Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HijackThis Outdated

Started by Kryten_2X4B 523P , May 25 2007 11:08 AM

  • Please log in to reply

#1
Kryten_2X4B 523P
Posted 25 May 2007 - 11:08 AM

Kryten_2X4B 523P

    New Member

  • Member
  • Pip
  • 6 posts
Hi computer genius's .... :help:

I'm trying to post a HijackThis logfile, but I keep getting redirected saying the logfile I'm attempting to post is an outdated version of HijackThis, and it's asking me to download the latest version 1.99.1 <<< this version is outdated as v2.0.0 (BETA) has been released, and this is the version I have ......
What should I do? .. should I uninstall the latest version and download an outdated version so I can post??

I don't think you're system has been updated for the latest release of HijackThis ..... :blink:

Can someone please advise so I can get the assist started..... :whistling:

Thanks ....

Edited by Kryten_2X4B 523P, 25 May 2007 - 11:27 AM.

  • 0

Advertisements

#2
megabite
Posted 25 May 2007 - 12:11 PM

megabite

    Member

  • Member
  • PipPipPip
  • 527 posts
Use the 1.99.1 version as the other one is a Beta version and we only use the 1.99.1 version at the moment, delete the Beta version first.

Download HijackThis to your desktop
  • Double click on HijackThis on your Desktop
  • Then click on Unzip
  • It will install to Program files by default
  • Then Click Start>>>Run type C:\Program Files click OK
  • Look for a folder called HijackThis
  • Double click on it
  • On the right you will see a Icon of Dynamite with plunger
  • Double click on the Icon
  • Click on Icon and choose "scan system and save a logfile" usually in notepad
  • Copy and Paste the logfile in your next post
  • Using Ctrl+A to copy All and Ctrl+C to copy and Ctrl+V to paste.
Post the log in your next post.

Edited by Bonk, 25 May 2007 - 12:18 PM.

  • 0

#3
Kryten_2X4B 523P
Posted 25 May 2007 - 12:17 PM

Kryten_2X4B 523P

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Bonk..

Thank you for replying ... I think my system has been hijacked. When I perform a Google search everything appears to be ok until I click on the search result, then I get redirected. Each time I perform the same search I get redirected to a different site. This does'nt happen all the time though, it happens 1 in 5 of every search I perform. I have run Avg Anti-Spyware, all it found were cookies, and the Superantispyware found nothing. I've run AFT-cleaner and cleared my system restore points and created a new one.

Here's the result of the HijackThis scan....

Logfile of HijackThis v1.99.1
Scan saved at 19:14:32, on 25/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lynne\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: theassister Toolbar - {b192c10d-58c9-4647-86a4-14a7142a8ae4} - C:\Program Files\theassister\tbthe1.dll
O3 - Toolbar: theassister Toolbar - {b192c10d-58c9-4647-86a4-14a7142a8ae4} - C:\Program Files\theassister\tbthe1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.reflexive...bGameLoader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1176670468858
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://atlantis9.big...mjolauncher.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\supercd\IntraLaunch.CAB
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom....gamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: MSCamSvc - Unknown owner - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe


Usually I can deal with infections myself, but this problem seems to be eluding me .... Thanks again ....
  • 0

#4
megabite
Posted 25 May 2007 - 01:14 PM

megabite

    Member

  • Member
  • PipPipPip
  • 527 posts
OK,

Run HijackThis and click on "Do a System Scan Only " put a check mark against these:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://atlantis9.big...mjolauncher.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\supercd\IntraLaunch.CAB

Now close all browsers including this one and click on "Fix Checked"

When done close HijackThis.


How long have you had the theassister Toolbar??

Restart your PC and post a fresh HijackThis log
  • 0

#5
Kryten_2X4B 523P
Posted 26 May 2007 - 02:58 AM

Kryten_2X4B 523P

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Bonk ..

I've had theassister toolbar for about 1yr, never had any problems with it. I downloaded it from h**p://www.conduit.com. It's a free toolbar that you can customise yourself with links and various other things. For some reason the redirect problem has gone, when I searched this morning it seems ok. But this happened a couple of days ago, I thought it had gone, but then it came back like from nowhere.....

Result of HJT scan .......

Logfile of HijackThis v1.99.1
Scan saved at 09:47:23, on 26/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lynne\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: theassister Toolbar - {b192c10d-58c9-4647-86a4-14a7142a8ae4} - C:\Program Files\theassister\tbthe1.dll
O3 - Toolbar: theassister Toolbar - {b192c10d-58c9-4647-86a4-14a7142a8ae4} - C:\Program Files\theassister\tbthe1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.reflexive...bGameLoader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1176670468858
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom....gamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: MSCamSvc - Unknown owner - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Thanks for assisting :whistling:
  • 0

#6
megabite
Posted 26 May 2007 - 10:23 AM

megabite

    Member

  • Member
  • PipPipPip
  • 527 posts
Understood......

Download ATF Cleaner by Atribune to you Desktop from > Here <

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Please run this Scan....
PandaActiceScan
  • Once you are on the Panda site click the "Scan your PC" button
  • A new window will open...click the big "Check Now" button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
  • Click on "Local Disks" to start the scan
Post Panda scan results in your next reply
  • 0

#7
Kryten_2X4B 523P
Posted 27 May 2007 - 01:56 PM

Kryten_2X4B 523P

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Bonk.

Sorry to be so late posting the results. I have'nt been able to get on this site cause of redirections. I tried running the scan but my Avast pops up saying:

File Name: http://acs.pandasoft...#092;pskavs.DLL
Malware Name: Win32:CTX
Malware Type: Virus/Worm
VPS Version: 000744-1, 27/05/2007

Then the only option I have is to click "Abort connection", then the scan closes.....

To give you some idea of what's going on, I have Google as my Homepage, when I was searching for this site I got this:

Posted Image


Any advice is good advice, thank you Bonk :whistling:
  • 0

#8
megabite
Posted 28 May 2007 - 04:30 PM

megabite

    Member

  • Member
  • PipPipPip
  • 527 posts
OK,
Avast sees Panda as bad which is just a conflict....please perform 1. to 4. below.

1.
Please download rootchk.exe tool to your desktop:
  • Double click rootchk.exe on your desktop to Run
  • Let it scan
  • When finished a logfile will appear
  • Copy & Paste the contents of that log in your next post.
2.
TrendMicro™ HouseCall Java Scan
  • Please go >HERE< to run the Trend Micro™ HouseCall Scan.
  • Click Scan now. It's free!
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • Under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  • You may receive a Security Warning about the TrendMicro Java applet, click YES.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.
NOTE. If you have problems with Avast running the Scan, Right click on the Avast Icon on the right-hand side of the taskbar and choose Stop on acess protection and then try.
After the Scan don't Forget to Right click on it again and Start on access protection.


3.
It may help if you post your Uninstall list.
  • Open and Run HijackThis
  • Click on Open Misc Tools Section button
  • Then Click on Open Uninstall Manager
  • On the right hand choose Save List
  • Copy & Paste it in your next reply.
4.
Let see if renaming HJT makes some things visible.

Rename HijackThis.exe to H.exe.
Right click on HijackThis.exe and choose Rename type H.exe


Run H.exe and post a fresh log along with the rootchk results and Uninstall list in your next post.
  • 0

#9
Kryten_2X4B 523P
Posted 29 May 2007 - 08:35 AM

Kryten_2X4B 523P

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Bonk.

The online scan came back clean, but the original problem still exists ...
Sorry for the late posts but I have trouble getting here due to redirections ...
Here's the logfiles you requested ...

ROOTCHK

********************************* ROOTCHK-(28-05-07)-LOG, by ejvindh
29/05/2007 13:58:42.86

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-29 13:58:43
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwQueryDirectoryFile
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
disk error: C:\
please note that you need administrator rights to perform deep scan

UNINSTALL LIST

Absolute Uninstaller 2.0
ACDSee Photo Editor
ACE Mega CoDecS Pack
Adobe Flash Player 9 ActiveX
Adobe Photoshop CS2
Adobe Reader 7.0.8
Adobe Shockwave Player
Any Capture 3.12 Build 3121
avast! Antivirus
AVG Anti-Spyware 7.5
Banner Maker Pro Version 6
Blender (remove only)
BroadJump Client Foundation
CCleaner (remove only)
Creative Audio Console
Digital Music Player
Diskeeper 2007 Pro Premier
Dream Interpreter
FaceOnBody
Folder Lock
FreeMem Professional Version 5
Giant Disk Cleaner 1.8
Google Earth Pro
HDDlife
HijackThis 1.99.1
History Sweeper 2.79
Internet History Eraser v6.1
IrfanView (remove only)
IsoBuster 2.0
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 9
Jasc Animation Shop 3
Java™ SE Runtime Environment 6 Update 1
K-Lite Codec Pack 2.82 Full
LimeWire PRO 4.13.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSN
Musicmatch® Jukebox
PC Camera (6025 VGA)
PowerDVD
Privacy Eraser Pro
Project64 1.6
QuickTime Alternative 1.76
RealPlayer
RegDoctor 1.81
Registry Mechanic 6.0
Safarp
Security Update for Windows XP (KB923789)
SmartCamera Ver 2.1
System Cleaner 5
theassister Toolbar
TuneUp Utilities 2006
TZ Data Shredder 4.0
UltimateDefrag
VideoLAN VLC media player 0.8.6
Web Tracks Eraser
Winamp (remove only)
WinASO Disk Cleaner 1.6
Windows Defender
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Update Client Beta – Update 14
WinISO 5.3
WinRAR archiver
XP TCP/IP Repair 1.0
Yahoo Pool Aimer Trial Version
Yahoo! Browser Services
Yahoo! Messenger

HIJACKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 15:29:29, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lynne\Desktop\H.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: theassister Toolbar - {b192c10d-58c9-4647-86a4-14a7142a8ae4} - C:\Program Files\theassister\tbthe1.dll
O3 - Toolbar: theassister Toolbar - {b192c10d-58c9-4647-86a4-14a7142a8ae4} - C:\Program Files\theassister\tbthe1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.reflexive...bGameLoader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1176670468858
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom....gamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: MSCamSvc - Unknown owner - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe


Thank you Bonk for you're assistance ...
  • 0

#10
megabite
Posted 29 May 2007 - 02:16 PM

megabite

    Member

  • Member
  • PipPipPip
  • 527 posts
OK,

Did this problem happen after using RegDoctor 1.81 or Registry Mechanic 6.0??

Please perform 1. to 4.

1.
Run HijackThis and click on "Do a System Scan Only " put a check mark against this:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom....gamesplayer.cab

Now close all browsers including this one and click on "Fix Checked"

When done close HijackThis.


2.
Now go to Control Panel/Add Remove programs and remove these:

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 9



3.
Please download DSS Scanner from > Here < to your desktop.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, a text file will open - Main.txt
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
  • A folder, C:\Deckard\System Scanner, will also open. In it will be another text file, Extra.txt.
  • Please also copy the contents of Extra.txt to your post as well.
  • Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
  • What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
Please re-open HiJackThis and scan and save a new log file.

4.
Post DSS Main Scan Log & fresh HijackThis log in your next post
  • 0

#11
Kryten_2X4B 523P
Posted 30 May 2007 - 04:12 AM

Kryten_2X4B 523P

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Bonk ..

Funny you should say that, yes, the problem did start after I used RegDoctor and Registry Mechanic. Usually I use Tune-up-utilities to clean the registry, but these seemed like better programs for the job. Do you think these programs could be connected to my problems?

Here's the logfiles you requested ..

MAIN.TXT

Deckard's System Scanner v20070426.43
Run by Lynne on 2007-05-30 at 10:55:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2007-05-30 09:55:07 UTC - RP274 - Deckard's System Scanner Restore Point
8: 2007-05-30 09:53:15 UTC - RP273 - Removed J2SE Runtime Environment 5.0 Update 10
7: 2007-05-30 09:52:32 UTC - RP272 - Removed J2SE Runtime Environment 5.0 Update 9
6: 2007-05-29 22:32:52 UTC - RP271 - Software Distribution Service 3.0
5: 2007-05-29 02:08:59 UTC - RP270 - System Checkpoint


-- First Restore Point --
1: 2007-05-25 15:30:02 UTC - RP266 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Lynne.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:56:22, on 30/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Lynne\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\Lynne\Desktop\Lynne.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: theassister Toolbar - {b192c10d-58c9-4647-86a4-14a7142a8ae4} - C:\Program Files\theassister\tbthe1.dll
O3 - Toolbar: theassister Toolbar - {b192c10d-58c9-4647-86a4-14a7142a8ae4} - C:\Program Files\theassister\tbthe1.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.reflexive...bGameLoader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1176670468858
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: MSCamSvc - Unknown owner - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe


-- HijackThis Fixed Entries (C:\DOCUME~1\Lynne\Desktop\backups\) ---------------

backup-20070530-105120-173 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom....gamesplayer.cab
backup-20070530-105120-256 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 DgivEcp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; DeviceGuys, Inc.; DeviceGuys, Inc. Team MFP for Windows NT, 9x, and 3.1>
R2 windrvNT - c:\windows\system32\windrvnt.sys

S3 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper ™ Disk Defragmenter>

S2 MSCamSvc - "c:\program files\microsoft lifecam\mscams32.exe" (file missing)
S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "c:\program files\tuneup utilities 2006\winstylerthemesvc.exe" <Not Verified; TuneUp Software GmbH; TuneUp Utilities>


-- Scheduled Tasks -------------------------------------------------------------

2007-05-30 01:50:39 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-05-26 22:56:00 266 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-05-18 17:15:00 390 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2007-04-16 22:56:31 384 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2007-04-30 and 2007-05-30 -----------------------------

2007-05-29 19:35:49 0 dr-h----- C:\Documents and Settings\Lynne\Recent
2007-05-29 14:00:44 0 d-------- C:\Documents and Settings\Lynne\.housecall6.6
2007-05-26 18:50:06 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-05-24 11:41:31 0 d-------- C:\VundoFix Backups
2007-05-23 10:23:50 277504 --a------ C:\WINDOWS\system32\oestore.dll <Not Verified; Nektra S.A.; OEAPI>
2007-05-23 10:23:49 0 d-------- C:\Program Files\Acesoft
2007-05-21 01:01:09 278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
2007-05-08 17:18:16 0 d-------- C:\WINDOWS\Dream Interpreter
2007-05-08 17:18:16 0 d-------- C:\Program Files\Dream Interpreter
2007-05-06 12:05:26 0 d-------- C:\Program Files\Blender Foundation
2007-05-03 23:03:35 40960 --a------ C:\WINDOWS\system32\SSubTmr6.dll <Not Verified; vbAccelerator; SSubTmr6>
2007-05-03 23:03:34 57344 --a------ C:\WINDOWS\system32\CGZipLibrary.DLL <Not Verified; CodeGuru; CGZipLibrary>
2007-05-03 23:03:33 0 d-------- C:\Program Files\RegDoctor
2007-05-03 19:34:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-05-03 19:32:53 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-05-03 18:01:20 1101824 --a------ C:\WINDOWS\system32\NMSDVDXU.dll <Not Verified; NuMedia Soft, Inc.; NMSDVDX SDK>
2007-05-03 18:01:19 81920 --a------ C:\WINDOWS\system32\viscomwave.dll <Not Verified; Viscom Software; >
2007-05-03 18:01:17 323584 --a------ C:\WINDOWS\system32\FoxImager.dll
2007-05-01 13:03:27 0 d-------- C:\Program Files\PrivacyEraser Computing


