I have a windows XP machine running McAfee AV. I have suddenly got the red circle white cross icon in the system tray. This comes up with a box that looks like a genuine Windows XP security centre message - does a scan and then invites me to spend money. The McAfee is uptodate. Read some postings for the problem and downloaded SpyHunter which seemed to find and clean rogue XP security centre registry settings and if I run it again all is clean but the red circle keeps coming back. Have downloaded and run Hijackthis but dont know anything about it and dont understand the results.

Hello wisemj

Welcome to G2Go.

Pease do not attach any logs it makes them very hard to read but rather post it instead.
=====================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Many thanks - cant get to the PC until later this week so will post back results once I have managed to get them

ok

Finally managed to get to the dodgy computer - apologies it has taken me a few days. Downloaded the programme and the logs are below: Thanks in advance for having a look at this.

Deckard's System Scanner v20071014.68
Run by Ken on 2008-07-09 19:14:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
7: 2008-07-09 18:14:25 UTC - RP7 - Deckard's System Scanner Restore Point
6: 2008-07-09 16:29:04 UTC - RP6 - Software Distribution Service 3.0
5: 2008-07-09 07:21:41 UTC - RP5 - System Checkpoint
4: 2008-07-07 07:04:04 UTC - RP4 - System Checkpoint
3: 2008-07-05 16:08:57 UTC - RP3 - System Checkpoint


-- First Restore Point --
1: 2008-07-01 16:50:24 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as Ken.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:17:46, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Picture Suite\InsDetect.exe
C:\WINDOWS\system32\braviax.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Documents and Settings\Ken\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ken.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Jessops Insert Detect] C:\Documents and Settings\Picture Suite\InsDetect.exe
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA0FBC6A-C17D-47CE-B1E2-B7DA7C51DB97}: NameServer = 193.36.79.100 193.36.79.101
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver OEM12 - HP - C:\WINDOWS\system32\OEMipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 6680 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R3 ITE - c:\windows\system32\drivers\ite.sys <Not Verified; Integrated Technology Express, INC.; ITE8872 Device Driver>

S3 OEMius12 (USB to IEEE-1284.4 Translation Driver OEMius12) - c:\windows\system32\drivers\oemius12.sys <Not Verified; HP; HP Dot4Usb Windows 2000>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 Pml Driver OEM12 - c:\windows\system32\oemipm12.exe <Not Verified; HP; HP PML>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&2D67B4F&0&48F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller #2
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&2D67B4F&0&48F0
Service: bcm4sbxp


-- Scheduled Tasks -------------------------------------------------------------

2008-07-06 10:00:04 438 --a------ C:\WINDOWS\Tasks\SpyHunter Scanner.job
2008-07-04 20:00:00 410 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (KEN-Ken).job
2008-06-15 01:10:19 336 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-01-31 21:13:24 328 --a------ C:\WINDOWS\Tasks\McQcTask.job
2004-12-06 16:44:15 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job


-- Files created between 2008-06-09 and 2008-07-09 -----------------------------

2008-07-09 19:08:56 6656 --a------ C:\WINDOWS\system32\univrs32.dat
2008-07-04 15:36:49 304332 --a------ C:\WINDOWS\system32\winivstr.exe
2008-07-04 13:04:53 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-04 13:04:53 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-04 13:04:53 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-04 13:04:53 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-04 13:04:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-07-04 13:04:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-07-04 13:04:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-07-04 13:04:53 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-04 13:04:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-07-04 13:04:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-04 13:04:52 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-04 13:04:52 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-04 13:04:52 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-04 13:04:52 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-04 13:04:52 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-04 13:04:52 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-04 13:04:52 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-04 13:04:52 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-04 13:04:51 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-01 18:14:44 0 d-------- C:\Program Files\Trend Micro
2008-06-23 21:01:54 0 d-------- C:\Program Files\Enigma Software Group
2008-06-23 19:54:57 12053 --a------ C:\WINDOWS\wixadivuqe.com
2008-06-23 19:54:56 17229 --a------ C:\Program Files\Common Files\imadox.com
2008-06-23 19:54:56 11745 --a------ C:\Documents and Settings\Ken\Application Data\hulevexema.vbs
2008-06-23 19:54:56 11776 --a------ C:\Documents and Settings\All Users\Application Data\pohyburip.pif
2008-06-23 19:54:56 17080 --a------ C:\Documents and Settings\All Users\Application Data\enilipoba.bin
2008-06-23 19:54:54 10975 --a------ C:\Program Files\Common Files\wivotile.scr
2008-06-23 19:54:53 16940 --a------ C:\WINDOWS\ydywy.vbs
2008-06-23 19:54:52 16592 --a------ C:\Documents and Settings\All Users\Application Data\comyl.vbs
2008-06-19 21:20:04 0 d-------- C:\Program Files\Ontrack
2008-06-19 16:33:51 16458 --a------ C:\Program Files\Common Files\tugag.com
2008-06-19 16:33:50 18984 --a------ C:\WINDOWS\system32\ryquzi.reg
2008-06-19 16:33:50 13286 --a------ C:\Documents and Settings\All Users\Application Data\uqovurubu.dat
2008-06-19 16:33:49 19382 --a------ C:\WINDOWS\system32\huqor.exe
2008-06-19 16:33:49 17842 --a------ C:\WINDOWS\nygywy.bin
2008-06-19 16:33:49 12816 --a------ C:\Documents and Settings\All Users\Application Data\ynavogiwe.exe
2008-06-19 16:33:49 15807 --a------ C:\Documents and Settings\All Users\Application Data\nixysel.bin
2008-06-19 16:33:49 12832 --a------ C:\Documents and Settings\All Users\Application Data\cajidaxo.scr
2008-06-19 16:20:08 13824 --a------ C:\WINDOWS\system32\braviax.exe
2008-06-19 16:19:58 49152 --a------ C:\Documents and Settings\Ken\wn852.exe


-- Find3M Report ---------------------------------------------------------------

2008-07-09 17:38:51 0 d-------- C:\Program Files\McAfee
2008-07-09 12:43:16 0 d-------- C:\Documents and Settings\Ken\Application Data\Canon
2008-07-08 14:14:06 0 d-------- C:\Program Files\pdf995
2008-06-29 14:02:43 0 d-------- C:\Program Files\Muspub6
2008-06-23 19:54:58 17369 --a------ C:\Documents and Settings\Ken\Application Data\xema.dl
2008-06-23 19:54:56 0 d-------- C:\Program Files\Common Files
2008-06-23 19:54:56 10280 --a------ C:\Program Files\Common Files\yqajofucir._sy
2008-06-23 19:54:56 14447 --a------ C:\Documents and Settings\Ken\Application Data\fyha.db
2008-06-23 19:54:54 16325 --a------ C:\Program Files\Common Files\igixylavu._sy
2008-05-29 13:42:05 0 d-------- C:\Documents and Settings\Ken\Application Data\SiteAdvisor
2008-05-23 07:59:50 0 d-------- C:\Program Files\SiteAdvisor
2008-05-15 20:21:48 0 d-------- C:\Documents and Settings\Ken\Application Data\Sibelius Software
2008-05-15 20:14:13 0 d-------- C:\Program Files\Sibelius Software
2008-05-15 20:02:41 0 d-------- C:\Program Files\QuickTime


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [19/10/2005 08:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [19/10/2005 08:59]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [19/11/2003 18:48]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [11/04/2004 21:15]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [02/12/2004 12:24]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [13/08/2004 02:05]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [07/01/2004 02:01]
"PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [03/07/1998 13:51]
"C-Media Mixer"="Mixer.exe" [12/07/2002 09:33 C:\WINDOWS\mixer.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [26/01/2004 12:38]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [01/07/1999 14:00]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [01/07/1999 13:01]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 23:33]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [24/08/2007 22:57]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [30/11/2007 06:42]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [23/01/2008 14:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 06:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"Jessops Insert Detect"="C:\Documents and Settings\Picture Suite\InsDetect.exe" [17/02/2003 11:45]
"braviax"="C:\WINDOWS\system32\braviax.exe" [19/06/2008 16:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

C:\Documents and Settings\Ken\Start Menu\Programs\Startup\
DESKTOP.INI [10/08/2004 14:04:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [10/08/2004 14:04:12]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 02:01:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk
backup=C:\WINDOWS\pss\Event Planner Reminders Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Express Calendar Checker SE.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk
backup=C:\WINDOWS\pss\Photo Express Calendar Checker SE.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ken^Start Menu^Programs^Startup^OCRAWARE.lnk]
path=C:\Documents and Settings\Ken\Start Menu\Programs\Startup\OCRAWARE.lnk
backup=C:\WINDOWS\pss\OCRAWARE.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ken^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk]
path=C:\Documents and Settings\Ken\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk
backup=C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmSkype346814]
"C:\Program Files\usb phone\CmSkype.exe" RUNSTART

