Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malware, hijack bowser problem


  • Please log in to reply

#16
edzinn

edzinn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
kahdah
I will try to keep these separate.
this is from the last response by you for the moveitto log

C:\Documents and Settings\Ed\Local Settings\Temp\nircmd.exe moved successfully.
C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\7S1VKZ41\Flash_Disinfector[1].exe moved successfully.
D:\Program Files\Grisoft\DivoCodec\WakeService.exe moved successfully.
D:\Program Files\Grisoft\DivoCodec\WakeSplitter.ax moved successfully.
D:\Program Files\Grisoft\DivoCodec moved successfully.

OTMoveIt2 v1.0.20 log created on 03072008_220342


ed
  • 0

Advertisements


#17
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok on your first computer do the following:
I will need you to reset your System Restore points, please note that you will need to log into your computer with an account which has full administrator access.
You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
Click on *Start
Right-click *My Computer
Click *Properties
Click the *System Restore tab
Check *Turn off System Restore
Click *Apply, and then click *OK.

2. Reboot.

3. Turn ON System Restore.
Click on *Start
Right-click *My Computer
Click *Properties
*UN-Check *Turn off System Restore*
Check *Turn on System Restore
Click *Apply, and then click *OK.


How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us
=========================================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here

Edited by kahdah, 07 March 2008 - 07:46 PM.

  • 0

#18
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
For your laptop do the following:

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#19
edzinn

edzinn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I ran the AVG spyware scan again today and it did not pick up anything.
here is the super antispyware scan results

SUPERAntiSpyware Scan Log
Generated 03/07/2008 at 11:28 PM

Application Version : 3.6.1000

Core Rules Database Version : 3415
Trace Rules Database Version: 1407

Scan type : Complete Scan
Total Scan Time : 01:39:18

Memory items scanned : 372
Memory threats detected : 0
Registry items scanned : 4957
Registry threats detected : 0
File items scanned : 48961
File threats detected : 4

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt


UPERAntiSpyware Scan Log
Generated 03/07/2008 at 01:38 AM

Application Version : 3.6.1000

Core Rules Database Version : 3415
Trace Rules Database Version: 1407

Scan type : Complete Scan
Total Scan Time : 01:34:07

Memory items scanned : 371
Memory threats detected : 0
Registry items scanned : 4951
Registry threats detected : 0
File items scanned : 48830
File threats detected : 5

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\OWNER\FAVORITES\ONLINE SECURITY TEST.URL
thanks ed
  • 0

#20
edzinn

edzinn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
the above AVG scan was for the laptop and now the results for the DSS scan on the laptop

Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-09 00:19:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
7: 2008-03-08 16:19:49 UTC - RP256 - Deckard's System Scanner Restore Point
6: 2008-03-08 13:58:29 UTC - RP255 - System Checkpoint
5: 2008-03-07 13:26:16 UTC - RP254 - Software Distribution Service 3.0
4: 2008-03-06 15:59:08 UTC - RP253 - Installed SUPERAntiSpyware Free Edition
3: 2008-03-06 06:43:23 UTC - RP252 - System Checkpoint


-- First Restore Point --
1: 2008-03-04 11:15:42 UTC - RP250 - restore point- march


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:15 AM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Webshots\webshots.scr
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://sh/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1180614466662
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 8626 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 BCM43XX (Belkin 802.11 Network Adapter Driver) - c:\windows\system32\drivers\bcmwl5.sys (file missing)
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\TOS6202\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\TOS6202\2&DABA3FF&0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-03-08 23:50:01 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-01-21 20:44:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-02-09 and 2008-03-09 -----------------------------

2008-03-07 21:14:38 0 d-------- C:\Program Files\Trend Micro
2008-03-07 13:57:38 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-03-07 13:55:43 8576 --a------ C:\WINDOWS\system32\drivers\ijjdlkffqtjo.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-03-06 23:59:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-06 23:59:10 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-06 23:59:10 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-03-06 15:55:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-03-01 14:41:48 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-27 19:54:17 0 d-------- C:\Program Files\NetProject
2008-02-14 19:47:20 0 d-------- C:\Program Files\Sierra On-Line


-- Find3M Report ---------------------------------------------------------------

2008-03-09 00:21:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-03-08 08:00:11 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-03-07 14:28:50 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-07 14:28:31 0 d-------- C:\Program Files\Windows Live Favorites
2008-03-07 14:28:28 0 d-------- C:\Program Files\Webshots
2008-03-07 14:21:59 0 d-------- C:\Program Files\iTunes
2008-03-07 14:21:07 0 d-------- C:\Program Files\Google
2008-03-07 14:21:06 0 d-------- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor
2008-03-06 23:58:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-15 18:06:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-02-13 15:12:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-03 14:55:05 0 d-------- C:\Program Files\Pivot Stickfigure Animator
2008-01-31 17:32:28 0 d-------- C:\Documents and Settings\Owner\Application Data\dvdcss
2008-01-23 17:15:49 0 d-------- C:\Documents and Settings\Owner\Application Data\vlc
2008-01-23 13:53:56 0 d-------- C:\Program Files\Picasa2
2008-01-14 14:42:22 0 d-------- C:\Documents and Settings\Owner\Application Data\Rokario
2008-01-14 13:37:00 0 d-------- C:\Program Files\Rokario
2008-01-12 23:03:06 16 --a------ C:\WINDOWS\popcinfo.dat
2008-01-11 11:29:04 0 d-------- C:\Program Files\Bejeweled 2 Deluxe - Full Version


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:31 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [08/29/2002 08:00 PM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/29/2002 08:00 PM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/29/2002 08:00 PM]
"nwiz"="nwiz.exe" [04/20/2002 05:13 AM C:\WINDOWS\system32\nwiz.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/22/2007 06:34 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/28/2007 12:41 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2007 07:51 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [05/19/2007 04:14 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/20/2007 12:54 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/21/2007 06:25 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [5/31/2007 8:24:08 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00266a20-3abc-11dc-905f-00080dec090b}]
AutoRun\command- F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07b82610-6120-11dc-909a-00080dec090b}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe hnarfwf9wlpjz2qpo7m9ismc180zxbf3j3n5s.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e7b2380-2038-11dc-9023-00080dec090b}]
Auto\command- tel.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16a5be70-6130-11dc-909b-00080dec090b}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe hnarfwf9wlpjz2qpo7m9ismc180zxbf3j3n5s.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58d08180-dc79-11dc-9176-00080dec090b}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe 6czg3u4p74dcavax69w.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b03ba60-19d0-11dc-9016-00080dec090b}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe bh4l904qihfkdt2b1h1cg6yw5.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{959f2810-cae0-11dc-9151-00080dec090b}]
AutoRun\command- F:\ek.com
explore\Command- F:\ek.com
open\Command- F:\ek.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{963788e0-c62c-11dc-913e-00080dec090b}]
AutoRun\command- F:\ek.com
explore\Command- F:\ek.com
open\Command- F:\ek.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f1ee343-91c9-11dc-90d8-00080dec090b}]
AutoRun\command- RavMon.exe
explore\Command- RavMon.exe -e
open\Command- RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcb65700-c885-11dc-9147-00080dec090b}]
Auto\command- handydriver.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL handydriver.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcb65706-c885-11dc-9147-00080dec090b}]
Auto\command- handydriver.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL handydriver.exe




-- End of Deckard's System Scanner: finished at 2008-03-09 00:22:35 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile Intel® Celeron® CPU 1.80GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 511.36 MiB / 235.21 MiB
Pagefile Memory (total/avail): 866.14 MiB / 496.79 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.49 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 14.65 GiB total, 2.17 GiB free.
D: is Fixed (NTFS) - 13.29 GiB total, 7.04 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK3021GAS - 27.95 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 14.65 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 13.29 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.518 v7.5.518 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\Halo\\halo.exe"="D:\\Halo\\halo.exe:*:Enabled:Halo"
"F:\\Halo\\halo.exe"="F:\\Halo\\halo.exe:*:Enabled:Halo"
"D:\\fc\\Bin32\\FarCry.exe"="D:\\fc\\Bin32\\FarCry.exe:*:Enabled:Far Cry"
"D:\\Halo\\Counter-Strike\\cstrike.exe"="D:\\Halo\\Counter-Strike\\cstrike.exe:*:Enabled:CounterStrike Launcher"
"D:\\Halo\\direct-x\\cstrike.exe"="D:\\Halo\\direct-x\\cstrike.exe:*:Enabled:CounterStrike Launcher"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\USER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=USER
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Compact Wireless-G USB Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}\setup.exe" -l0x9
Far Cry --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Half-Life: Counter-Strike --> D:\Halo\COUNTE~1\UNWISE.EXE D:\Halo\COUNTE~1\INSTALL.LOG
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ImageMixer VCD/DVD2 for OLYMPUS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Mah Jong Medley --> C:\PROGRA~1\YAHOO!~1\MAHJON~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\MAHJON~1\INSTALL.LOG
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvts.inf
OLYMPUS Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Pivot Stickfigure Animator --> MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TntMPD --> "C:\Documents and Settings\All Users\Application Data\{26540352-1904-40B5-8505-D38C68BD257F}\SetupTntMPD.exe" REMOVE=TRUE MODIFY=FALSE
TOSHIBA Software Modem --> Tosmreg -U
VideoLAN VLC media player 0.8.6d --> D:\VLC Player\VLC\uninstall.exe
Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type4354 / Error
Event Submitted/Written: 03/07/2008 09:49:55 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type4331 / Warning
Event Submitted/Written: 03/06/2008 04:30:28 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}', feature 'Phone' failed during request for component '{57FF4446-590E-4894-AE39-D55928DBDE01}'

Event Record #/Type4330 / Warning
Event Submitted/Written: 03/06/2008 04:30:28 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}', feature 'Phone', component '{98916693-F0B5-4923-8BC6-1F0E6A883411}' failed. The resource 'HKEY_CURRENT_USER\Software\Skype\Phone\FE_label' does not exist.

Event Record #/Type4329 / Warning
Event Submitted/Written: 03/06/2008 04:25:23 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}', feature 'Phone' failed during request for component '{57FF4446-590E-4894-AE39-D55928DBDE01}'

Event Record #/Type4328 / Warning
Event Submitted/Written: 03/06/2008 04:25:23 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}', feature 'Phone', component '{98916693-F0B5-4923-8BC6-1F0E6A883411}' failed. The resource 'HKEY_CURRENT_USER\Software\Skype\Phone\FE_label' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20424 / Error
Event Submitted/Written: 03/08/2008 04:53:05 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type20423 / Error
Event Submitted/Written: 03/08/2008 02:58:36 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
AVG Anti-Spyware Driver
Avg7Core
Avg7RsW
Avg7RsXP
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip
WS2IFSL

Event Record #/Type20422 / Error
Event Submitted/Written: 03/08/2008 02:58:36 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type20421 / Error
Event Submitted/Written: 03/08/2008 02:58:36 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:
%%31

Event Record #/Type20420 / Error
Event Submitted/Written: 03/08/2008 02:58:36 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-03-09 00:22:35 ------------
  • 0

#21
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Okay on your laptop do the following:
  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
===========================================
Make sure that you paste the following file paths under the yellow bar within the OTMoveit2 program or it will not work correctly.


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\NetProject
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcb65706-c885-11dc-9147-00080dec090b}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcb65700-c885-11dc-9147-00080dec090b}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f1ee343-91c9-11dc-90d8-00080dec090b}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{959f2810-cae0-11dc-9151-00080dec090b}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b03ba60-19d0-11dc-9016-00080dec090b}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58d08180-dc79-11dc-9176-00080dec090b}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16a5be70-6130-11dc-909b-00080dec090b}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e7b2380-2038-11dc-9023-00080dec090b}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07b82610-6120-11dc-909a-00080dec090b}

  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===================
Post the OTMove it 2 log and a new dss scanner report please it will be only one this time.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP