Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slower computer...


  • This topic is locked This topic is locked

#1
AccidentalClick

AccidentalClick

    Member

  • Member
  • PipPipPip
  • 132 posts
I clicked a link, and when I went back to where I found the link, there were reports of malware on it...

Then, earlier today and just recently, it took an awfully long time for the computer to open files and whatnot...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:33:05 PM, on 17/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\ZyAIR USB Utility\ZyAIR.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca...amp;ibd=6070804
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: ZyAIR USB Utility.lnk = C:\Program Files\ZyAIR USB Utility\ZyAIR.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8906 bytes


Anything odd in this?

Also, I have a second computer that's in a terrible state (a Windows XP computer). Should I post HijackThis logs of that one here, or on another topic?

Edited by AccidentalClick, 17 May 2008 - 02:33 PM.

  • 0

Advertisements


#2
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi Accidental Click,

Sorry for the delay, the forums are very busy and inevitably some logs slip through the cracks. We can take care of your second computer after we get done with this one, you can post in this thread then. :)

Your log looks clean, are you experiencing any other problems other than it running slow?

You can speed up your boottime a bit by fixing the following items in HijackThis by doing a "System Scan Only" and checking the below lines:


O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')



I also notice you are running two antivirus programs (Authentium and Sympatico), this can cause computer slowdown and other issues. As Sympatico is a suite (means it includes a firewall) I would recommend you uninstall Authentium through Add or Remove programs.

Let's take one quick deep look and see if anything is hiding otherwise.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Note:These logs may be too large to post in one reply, if so, please post extra.txt in a seperate reply.
  • 0

#3
AccidentalClick

AccidentalClick

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
Firstly, what do I do with those checked lines.

Secondly, I can`t seem to find this other firewall... I know Sympatico, but not sure about the other.

(Sorry, some of my keys on the keyboard are displaying other symbols... For instance, question mark shows É)
  • 0

#4
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there AccidentalClick,

The above lines are not malware, just some things you can do to speed up your computer a bit.

Please open HijackThis again and choose "Do a system scan only". Please put a check next to each of the following entries (if still present):

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')


Now please close all open windows except HJT and press "Fix checked".

Please skip the part about the firewall for now and post me the logs from Deckards' System Scanner Please.
  • 0

#5
AccidentalClick

AccidentalClick

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
Odd... extra.txt doesn't appear. Only main.txt...

Here it is:

Deckard's System Scanner v20071014.68
Run by Game Master on 2008-05-18 14:46:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Game Master.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:00 PM, on 18/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
a
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\ZyAIR USB Utility\ZyAIR.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\system32\conime.exe
C:\Users\Game Master\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\GAMEMA~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca...amp;ibd=6070804
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: ZyAIR USB Utility.lnk = C:\Program Files\ZyAIR USB Utility\ZyAIR.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 6637 bytes

-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-15 21:50:46 540 --a------ C:\Windows\system32\PDBootState
2008-05-13 19:04:44 0 d-------- C:\Users\Game Master\avidemux
2008-05-13 19:04:36 0 d-------- C:\Program Files\Avidemux 2.4
2008-05-11 20:14:00 0 d-a------ C:\Users\All Users\TEMP
2008-05-11 20:11:59 0 d-------- C:\Program Files\SpywareBlaster
2008-05-11 20:09:32 0 d-------- C:\ie-spyad
2008-05-11 19:47:50 0 d-------- C:\Program Files\Common Files\Java
2008-05-11 12:49:11 0 d-------- C:\Users\Game Master\Videos
2008-05-06 23:29:55 0 d-------- C:\Program Files\Trend Micro
2008-04-19 15:56:37 0 d-------- C:\Windows\system32\Kingdom Hearts II dir
2008-04-18 20:09:56 0 d-------- C:\Program Files\mIRC


-- Find3M Report ---------------------------------------------------------------

2008-05-17 16:24:02 0 d-------- C:\Users\Game Master\AppData\Roaming\Azureus
2008-05-14 07:49:38 0 d-------- C:\Program Files\Windows Mail
2008-05-13 19:11:45 0 d-------- C:\Users\Game Master\AppData\Roaming\gtk-2.0
2008-05-12 19:12:19 0 d-------- C:\Users\Game Master\AppData\Roaming\Adobe
2008-05-11 19:58:45 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-11 19:49:55 0 d-------- C:\Program Files\Java
2008-05-11 19:47:50 0 d-------- C:\Program Files\Common Files
2008-05-09 00:54:13 0 d-------- C:\Program Files\DownloadToolz
2008-04-18 20:17:12 0 d-------- C:\Users\Game Master\AppData\Roaming\mIRC
2008-04-17 23:10:58 0 d-------- C:\Program Files\Azureus
2008-04-10 01:04:22 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-22 14:13:35 0 d-------- C:\Program Files\QuickTime


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [27/03/2007 10:33 AM]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe" [27/08/2007 04:57 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/08/2007 01:07 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
ZyAIR USB Utility.lnk - C:\Program Files\ZyAIR USB Utility\ZyAIR.exe [13/08/2007 11:35:05 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-18 14:47:23 ------------



Just wondering, when I clicked "Fix checked", what did it do?