-- Find3M Report ---------------------------------------------------------------

2007-05-30 10:53:26 0 d-------- C:\Program Files\Java
2007-05-30 10:45:35 0 d-------- C:\Documents and Settings\Lynne\Application Data\uTorrent
2007-05-29 01:26:32 0 d-------- C:\Program Files\Folder Lock
2007-05-23 14:16:44 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-05-23 10:24:54 24976 --a------ C:\WINDOWS\twain_30.dll
2007-05-18 10:34:28 0 d-------- C:\Program Files\TZ Data Shredder
2007-05-15 20:13:25 0 d-------- C:\Documents and Settings\Lynne\Application Data\LimeWire
2007-05-09 12:34:06 0 d-------- C:\Program Files\Banner Maker Pro 6
2007-05-03 23:49:29 268 --a------ C:\WINDOWS\system32\PARTIZAL.EXE
2007-05-03 19:42:54 0 d-------- C:\Documents and Settings\Lynne\Application Data\Adobe
2007-05-03 19:32:34 0 d-------- C:\Program Files\Common Files\Adobe
2007-05-03 18:07:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-28 12:06:41 0 d-------- C:\Program Files\Diskeeper Corporation
2007-04-26 11:43:46 0 d-------- C:\Program Files\Nuclear Coffee
2007-04-25 13:48:28 0 d-------- C:\Program Files\Winamp
2007-04-25 11:41:01 0 d-------- C:\Documents and Settings\Lynne\Application Data\MusicIP
2007-04-21 15:24:54 0 d-------- C:\Program Files\Google
2007-04-20 21:35:15 0 --a------ C:\WINDOWS\system32\Ultra.dll
2007-04-20 03:31:43 512 --a------ C:\ScanSectorLog.dat
2007-04-17 21:09:01 0 d-------- C:\Program Files\Windows Media Connect 2
2007-04-17 15:04:57 0 d-------- C:\Documents and Settings\Lynne\Application Data\Systweak
2007-04-16 23:12:09 0 d-------- C:\Documents and Settings\Lynne\Application Data\Uniblue
2007-04-16 11:06:16 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-16 10:46:28 0 d-------- C:\Program Files\Comodo
2007-04-15 22:56:38 0 d-------- C:\Documents and Settings\Lynne\Application Data\Comodo
2007-04-15 21:52:08 0 d-------- C:\Program Files\Windows Defender
2007-04-15 21:51:04 0 d-------- C:\Documents and Settings\Lynne\Application Data\SUPERAntiSpyware.com
2007-04-15 21:51:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-14 18:47:38 0 d-------- C:\Program Files\YPoolAimer-Trial
2007-04-06 12:47:27 0 d-------- C:\Documents and Settings\Lynne\Application Data\Jasc
2007-04-06 12:44:17 0 d-------- C:\Program Files\Jasc Software Inc
2007-04-06 12:22:36 0 d-------- C:\Program Files\FaceOnBody
2007-04-04 20:04:12 0 d-------- C:\Program Files\Smart Projects
2007-04-04 00:06:51 0 d-------- C:\Documents and Settings\Lynne\Application Data\Opera
2007-03-30 14:42:42 0 d-------- C:\Program Files\Any Capture Screen
2007-03-30 14:15:56 0 d-------- C:\Program Files\Sqirlz Water Reflections
2007-03-30 13:25:32 0 d-------- C:\Documents and Settings\Lynne\Application Data\ACD Systems
2007-03-30 13:24:47 0 d-------- C:\Program Files\Common Files\ACD Systems
2007-03-30 13:24:34 0 d-------- C:\Program Files\ACD Systems
2007-03-29 20:07:37 160138 --a------ C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
2007-03-28 13:09:08 53248 --a------ C:\WINDOWS\SIUnInst.exe <Not Verified; MJSoft; SmartInstall>
2007-03-22 16:07:09 164352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-03-22 16:07:08 159744 --a------ C:\WINDOWS\Talking Time Keeper.scr <Not Verified; chensu; Screen Saver>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\Program Files\Yahoo!\Common\yiesrvc.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{b192c10d-58c9-4647-86a4-14a7142a8ae4} C:\Program Files\theassister\tbthe1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="kdade.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VX3000"="C:\\WINDOWS\\vVX3000.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Iolo Macro Magic.lnk]
"location"="Common Startup"
"item"="Iolo Macro Magic"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MemTurbo.lnk]
"location"="Common Startup"
"item"="MemTurbo"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpeedUpMyPC.lnk]
"location"="Common Startup"
"item"="SpeedUpMyPC"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lynne^Start Menu^Programs^Startup^MemTurbo.lnk]
"location"="Startup"
"item"="MemTurbo"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lynne^Start Menu^Programs^Startup^TTK.lnk]
"location"="Startup"
"item"="TTK"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"inimapping"="0"
"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Babylon"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTHELPER"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTXFIHLP"
"hkey"="HKLM"
"command"="CTXFIHLP.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DkIcon"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeMem Pro]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fmempro"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\FreeMem Professional\\fmempro.exe\" autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray2K]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MMTray2k"
"hkey"="HKLM"
"command"="MMTray2k.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTrayLSI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MMTrayLSI"
"hkey"="HKLM"
"command"="MMTrayLSI.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RCHelper"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SUPERANTISPYWARE"
"hkey"="HKCU"
"command"="C:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hackmon"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vVX3000"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\vVX3000.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0



-- End of Deckard's System Scanner: finished at 2007-05-30 at 10:57:10 ---------

EXTRA.TXT

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP1900+
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 511.47 MiB / 185.96 MiB
Pagefile Memory (total/avail): 1247.96 MiB / 923.01 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1975.2 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 76.68 GiB total, 52.68 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1001 [VPS 000745-2] v4.7.1001 (ALWIL Software)


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Lynne\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=POWERTRON
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Lynne
LOGONSERVER=\\POWERTRON
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Diskeeper Corporation\Diskeeper\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0602
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Lynne\LOCALS~1\Temp
TMP=C:\DOCUME~1\Lynne\LOCALS~1\Temp
USERDOMAIN=POWERTRON
USERNAME=Lynne
USERPROFILE=C:\Documents and Settings\Lynne
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Lynne (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Absolute Uninstaller 2.0 --> "C:\Program Files\Absolute Uninstaller\unins000.exe"
ACDSee Photo Editor --> MsiExec.exe /I{2C6D03AC-02ED-4417-9F40-6A0CB55CEF2B}
ACE Mega CoDecS Pack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFF5DEE7-8107-436B-9726-7573458FE6AE}\Setup.exe" -l0x9
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Any Capture 3.12 Build 3121 --> "C:\Program Files\Any Capture Screen\unins000.exe"
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Banner Maker Pro Version 6 --> "C:\Program Files\Banner Maker Pro 6\unins000.exe"
Blender (remove only) --> "C:\Program Files\Blender Foundation\Blender\uninstall.exe"
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Digital Music Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B1EF935-F7BE-4D34-8F27-220AF20625D5}\setup.exe" -l0x9
Diskeeper 2007 Pro Premier --> MsiExec.exe /X{328B8DF9-52E6-4711-A630-D91833919AD7}
Dream Interpreter --> "C:\WINDOWS\Dream Interpreter\uninstall.exe" "/U:C:\Program Files\Dream Interpreter\Uninstall\uninstall.xml"
FaceOnBody --> C:\Program Files\FaceOnBody\Uninstall.exe
Folder Lock --> C:\Program Files\Folder Lock\Uninstall.exe
FreeMem Professional Version 5 --> C:\PROGRA~1\FREEME~1\UNWISE.EXE C:\PROGRA~1\FREEME~1\INSTALL.LOG
Giant Disk Cleaner 1.8 --> "C:\Program Files\Giant Disk Cleaner\unins000.exe"
Google Earth Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}\setup.exe" -l0x9 -removeonly
HDDlife --> MsiExec.exe /I{3A609C6D-9BB0-47BB-B0C4-B222F8EA98B6}
HijackThis 1.99.1 --> C:\Documents and Settings\Lynne\Desktop\HijackThis.exe /uninstall
History Sweeper 2.79 --> "C:\Program Files\History Sweeper\unins000.exe"
Internet History Eraser v6.1 --> "C:\Program Files\Acesoft\Internet History Eraser\unins000.exe"
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
IsoBuster 2.0 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Jasc Animation Shop 3 --> MsiExec.exe /I{174D5678-D941-433C-BD23-58A5C7B0D36D}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 2.82 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire PRO 4.13.0 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
PC Camera (6025 VGA) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0EB60281-1F3E-4B01-96C4-AC1C1D1B4D2B}\setup.exe" -l0x9
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Privacy Eraser Pro --> "C:\Program Files\PrivacyEraser Computing\Privacy Eraser Pro\unins000.exe"
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime Alternative 1.76 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegDoctor 1.81 --> "C:\Program Files\RegDoctor\unins000.exe"
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Safarp --> "C:\Program Files\Safarp\uninstall.exe"
SmartCamera Ver 2.1 --> MsiExec.exe /X{9527450C-64B3-11D5-9B31-000021116B62}
System Cleaner 5 --> C:\Program Files\Pointstone\System Cleaner 5\Uninstall.exe
theassister Toolbar --> C:\PROGRA~1\THEASS~1\UNWISE.EXE C:\PROGRA~1\THEASS~1\INSTALL.LOG
TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
TZ Data Shredder 4.0 --> "C:\Program Files\TZ Data Shredder\unins000.exe"
UltimateDefrag --> C:\Program Files\DiskTrix\UltimateDefrag\Uninstall.EXE /u:"UltimateDefrag"
VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Web Tracks Eraser --> "C:\Program Files\Web Tracks Eraser\unins000.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinASO Disk Cleaner 1.6 --> "C:\Program Files\WinASO\Disk Cleaner 1.6\unins000.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Messenger --> MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Update Client Beta – Update 14 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\LHXUPDATE1\LHXUPDATE1.inf, Uninstall
WinISO 5.3 --> "C:\Program Files\WinISO\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XP TCP/IP Repair 1.0 --> "C:\Program Files\XP TCPIP Repair\unins000.exe"
Yahoo Pool Aimer Trial Version --> C:\Program Files\YPoolAimer-Trial\uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- End of Deckard's System Scanner: finished at 2007-05-30 at 10:57:10 ---------

Thanks ....
  • 0

#12
megabite
Posted 30 May 2007 - 09:30 AM

megabite

    Member

  • Member
  • PipPipPip
  • 527 posts
Understood..........

RegDoctor and Registry Mechanic should make backups before they clean...try and see if you can find the backups they made and double click on then to restore them.

I would refrain from using Registry cleaners unless you have a good knowledge of the Registry....they can cause many problems...I myself do not use them at all.


Now.....
Download ATF Cleaner by Atribune to you Desktop from Here

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.


Click Exit on the Main menu to close the program.



Then....
Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
  • C:\WINDOWS\SYSTEM\kdade.exe
  • Click on the submit button
  • Please post the results in your next reply.
If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustota...l/index_en.html


Please post the results of the Jotti's or virustotal Scans.

Edited by Bonk, 30 May 2007 - 09:31 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP