- C:\Program Files\Grisoft(2)
2007-10-27 08:42:08 0 d-------- C:\Documents and Settings\Inter Food Emporium\Application Data\Lavasoft
2007-10-02 15:56:36 664 --a------ C:\WINDOWS\System32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [12/03/2007 01:52 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [03/31/2003 12:00 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/25/2007 11:55 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,xpjava.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOWS\System32\srrstr.dll cli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli




-- End of Deckard's System Scanner: finished at 2007-12-21 08:29:01 ------------

and here is the extra.txt,

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 1.70GHz
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 223.48 MiB / 67.66 MiB
Pagefile Memory (total/avail): 547.38 MiB / 368.76 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.59 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 37.26 GiB total, 17.76 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (FAT)

\\.\PHYSICALDRIVE0 - ST340810A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 37.27 GiB - C:

\\.\PHYSICALDRIVE1 - USB2.0 Mobile Disk USB Device - 957 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 960.72 MiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Inter Food Emporium\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=IFE
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Inter Food Emporium
LOGONSERVER=\\IFE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0103
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\INTERF~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\INTERF~1\LOCALS~1\Temp
USERDOMAIN=IFE
USERNAME=Inter Food Emporium
USERPROFILE=C:\Documents and Settings\Inter Food Emporium
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

one-two
Rachel
Rosaline
Inter Food Emporium (admin)
Administrator (new local, admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\System32\UninstIPP.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0CF63063-BD94-4A8B-9966-B6FDC3F55B38}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~2\INSTALL.LOG
BigPond ADSL SIK 5.6 Files --> C:\Program Files\Telstra\sikuninst.exe
CAM-IN SUITE III --> C:\PROGRA~1\CAM-IN~1\UNWISE.EXE C:\PROGRA~1\CAM-IN~1\INSTALL.LOG
Canon MP Navigator 2.2 --> "C:\Program Files\Canon\MP Navigator 2.2\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.2\uninst.ini
Canon MP530 --> "C:\WINDOWS\System32\CanonMP Uninstaller Information\{3215EBED-1D06-42fb-A05C-A752A46FB24C}\DelDrv.exe" /U:{3215EBED-1D06-42fb-A05C-A752A46FB24C} /L0x0009
Canon S330 --> C:\WINDOWS\System32\CNMCP45.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S330 Installer\Inst\DeIsL1.isu" -pCanon S330-c"C:\BJPrinter\CNMWINDOWS\Canon S330 Installer\Inst\bjinst.dll
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CD-LabelPrint --> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
DigitalCam Pro --> C:\WINDOWS\System32\unV2210.exe
DVD@ccess 2.0.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B34414C-14FB-11D6-A329-0050045C24B2}\Setup.exe" -l0x9
e-tax 2006 --> C:\etax2006\e-tax 2006_uninstall.exe
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Graphmatica --> C:\Program Files\Graphmatica\uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IBM ViaVoice Command and Control Runtime 5.3 - UK English --> C:\ViaVoice\Bin\vunUK.exe ProdRunControl Dc En_UK 'IBM ViaVoice™ Command and Control Runtime' C:\WINDOWS\IsUninst.exe -fC:\ViaVoice\DeIsL1.isu
ImageMixer VCD/DVD2 for OLYMPUS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
LivePix 2.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\LivePix 2.0\Uninst.isu"
MGI PhotoSuite 4 (Remove Only) --> "C:\Program Files\MGI\MGI PhotoSuite 4\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\MGI PhotoSuite 4\Uninst.isu" -c"C:\Program Files\MGI\MGI PhotoSuite 4\System\CustomUninstall.dll"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MYOB Accounting Plus v13 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BCC46C36-9460-409C-BF33-589445B0A0F1}
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
OLYMPUS Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
Outlook Express Q823353 --> C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q823353.inf
Power2Go 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerProducer Express --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Presto! PageManager 7.15.11 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}\SETUP.EXE" -l0x9 anything
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
Shockwave --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
SigmaTel MSCN Audio Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D53F7F05-4F17-4024-88C8-3C012E8555B4}\setup.exe" -l0x9
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Uninstall ESS Modem --> C:\WINDOWS\remvess
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Safety Scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type1444 / Error
Event Submitted/Written: 12/21/2007 08:06:27 AM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type1443 / Error
Event Submitted/Written: 12/21/2007 08:06:27 AM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type1411 / Error
Event Submitted/Written: 12/20/2007 05:13:45 PM
Event ID/Source: 4126 / Ci
Event Description:
Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will
be automatically restored by refiltering all documents.

Event Record #/Type1334 / Error
Event Submitted/Written: 12/20/2007 00:51:46 PM
Event ID/Source: 4126 / Ci
Event Description:
Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will
be automatically restored by refiltering all documents.

Event Record #/Type1333 / Error
Event Submitted/Written: 12/20/2007 00:51:46 PM
Event ID/Source: 4124 / Ci
Event Description:
Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart
the Indexing Service (cisvc).



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type388 / Warning
Event Submitted/Written: 12/21/2007 08:21:43 AM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{8BB8587D-C327-460B-9A31-9A72B2D1FCF3}.

Event Record #/Type387 / Warning
Event Submitted/Written: 12/21/2007 08:21:40 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00147F850A91. The IP address being used is 169.254.119.73.

Event Record #/Type386 / Warning
Event Submitted/Written: 12/21/2007 08:21:34 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00147F850A91. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type375 / Error
Event Submitted/Written: 12/21/2007 08:07:56 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Fips
IPSec
MRxSmb
NetBIOS
NetBT
Processor
RasAcd
Rdbss
Tcpip

Event Record #/Type374 / Error
Event Submitted/Written: 12/21/2007 08:07:56 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2007-12-21 08:29:01 ------------
Go to the top of the page
 
+Quote Post
Rorschach112
post Dec 21 2007, 08:10 AM
Post #5


GeekU Teacher
Group Icon
Posts: 20,009
From: Dublin
OS: XP
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xpjava.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Filter hijack: text/html - (no CLSID) - (no file)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\FOUND.057
    C:\FOUND.056
    C:\FOUND.055
    C:\FOUND.054
    C:\FOUND.053
    C:\FOUND.009
    C:\FOUND.008
    C:\FOUND.007
    C:\FOUND.006
    C:\FOUND.005
    C:\FOUND.004
    C:\FOUND.003
    C:\FOUND.002
    C:\FOUND.001
    C:\FOUND.000
    C:\FOUND.052
    C:\FOUND.051
    C:\WINDOWS\web\related.htm
    C:\WINDOWS\system32\xpjava.exe

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.




Reboot then post me a new DSS log
Go to the top of the page
 
+Quote Post
simonsmart16
post Dec 21 2007, 03:42 PM
Post #6


Member
**
Posts: 12
OS: Windows XP Professional
I won't be able to do this list of stuff until 2 days from now because im not going to my shop on those days.

Please be paitent, i'll try to go on Sunday to fix this up, but if i can't, i'll definitely post before Monday Night.

Thank-you for your help so far.
Go to the top of the page
 
+Quote Post
simonsmart16
post Dec 23 2007, 06:17 PM
Post #7


Member
**
Posts: 12
OS: Windows XP Professional
here is moveit

C:\FOUND.057 moved successfully.
C:\FOUND.056 moved successfully.
C:\FOUND.055 moved successfully.
C:\FOUND.054 moved successfully.
C:\FOUND.053 moved successfully.
C:\FOUND.009 moved successfully.
C:\FOUND.008 moved successfully.
C:\FOUND.007 moved successfully.
C:\FOUND.006 moved successfully.
C:\FOUND.005 moved successfully.
C:\FOUND.004 moved successfully.
C:\FOUND.003 moved successfully.
C:\FOUND.002 moved successfully.
C:\FOUND.001 moved successfully.
C:\FOUND.000 moved successfully.
C:\FOUND.052 moved successfully.
C:\FOUND.051 moved successfully.
C:\WINDOWS\web\related.htm moved successfully.
File/Folder C:\WINDOWS\system32\xpjava.exe not found.

Created on 12/24/2007 09:22:51


here is dss

Deckard's System Scanner v20071014.68
Run by Inter Food Emporium on 2007-12-24 09:36:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 224 MiB (512 MiB recommended).


-- HijackThis (run as Inter Food Emporium.exe) ---------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:09 AM, on 12/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\WgaTray.exe
C:&