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d768a73-479c-11d9-bb15-806d6172696f}]
AutoRun\command- D:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-07-09 19:20:30 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 81%
Physical Memory (total/avail): 254 MiB / 46.36 MiB
Pagefile Memory (total/avail): 623.73 MiB / 266.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.45 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 70.94 GiB total, 62.21 GiB free.
D: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 70.94 GiB - C:
\PARTITION2 - Unknown - 3.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ken\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KEN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ken
LOGONSERVER=\\KEN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ken\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ken\LOCALS~1\Temp
USERDOMAIN=KEN
USERNAME=Ken
USERPROFILE=C:\Documents and Settings\Ken
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ken (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
ALi USB2.0 Driver --> C:\WINDOWS\system32\UnUSB20.EXE RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}\Setup.exe" -uninst
AOL UK (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_uk.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
ArcSoft Panorama Maker 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
ArcSoft PhotoStudio 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoStudio 2000\Uninst.isu"
Broadcom Management Programs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
BT Openworld Dell Signup --> MsiExec.exe /X{2CB511DF-AD50-4087-8934-8ACE54DE4FC1}
Canon ScanGear Toolbox CS 2.2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ScanGear Toolbox CS\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox CS\uninst.dll"
ClockDomain 1.0 --> C:\Program Files\ClockDomain\ClockDomainUninstall.exe
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
EPSON CardMonitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\SETUP.EXE" -l0x9 uninst
EPSON PhotoQuicker3.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x9 uninst
EPSON PhotoStarter3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\SETUP.EXE" -l0x9 uninst
EPSON PRINT Image Framer Tool2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x9 anything
ESPR300 Reference Guide --> C:\Program Files\EPSON\ESPR300\REF_G\DOCUNINS.EXE
ESPR300 Software Guide --> C:\Program Files\EPSON\ESPR300\PQU_G\DOCUNINS.EXE
ESPR300 Standalone Guide --> C:\Program Files\EPSON\ESPR300\STA_G\DOCUNINS.EXE
F5U002 USB to Printer Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF463F36-4C7F-4C54-BBC7-37F35078BC81}\Setup.exe" -l0x9
Family Tree --> C:\Program Files\FamTree3\unstall.exe
FinePixViewer Resource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x9
FinePixViewer Ver.5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x9
Focus 165,000 Images --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A7403F62-B0E2-46EE-85AB-E2EC59DC4FE6}
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Geoff Hamilton's 3D Garden Designer --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Garden3D\DeIsL1.isu"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Hallmark Card Studio --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\CardStudio\Uninst.isu
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ImageMixer VCD for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPhoto Plus 4 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\iPhoto Plus 4\DeIsL2.isu"
ITE 887x PCI Multi-I/O Controller --> C:\WINDOWS\ITEREMOVE.EXE
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Jessops Picture Suite --> "C:\Documents and Settings\Picture Suite\Uninstal.exe" C:\DOCUME~1\PICTUR~1\INSTALL.LOG
Job_Jet M400 --> C:\WINDOWS\system32\Oliuninst.exe -u 1106593962 -n "Job_Jet M400" -d "Job_Jet M400" -m Olivetti
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Office Publisher 2003 --> MsiExec.exe /I{91190409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Nikon FotoShare --> C:\Program Files\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG
Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Ontrack Internet Cleanup --> MsiExec.exe /I{2E1054F6-43C2-4ABA-BC76-EEBBD3A4885B}
PCI Audio Driver --> cmuninst.exe
Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall
PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
PIF DESIGNER2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59B9F-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x9 anything
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sibelius Scorch --> MsiExec.exe /I{51C65CD6-A344-41B5-81E2-3CCAC8024F68}
Sibelius Scorch (ActiveX Only) --> MsiExec.exe /I{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
TextBridge Home Edition 8.0 --> "C:\Program Files\TextBridge Home Edition 8.0\bin\setup.exe" -funinst.ins
Tiscali Internet --> MsiExec.exe /I{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}
Ulead Photo Express 2.0 SE --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\Uninst.isu" -c"C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\IS32Inst.dll"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}


-- Application Event Log -------------------------------------------------------

Event Record #/Type13941 / Error
Event Submitted/Written: 07/09/2008 07:10:26 PM / 07/09/2008 07:10:27 PM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 2780 (0xadc)

Thread address : 0x7C90EB94

Thread message :

Build VSCORE.14.0.0.349 / 5200.2160
Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\univrs32.dat
by C:\WINDOWS\system32\braviax.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Event Record #/Type13938 / Warning
Event Submitted/Written: 07/09/2008 05:39:19 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type13937 / Warning
Event Submitted/Written: 07/09/2008 05:39:19 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type13934 / Warning
Event Submitted/Written: 07/09/2008 08:06:57 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type13933 / Warning
Event Submitted/Written: 07/09/2008 08:06:57 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type51316 / Error
Event Submitted/Written: 07/09/2008 07:10:57 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Event Record #/Type51293 / Error
Event Submitted/Written: 07/09/2008 05:37:40 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register with DCOM within the required timeout.

Event Record #/Type51292 / Error
Event Submitted/Written: 07/09/2008 05:36:01 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register with DCOM within the required timeout.

Event Record #/Type51258 / Warning
Event Submitted/Written: 07/09/2008 08:04:42 AM
Event ID/Source: 1073 / USER32
Event Description:
The attempt to unknown KEN failed

Event Record #/Type51257 / Warning
Event Submitted/Written: 07/09/2008 06:08:26 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2008-07-09 19:20:30 ------------

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  C:\WINDOWS\system32\univrs32.dat
  C:\WINDOWS\system32\winivstr.exe
  C:\WINDOWS\wixadivuqe.com
  C:\Program Files\Common Files\imadox.com
  C:\Documents and Settings\Ken\Application Data\hulevexema.vbs
  C:\WINDOWS\ydywy.vbs
  C:\Documents and Settings\All Users\Application Data\comyl.vbs
  C:\Program Files\Common Files\tugag.com
  C:\Documents and Settings\All Users\Application Data\pohyburip.pif
  C:\Documents and Settings\All Users\Application Data\enilipoba.bin
  C:\Program Files\Common Files\wivotile.scr
  C:\WINDOWS\system32\ryquzi.reg
  C:\Documents and Settings\All Users\Application Data\uqovurubu.dat
  C:\WINDOWS\system32\huqor.exe
  C:\WINDOWS\nygywy.bin
  C:\Documents and Settings\All Users\Application Data\ynavogiwe.exe
  C:\Documents and Settings\All Users\Application Data\nixysel.bin
  C:\Documents and Settings\All Users\Application Data\cajidaxo.scr
  C:\WINDOWS\system32\braviax.exe
  C:\Documents and Settings\Ken\wn852.exe
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\braviax
  
  
• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=========================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
===============================
PLease post these logs in your next reply:
OT Moveit log
MalwareBytes ANtiMalware log
New dss log

Am going to do this tonight and will post results back to you tomorrow. Thanks for your patience as you have probably gathered this pc isnt at my house - belongs to friend who has no idea about computers.

Ok

I hope that I have captured all that you are expecting - it is below. Having done what you asked I sat with the computer for quite a while with it connected to the internet and the warning did not appear during that time which it would normally have done. I am hoping that all your advice has paid off - will keep you updated. Cant thank you enough for your time and patience on this matter.

C:\WINDOWS\system32\univrs32.dat moved successfully.
File move failed. C:\WINDOWS\system32\winivstr.exe scheduled to be moved on reboot.
C:\WINDOWS\wixadivuqe.com moved successfully.
C:\Program Files\Common Files\imadox.com moved successfully.
C:\Documents and Settings\Ken\Application Data\hulevexema.vbs moved successfully.
C:\WINDOWS\ydywy.vbs moved successfully.
C:\Documents and Settings\All Users\Application Data\comyl.vbs moved successfully.
C:\Program Files\Common Files\tugag.com moved successfully.
C:\Documents and Settings\All Users\Application Data\pohyburip.pif moved successfully.
C:\Documents and Settings\All Users\Application Data\enilipoba.bin moved successfully.
C:\Program Files\Common Files\wivotile.scr moved successfully.
C:\WINDOWS\system32\ryquzi.reg moved successfully.
C:\Documents and Settings\All Users\Application Data\uqovurubu.dat moved successfully.
C:\WINDOWS\system32\huqor.exe moved successfully.
C:\WINDOWS\nygywy.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\ynavogiwe.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\nixysel.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\cajidaxo.scr moved successfully.
C:\WINDOWS\system32\braviax.exe moved successfully.
C:\Documents and Settings\Ken\wn852.exe moved successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\braviax >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\braviax deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07152008_180253

Files moved on Reboot...
File C:\WINDOWS\system32\winivstr.exe not found!


Malwarebytes' Anti-Malware 1.20
Database version: 956
Windows 5.1.2600 Service Pack 2

18:27:15 15/07/2008
mbam-log-7-15-2008 (18-27-15).txt

Scan type: Quick Scan
Objects scanned: 41985
Time elapsed: 8 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Deckard's System Scanner v20071014.68
Run by Ken on 2008-07-15 18:27:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as Ken.exe) -------------------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-15 18:28:24
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\SYSTEM32\CISVC.EXE
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
C:\WINDOWS\mixer.exe
C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
C:\Program Files\TextBridge Home Edition 8.0\Bin\InstantAccess.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Picture Suite\InsDetect.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ken\Desktop\dss.exe
C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Jessops Insert Detect] C:\Documents and Settings\Picture Suite\InsDetect.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: about://internet (HKCU)
O15 - Trusted Zone: http://mcafee.com (HKCU)
O15 - Trusted Zone: https://mcafee.com (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} () - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} () - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{BA0FBC6A-C17D-47CE-B1E2-B7DA7C51DB97}: NameServer = 193.36.79.100 193.36.79.101
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll (file missing)
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\