Dr Watson Postmortem Debugger [RESOLVED]

Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

DSS main:
Deckard's System Scanner v20071014.68
Run by Fredrik Meltzer on 2008-06-11 14:19:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
48: 2008-06-11 12:19:12 UTC - RP48 - Deckard's System Scanner Restore Point
47: 2008-06-10 13:46:47 UTC - RP47 - Software Distribution Service 3.0
46: 2008-06-10 10:04:40 UTC - RP46 - System Checkpoint
45: 2008-06-08 23:48:28 UTC - RP45 - Software Distribution Service 3.0
44: 2008-06-08 11:07:29 UTC - RP44 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-04-28 13:31:48 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Fredrik Meltzer.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:24, on 11.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Fredrik Meltzer\Desktop\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\Fredrik Meltzer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4180 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pcouffin (VSO Software pcouffin) - d:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Memory Controller
Device ID: PCI\VEN_10DE&DEV_005E&SUBSYS_815A1043&REV_A3\3&2411E6FE&0&00
Manufacturer:
Name: PCI Memory Controller
PNP Device ID: PCI\VEN_10DE&DEV_005E&SUBSYS_815A1043&REV_A3\3&2411E6FE&0&00
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0052&SUBSYS_815A1043&REV_A2\3&2411E6FE&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0052&SUBSYS_815A1043&REV_A2\3&2411E6FE&0&09
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_0057&SUBSYS_81411043&REV_A3\3&2411E6FE&0&50
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_0057&SUBSYS_81411043&REV_A3\3&2411E6FE&0&50
Service:


-- Files created between 2008-05-11 and 2008-06-11 -----------------------------

2008-06-11 00:03:06 0 dr-h----- D:\Documents and Settings\Fredrik Meltzer\Recent
2008-06-09 01:50:25 0 d-------- D:\Program Files\MSXML 6.0
2008-06-09 01:49:03 0 d-------- D:\Program Files\MSXML 4.0
2008-06-08 13:07:32 0 d--h----- D:\WINDOWS\$hf_mig$
2008-06-08 12:48:18 0 d-------- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-08 12:45:41 0 d-------- D:\WINDOWS\system32\SoftwareDistribution
2008-06-08 05:40:08 0 d-------- D:\Program Files\Trend Micro
2008-06-08 05:02:26 0 d-------- D:\Documents and Settings\Fredrik Meltzer\Application Data\Malwarebytes
2008-06-08 05:02:25 0 d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-08 05:02:24 0 d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 05:02:06 0 d-------- D:\Program Files\Common Files\Download Manager
2008-06-06 19:22:15 0 d-------- D:\Documents and Settings\Fredrik Meltzer\Application Data\mIRC
2008-06-06 19:22:14 0 d-------- D:\Program Files\mIRC
2008-06-06 16:26:49 0 d-------- D:\Program Files\FairUse Wizard 2
2008-06-06 16:26:18 47360 --a------ D:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-06 16:26:18 0 d-------- D:\Documents and Settings\Fredrik Meltzer\Application Data\Vso
2008-06-06 16:26:18 47360 --a------ D:\Documents and Settings\Fredrik Meltzer\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-06 16:26:08 0 d-------- D:\Program Files\DVDFab 5
2008-06-05 21:07:41 0 d-------- D:\Program Files\Maketorrent 2
2008-06-05 15:22:05 43698 --a------ D:\WINDOWS\system32\xvid-uninstall.exe
2008-06-05 15:21:46 0 d-------- D:\Program Files\AviSynth 2.5
2008-06-05 15:18:23 0 d-------- D:\Program Files\Gabest
2008-06-05 15:17:57 0 d-------- D:\Program Files\AutoGK
2008-06-02 22:54:57 0 d-------- D:\WINDOWS\system32\LogFiles
2008-05-30 23:42:34 0 d-------- D:\Documents and Settings\All Users\Application Data\GRETECH
2008-05-30 23:41:58 0 d-------- D:\Documents and Settings\Fredrik Meltzer\Application Data\GRETECH
2008-05-30 23:41:45 0 d-------- D:\Program Files\GomPlayer
2008-05-29 15:04:23 0 d-------- D:\Program Files\Haali
2008-05-29 15:03:39 0 d-------- D:\Program Files\CoreCodec
2008-05-29 14:36:22 0 d-------- D:\Program Files\MediaInfo
2008-05-18 19:48:31 0 d-------- D:\Documents and Settings\Fredrik Meltzer\Application Data\Convivea
2008-05-18 19:48:30 0 d-------- D:\Program Files\Bit Che
2008-05-15 21:18:28 0 d-------- D:\Program Files\Java
2008-05-15 21:10:07 0 d-------- D:\Program Files\Common Files\Java


-- Find3M Report ---------------------------------------------------------------

2008-06-11 14:19:05 0 d-------- D:\Documents and Settings\Fredrik Meltzer\Application Data\uTorrent
2008-06-09 13:27:13 0 d-------- D:\Documents and Settings\Fredrik Meltzer\Application Data\dvdcss
2008-06-09 11:09:12 0 d-------- D:\Program Files\TrojanHunter 5.0
2008-06-08 05:16:54 0 d-------- D:\Documents and Settings\Fredrik Meltzer\Application Data\Desktopicon
2008-06-08 05:02:06 0 d-------- D:\Program Files\Common Files
2008-06-06 16:26:26 34 --a------ D:\Documents and Settings\Fredrik Meltzer\Application Data\pcouffin.log
2008-06-06 16:26:18 1144 --a------ D:\Documents and Settings\Fredrik Meltzer\Application Data\pcouffin.inf
2008-06-06 16:26:18 7887 --a------ D:\Documents and Settings\Fredrik Meltzer\Application Data\pcouffin.cat
2008-06-06 09:33:39 551 --a------ D:\Documents and Settings\Fredrik Meltzer\Application Data\AutoGK.ini
2008-06-04 14:21:36 0 d-------- D:\Program Files\Foxit Software
2008-05-30 14:11:20 771 --a------ D:\Documents and Settings\Fredrik Meltzer\Application Data\coreavc.ini
2008-05-08 02:03:52 0 d-------- D:\Documents and Settings\Fredrik Meltzer\Application Data\LimeWire
2008-05-04 03:53:32 0 d-------- D:\Documents and Settings\Fredrik Meltzer\Application Data\Media Player Classic
2008-05-04 02:48:49 0 d-------- D:\Program Files\LimeWire
2008-04-28 23:27:39 0 d-------- D:\Documents and Settings\Fredrik Meltzer\Application Data\vlc
2008-04-28 20:27:03 0 d-------- D:\Documents and Settings\Fredrik Meltzer\Application Data\WinRAR
2008-04-28 20:16:23 0 d-------- D:\Program Files\uTorrent
2008-04-28 20:00:50 0 d-------- D:\Documents and Settings\Fredrik Meltzer\Application Data\Helios
2008-04-28 20:00:43 0 d-------- D:\Program Files\TextPad 5
2008-04-28 19:14:37 0 d-------- D:\Program Files\VideoLAN
2008-04-28 18:44:56 0 d-------- D:\Documents and Settings\Fredrik Meltzer\Application Data\Adobe
2008-04-28 18:35:04 0 d-------- D:\Documents and Settings\Fredrik Meltzer\Application Data\Opera
2008-04-28 18:34:55 0 d-------- D:\Program Files\Opera
2008-04-28 17:32:00 0 d-------- D:\Documents and Settings\Fredrik Meltzer\Application Data\Macromedia
2008-04-28 17:07:17 0 d-------- D:\Program Files\Common Files\ODBC
2008-04-28 17:07:14 0 d-------- D:\Program Files\Common Files\SpeechEngines
2008-04-28 17:06:50 62 --ahs---- D:\Documents and Settings\Fredrik Meltzer\Application Data\desktop.ini
2008-04-28 16:38:26 0 d-------- D:\Documents and Settings\Fredrik Meltzer\Application Data\TrojanHunter
2008-04-28 15:46:41 298104 --a------ D:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-04-28 15:41:09 0 d-------- D:\Program Files\Common Files\InstallShield
2008-04-28 15:38:01 0 d-------- D:\Program Files\Marvell
2008-04-28 15:31:32 0 d-------- D:\Documents and Settings\Fredrik Meltzer\Application Data\Identities
2008-04-28 15:23:05 0 d-------- D:\Program Files\microsoft frontpage
2008-04-28 15:21:31 0 d--h----- D:\Program Files\WindowsUpdate
2008-04-28 15:20:41 0 d-------- D:\Program Files\Common Files\MSSoap
2008-04-28 15:20:34 0 d-------- D:\Program Files\Movie Maker
2008-04-28 15:19:38 21640 --a------ D:\WINDOWS\system32\emptyregdb.dat
2008-04-28 15:19:06 0 d-------- D:\Program Files\Online Services
2008-04-28 15:18:57 0 d-------- D:\Program Files\Windows Media Connect 2
2008-04-28 15:18:42 0 d-------- D:\Program Files\Messenger
2008-04-28 15:18:37 0 d-------- D:\Program Files\MSN Gaming Zone
2008-04-28 15:18:31 0 d-------- D:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [05.12.2007 01:41]
"nwiz"="nwiz.exe" [05.12.2007 01:41 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [05.12.2007 01:41]
"nod32kui"="D:\Program Files\Eset\nod32kui.exe" [28.04.2008 15:46]
"UnlockerAssistant"="D:\Program Files\Unlocker\UnlockerAssistant.exe" [01.03.2008 07:10]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [04.08.2004 03:56]
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [22.07.2007 13:32]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{541f4fc1-152e-11dd-8b54-806d6172696f}]
AutoRun\command- G:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-06-11 14:19:49 ------------



DSS Extra:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3800+
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 1023.48 MiB / 640.27 MiB
Pagefile Memory (total/avail): 2460.71 MiB / 2181.25 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.69 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 465.76 GiB total, 43.28 GiB free.
D: is Fixed (NTFS) - 111.78 GiB total, 94.15 GiB free.
E: is Fixed (NTFS) - 465.76 GiB total, 60.46 GiB free.
G: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - SAMSUNG HD120IJ - 111.79 GiB - 1 partition
\PARTITION0 - Installable File System - 111.78 GiB - D:

\\.\PHYSICALDRIVE1 - SAMSUNG HD501LJ - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.76 GiB - E:

\\.\PHYSICALDRIVE2 - SAMSUNG HD501LJ - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.76 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\Fredrik Meltzer\Application Data
CLIENTNAME=Console
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=MELTZER
ComSpec=D:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\Fredrik Meltzer
LOGONSERVER=\\MELTZER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f00
ProgramFiles=D:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\FREDRI~1\LOCALS~1\Temp
TMP=D:\DOCUME~1\FREDRI~1\LOCALS~1\Temp
USERDOMAIN=MELTZER
USERNAME=Fredrik Meltzer
USERPROFILE=D:\Documents and Settings\Fredrik Meltzer
windir=D:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Fredrik Meltzer (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
µTorrent --> "D:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player Plugin --> D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Auto Gordian Knot 2.45 --> D:\Program Files\AutoGK\uninst.exe
AviSynth 2.5 --> "D:\Program Files\AviSynth 2.5\Uninstall.exe"
Bit Che --> "D:\Program Files\Bit Che\unins000.exe"
CoreAVC Professional Edition (remove only) --> "D:\Program Files\CoreCodec\CoreAVC Professional Edition\CoreAVC Professional Edition-uninstall.exe"
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.2.5 --> "D:\Program Files\DVDFab 5\unins000.exe"
FairUse Wizard 2.6 --> "D:\Program Files\FairUse Wizard 2\unins000.exe"
Foxit PDF Creator --> D:\Program Files\Foxit Software\PDF Creator\FPC_Uninstall.exe
Foxit Reader --> D:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
GOM Player --> "D:\Program Files\GomPlayer\Uninstall.exe"
HijackThis 2.0.2 --> "D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Haali Media Splitter --> "D:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire 4.16.7 --> "D:\Program Files\LimeWire\uninstall.exe"
MakeTorrent v2.1 --> "D:\Program Files\Maketorrent 2\uninstall.exe"
Malwarebytes' Anti-Malware --> "D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
MediaInfo 0.7.7.0 --> D:\Program Files\MediaInfo\uninst.exe
mIRC --> D:\Program Files\mIRC\uninstall.exe _?=D:\Program Files\mIRC
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NOD32 antivirus system --> D:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX --> "D:\Program Files\Eset\unins000.exe"
NVIDIA Drivers --> D:\WINDOWS\system32\nvuninst.exe UninstallGUI
Opera 9.27 --> MsiExec.exe /X{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}
Spybot - Search & Destroy --> "D:\Program Files\Spybot - Search & Destroy\unins000.exe"
TextPad 5 --> MsiExec.exe /X{B6EC7388-E277-4A5B-8C8F-71067A41BA64}
Unlocker 1.8.6 --> D:\Program Files\Unlocker\uninst.exe
VideoLAN VLC media player 0.8.6f --> D:\Program Files\VideoLAN\VLC\uninstall.exe
WinRAR archiver --> D:\Program Files\WinRAR\uninstall.exe
XviD MPEG4 Video Codec (remove only) --> "D:\WINDOWS\system32\xvid-uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1992 / Error
Event Submitted/Written: 06/11/2008 10:25:11 AM
Event ID/Source: 1802 / SecurityCenter
Event Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Event Record #/Type1989 / Error
Event Submitted/Written: 06/10/2008 10:07:06 AM
Event ID/Source: 1802 / SecurityCenter
Event Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Event Record #/Type1987 / Error
Event Submitted/Written: 06/09/2008 10:58:25 AM
Event ID/Source: 1802 / SecurityCenter
Event Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Event Record #/Type1983 / Error
Event Submitted/Written: 06/09/2008 00:49:28 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3111, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1981 / Error
Event Submitted/Written: 06/08/2008 05:49:13 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3111, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4077 / Warning
Event Submitted/Written: 06/11/2008 00:56:11 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type4073 / Warning
Event Submitted/Written: 06/11/2008 11:15:18 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type4072 / Warning
Event Submitted/Written: 06/11/2008 10:46:25 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type4053 / Warning
Event Submitted/Written: 06/11/2008 10:26:16 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type4052 / Error
Event Submitted/Written: 06/11/2008 10:24:49 AM / 06/11/2008 10:25:20 AM
Event ID/Source: 14 / nv
Event Description:
Unknown error on



-- End of Deckard's System Scanner: finished at 2008-06-11 14:19:49 ------------


Kaspersky scan:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, June 11, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, June 11, 2008 12:06:09
Records in database: 851604
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\

Scan statistics:
Files scanned: 51074
Threat name: 4
Infected objects: 11
Suspicious objects: 0
Duration of the scan: 05:21:55


File name / Threat name / Threats count
D:\Documents and Settings\Fredrik Meltzer\Desktop\Meltzer\Nedlastinger\Install filer\mirc632.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1
D:\Program Files\ESET\infected\DNWEMPAA.NQF Infected: Trojan.Win32.Monder.gen 1
D:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1
E:\Downloads\SpySweeper5.5-FULL\SpySweeper 5.5.exe Infected: not-a-virus:PSWTool.Win32.FirePass.r 1
E:\Downloads\SpySweeper5.5-FULL\SpySweeper 5.5.exe Infected: not-a-virus:PSWTool.Win32.IEPassView.e 1
E:\Downloads\SpySweeper5.5-FULL\SpySweeper v5.0.7.1608.r00 Infected: not-a-virus:PSWTool.Win32.FirePass.r 1
E:\Downloads\SpySweeper5.5-FULL\SpySweeper v5.0.7.1608.r00 Infected: not-a-virus:PSWTool.Win32.IEPassView.e 1
E:\Downloads\SpySweeper5.5-FULL\SpySweeper v5.0.7.1608.r01 Infected: not-a-virus:PSWTool.Win32.FirePass.r 1
E:\Downloads\SpySweeper5.5-FULL\SpySweeper v5.0.7.1608.r01 Infected: not-a-virus:PSWTool.Win32.IEPassView.e 1
E:\Downloads\SpySweeper5.5-FULL\SpySweeper v5.0.7.1608.rar Infected: not-a-virus:PSWTool.Win32.FirePass.r 1
E:\Downloads\SpySweeper5.5-FULL\SpySweeper v5.0.7.1608.rar Infected: not-a-virus:PSWTool.Win32.IEPassView.e 1

The selected area was scanned.


Thanks for your help

Don't download cracks, or you will get infected

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [kill explorer]
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{541f4fc1-152e-11dd-8b54-806d6172696f}
  G:\setup.exe
  E:\Downloads\SpySweeper5.5-FULL
  purity 
  [start explorer]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Open Notepad and Copy (Control+C) and Paste (Control+V) the following code into the Notepad window.

@echo off
dir "E:\Downloads">C:\peek.txt
start C:\peek.txt
del peek.bat

Click on 'File' then 'Save As'
In the Save in drop down box select Desktop
In the File name box type in peek.bat
In the Save as type drop down box select All Files
Close Notepad.

Now, find peek.bat on your Desktop and Double click it
A window will open and close, do not be concerned this is normal.


Post the resulting notepad file that appears

Sorry for slow reply here, and on the last one. On the first step the online scan took 5 hours.

OTMoveIt:
Explorer killed successfully
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{541f4fc1-152e-11dd-8b54-806d6172696f} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{541f4fc1-152e-11dd-8b54-806d6172696f}\\ deleted successfully.
File move failed. G:\setup.exe scheduled to be moved on reboot.
E:\Downloads\SpySweeper5.5-FULL moved successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06122008_001455

Files moved on Reboot...
File move failed. G:\setup.exe scheduled to be moved on reboot.

peek.txt
Volume in drive E is Disk2
Volume Serial Number is 0C1C-E388

Directory of E:\Downloads

11.06.2008 13:09 <DIR> .
11.06.2008 13:09 <DIR> ..
29.05.2008 15:00 <DIR> CoreAVC.Professional.Edition.v1.7.0.0-EDGE
25.04.2008 14:08 <DIR> Curse of Monkey Island
25.04.2008 13:26 <DIR> Escape From Monkey Island
11.05.2008 11:15 <DIR> Fawlty.Towers.S01.DVDRip.XviD.iNT.PFa
11.05.2008 11:14 <DIR> Fawlty.Towers.S02.DVDRip.XviD.iNT.PFa
10.06.2008 16:28 <DIR> His Dark Materials
11.06.2008 16:08 <DIR> School of Rock
28.04.2008 20:20 <DIR> WinRAR 3.71 KeygenPatch + 38 Themes
05.06.2008 10:28 244ÿ310ÿ669 [AnimeSS]_One_Piece_356_HD_[5A1F517D].mp4
1 File(s) 244ÿ310ÿ669 bytes
10 Dir(s) 64ÿ930ÿ947ÿ072 bytes free


Thanks again for the help

Hello

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [kill explorer]
  E:\Downloads\WinRAR 3.71 KeygenPatch + 38 Themes
  E:\Downloads\CoreAVC.Professional.Edition.v1.7.0.0-EDGE
  purity 
  [start explorer]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also tell me how your PC is running

OTmoveIT log:
Explorer killed successfully
E:\Downloads\WinRAR 3.71 KeygenPatch + 38 Themes\Winrar Themes moved successfully.
E:\Downloads\WinRAR 3.71 KeygenPatch + 38 Themes\KeygenPatch moved successfully.
E:\Downloads\WinRAR 3.71 KeygenPatch + 38 Themes moved successfully.
E:\Downloads\CoreAVC.Professional.Edition.v1.7.0.0-EDGE\ecptlx01\edge\EDGE moved successfully.
E:\Downloads\CoreAVC.Professional.Edition.v1.7.0.0-EDGE\ecptlx01\edge moved successfully.
E:\Downloads\CoreAVC.Professional.Edition.v1.7.0.0-EDGE\ecptlx01 moved successfully.
E:\Downloads\CoreAVC.Professional.Edition.v1.7.0.0-EDGE moved successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06122008_161220



Malware log:
Malwarebytes' Anti-Malware 1.17
Database version: 850

16:18:56 12.06.2008
mbam-log-6-12-2008 (16-18-56).txt

Scan type: Quick Scan
Objects scanned: 36510
Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Here is what happends when I try to navigate my HDs.
It allways crashes if I right click a folder and choose Properties:




Thank you

Edited by sleM, 14 June 2008 - 10:34 PM.

It is not a malware problem, I suggest you go over to the Windows XP forum about it, tell them I sent you

Few things to do


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

• Make sure you have an Internet Connection.
• Double-click OTMoveIt2.exe to run it.
• Click on the CleanUp! button
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
• Click Yes to beging the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time protection program or there will be a conflict.

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

OK thank you so much for your help, I'll go to the XP forum.
Could you give me any suggestions what the thread should be called?

Last I would like thank for the security tips, im using Opera as my web browser
and I prefer it over IE and FF so I'm going to stick with that.
All your other suggestions Ill take into consideration and try to make my system more secure.

You said that the program offering real time protection from spyware should be run "alone",
but I was wondering if it could run alongside NOD32?

Well great working with you, Ill recommend this site to others in the future.
Have a nice day
sleM

Edited by sleM, 13 June 2008 - 01:52 AM.

Call it something like "Dr. Watson crashing a lot"

Just tell them I referred you to there so that they don't think it is a malware problem

You said that the program offering real time protection from spyware should be run "alone",
but I was wondering if it could run alongside NOD32?

Yes that is fine, won't cause any problem


Let me know if you got any more questions

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.