Edited by AccidentalClick, 18 May 2008 - 12:56 PM.

  • 0

#6
AccidentalClick

AccidentalClick

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
Hm... Yeah... Just tried again, only the main.txt document opens... When I used it for my last topic, it opened both... Any idea why?
  • 0

#7
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Have you run Deckards System Scanner before?


Click on Start, click on Run
Copy and paste the following in bold in the open window and then click OK

"%userprofile%\desktop\dss.exe" /config

This will open up DSS configurationClick on Check All
Click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt
  • 0

#8
AccidentalClick

AccidentalClick

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
There we go. Dunno why it didn't appear before...


Deckard's System Scanner v20071014.68
Run by Game Master on 2008-05-19 16:55:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 1 Restore Point(s) --
1: 2008-05-16 20:27:42 UTC - RP186 - Windows Update


Performed disk cleanup.



-- HijackThis (run as Game Master.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:17 PM, on 19/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ZyAIR USB Utility\ZyAIR.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Windows\explorer.exe
C:\Users\Game Master\Desktop\dss.exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\GAMEMA~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca...amp;ibd=6070804
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: ZyAIR USB Utility.lnk = C:\Program Files\ZyAIR USB Utility\ZyAIR.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 6826 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080511-174846-586 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080518-144336-110 O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
backup-20080518-144336-188 O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
backup-20080518-144336-192 O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
backup-20080518-144336-285 O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
backup-20080518-144336-342 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
backup-20080518-144336-387 O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
backup-20080518-144336-460 O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
backup-20080518-144336-494 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
backup-20080518-144336-509 O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
backup-20080518-144336-541 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
backup-20080518-144336-637 O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
backup-20080518-144336-654 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
backup-20080518-144336-695 O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
backup-20080518-144336-718 O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
backup-20080518-144336-736 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
backup-20080518-144336-737 O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
backup-20080518-144336-797 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
backup-20080518-144336-804 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
backup-20080518-144336-889 O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
backup-20080518-144336-921 O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
backup-20080518-144336-990 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 StarOpen - c:\windows\system32\drivers\staropen.sys

S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0003
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0003
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0005
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0005
Service: tunnel


-- Process Modules -------------------------------------------------------------

All modules okay.


-- Files created between 2008-04-19 and 2008-05-19 -----------------------------

2008-05-15 21:50:46 540 --a------ C:\Windows\system32\PDBootState
2008-05-13 19:04:44 0 d-------- C:\Users\Game Master\avidemux
2008-05-13 19:04:36 0 d-------- C:\Program Files\Avidemux 2.4
2008-05-11 20:14:00 0 d-a------ C:\Users\All Users\TEMP
2008-05-11 20:11:59 0 d-------- C:\Program Files\SpywareBlaster
2008-05-11 20:09:32 0 d-------- C:\ie-spyad
2008-05-11 19:47:50 0 d-------- C:\Program Files\Common Files\Java
2008-05-11 12:49:11 0 d-------- C:\Users\Game Master\Videos
2008-05-06 23:29:55 0 d-------- C:\Program Files\Trend Micro
2008-04-19 15:56:37 0 d-------- C:\Windows\system32\Kingdom Hearts II dir


-- Find3M Report ---------------------------------------------------------------

2008-05-19 15:51:41 0 d-------- C:\Users\Game Master\AppData\Roaming\Roxio
2008-05-19 00:44:39 0 d-------- C:\Users\Game Master\AppData\Roaming\Azureus
2008-05-14 07:49:38 0 d-------- C:\Program Files\Windows Mail
2008-05-13 19:11:45 0 d-------- C:\Users\Game Master\AppData\Roaming\gtk-2.0
2008-05-12 19:12:19 0 d-------- C:\Users\Game Master\AppData\Roaming\Adobe
2008-05-11 19:58:45 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-11 19:49:55 0 d-------- C:\Program Files\Java
2008-05-11 19:47:50 0 d-------- C:\Program Files\Common Files
2008-05-09 00:54:13 0 d-------- C:\Program Files\DownloadToolz
2008-04-19 18:50:55 0 d-------- C:\Program Files\mIRC
2008-04-18 20:17:12 0 d-------- C:\Users\Game Master\AppData\Roaming\mIRC
2008-04-17 23:10:58 0 d-------- C:\Program Files\Azureus
2008-04-10 01:04:22 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-22 14:13:35 0 d-------- C:\Program Files\QuickTime


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [27/03/2007 10:33 AM]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe" [27/08/2007 04:57 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/08/2007 01:07 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [09/10/2007 07:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
ZyAIR USB Utility.lnk - C:\Program Files\ZyAIR USB Utility\ZyAIR.exe [13/08/2007 11:35:05 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-19 16:57:32 ------------





Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 4300 @ 1.80GHz
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 2045.56 MiB / 1363.71 MiB
Pagefile Memory (total/avail): 4309.67 MiB / 3519.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1951.56 MiB

C: is Fixed (NTFS) - 222.78 GiB total, 155.25 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 5.87 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HDT725025VLA380 ATA Device - 232.83 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 222.78 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Sympatico Security Manager Firewall v6.0.1 (Bell Sympatico (b1xxxxxx)) Disabled
AV: Sympatico Security Manager Anti-Virus v6.0.1 (Bell Sympatico (b1xxxxxx))
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Sympatico Security Manager Anti-Spyware v6.0.1 (Bell Sympatico (b1xxxxxx)) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Game Master\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GAMEMASTER-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Game Master
LOCALAPPDATA=C:\Users\Game Master\AppData\Local
LOGONSERVER=\\GAMEMASTER-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\CA\PPRT\bin;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\GAMEMA~1\AppData\Local\Temp
TMP=C:\Users\GAMEMA~1\AppData\Local\Temp
USERDOMAIN=GameMaster-PC
USERNAME=Game Master
USERPROFILE=C:\Users\Game Master
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Game Master


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
????????anepic --> MsiExec.exe /I{424C17FE-18DF-42B5-AC98-DF32E0813CC4}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Authentium AntiVirus SDK - 2 --> MsiExec.exe /I{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}
Avidemux 2.4 --> C:\Program Files\Avidemux 2.4\uninstall.exe
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Dell DataSafe Online --> MsiExec.exe /I{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
FLV Player --> "C:\Windows\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
FLV Player 2.0, build 24 --> C:\Program Files\FLV Player\uninst.exe
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® PRO Network Connections 12.1.11.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Intel® PRO Network Connections 12.1.11.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Kingdom Hearts II ????????? --> C:\Windows\system32\Kingdom Hearts II.scr /u
MakeTorrent v2.1 --> "C:\Program Files\Maketorrent 2\uninstall.exe"
Megarotic Video Downloader 3.14 --> "C:\Program Files\DownloadToolz\Megarotic Video Downloader\unins000.exe"
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Neopets --> C:\Program Files\Neopets\uninst.exe
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PerfectDisk --> MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
PPSDKRedistributables --> MsiExec.exe /I{C869F4FF-E5FF-4FBB-9A31-33C23605E170}
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Radialpoint Security Services --> MsiExec.exe /X{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}
Rayman3 --> MsiExec.exe /X{BAF5914B-5730-4373-B038-9F436AC6A0D6}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Redtube Video Downloader 3.12 --> "C:\Program Files\DownloadToolz\Redtube Video Downloader\unins000.exe"
Replay Converter 2.8 --> C:\Windows\iun6002.exe "C:\Program Files\Replay Converter\iruninRCV.ini"
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
RPS Ad Blocker --> MsiExec.exe /I{08B9D8A5-0F7F-4746-AE09-563DFE6D160A}
RPS AntiFraud --> MsiExec.exe /I{494E1223-4444-4C25-B1C6-0D73F16947DE}
RPS AntiSpyware --> MsiExec.exe /I{2141E76D-84AC-48E1-8592-583A7AEF4890}
RPS AntiVirus --> MsiExec.exe /I{9F82A8D5-E726-46A5-A240-F7F72A0E2704}
RPS App Detector --> MsiExec.exe /I{60D2CAA2-3442-4BFA-A7A5-44C4B49E39D9}
RPS AsRealtime --> MsiExec.exe /I{27B6A332-950C-4C4B-AC00-47882F09565B}
RPS Backup --> MsiExec.exe /I{63ADC0A3-BE18-4351-958D-396D44FA7604}
RPS Burn --> MsiExec.exe /I{88C2DEBD-678E-473D-A10B-4101EBDFE370}
RPS Diagnostic Utility --> MsiExec.exe /I{A6433CA5-384B-4E15-8270-B511F94B86AE}
RPS Firewall --> MsiExec.exe /I{8B02DC37-9997-4723-90E2-DE64CBFEF2BD}
RPS ParentalControl --> MsiExec.exe /I{B0B9010D-24C6-413E-8710-4C4BD2D41BF4}
RPS Performance Tool --> MsiExec.exe /I{62114582-0B19-4222-A056-D4166374C43E}
RPS PopupBlocker --> MsiExec.exe /I{CCEA4F64-091F-4E97-9043-898A08DA1AA6}
RPS Privacy Manager --> MsiExec.exe /I{C34CC6A7-B46A-4C5A-9CCF-229307BE2F7A}
RPS RpsCore --> MsiExec.exe /I{2F5B9C05-67AB-4737-858C-86B471DA5F1D}
RPS Security Cleanup --> MsiExec.exe /I{A92192EB-DF5A-4034-925A-1546EF97538B}
RPS Zip --> MsiExec.exe /I{47001112-05C9-4CE7-B6C6-AA6CAD9CFDFD}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Sympatico Security Advisor 1.5.11 --> "C:\Program Files\Bell\Sympatico Security Advisor\unins000.exe"
Sympatico Security Manager --> C:\Program Files\InstallShield Installation Information\{98C99357-67C9-407B-8361-626F6A0667EB}\setup.exe -runfromtemp -l0x0009 -removeonly
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
VisiPics V1.25 --> "C:\Program Files\VisiPics\unins000.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
ZyAIR USB Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9EC7F942-836F-4D62-ADBD-9C65ADB61220}\Setup.exe" -l0x9


-- Application Event Log -------------------------------------------------------

Event Record #/Type74805 / Error
Event Submitted/Written: 05/19/2008 04:00:06 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program Explorer.EXE version 6.0.6000.16549 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 9e4
Start Time: 01c8b9e4fbfb7493
Termination Time: 16720

Event Record #/Type74803 / Error
Event Submitted/Written: 05/19/2008 03:55:31 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program vlc.exe version 0.8.6.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 5c4
Start Time: 01c8b9e9f5d3ac43
Termination Time: 11

Event Record #/Type74800 / Error
Event Submitted/Written: 05/19/2008 03:21:55 PM
Event ID/Source: 5007 / WerSvc
Event Description:
The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Event Record #/Type74790 / Success
Event Submitted/Written: 05/19/2008 03:17:30 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type74788 / Success
Event Submitted/Written: 05/19/2008 03:17:30 PM
Event ID/Source: 5615 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type133107 / Warning
Event Submitted/Written: 05/19/2008 03:54:06 PM
Event ID/Source: 51 / cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.

Event Record #/Type133106 / Warning
Event Submitted/Written: 05/19/2008 03:54:06 PM
Event ID/Source: 51 / cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.

Event Record #/Type133105 / Warning
Event Submitted/Written: 05/19/2008 03:54:06 PM
Event ID/Source: 51 / cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.

Event Record #/Type133104 / Warning
Event Submitted/Written: 05/19/2008 03:54:06 PM
Event ID/Source: 51 / cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.

Event Record #/Type133103 / Warning
Event Submitted/Written: 05/19/2008 03:54:06 PM
Event ID/Source: 51 / cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-05-19 16:57:32 ------------
  • 0

#9
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there AccidentalClick,

You still have Authentium AntiVirus installed, and a service is still running. Since you have an Antivirus program already I would recommend removing it.

Uninstall through Add or Remove programs the following:

Authentium AntiVirus SDK - 2

Then
  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • click on "delete an NT service"
  • Copy and paste this in: dvpapi
  • Click "ok"

You also have a leftover from norton
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

If you want it removed please do the same above (as with dvapapi) and substitute dvapapi for CLTNetCnService.

Optional

You have Azureus installed. These are Peer to Peer programs. These types of programs are very dangerous as you literally allow anyone to access your computer. Please read Dangers of P2P.

If you wish to uninstall them please go to Start >Control Panel > Add or Remove Programs an uninstall:

Azureus

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Users\Game Master\AppData\Roaming\Azureus
C:\Program Files\Azureus

You also have a video grabbing tool. While I do not know how you use it, I would like to inform you that downloading videos from sites such as Youtube that themselves do not provide downloads is illegal and (at least for youtube) against their Terms of use. I would recommend you uninstall the following two programs.

Megarotic Video Downloader 3.14
Redtube Video Downloader 3.12


And deleteing this folder C:\Program Files\DownloadToolz

Step 1. Running ATF Cleaner

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step 2. Running Kaspersky Online Virusscaner

Please run a free online scan with Kaspersky AntiVirus (works only with MS Internet Explorer 5.0 or higher).
Go to http://www.kaspersky.com/virusscanner and click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").
  • In the new window that opens, click the "Accept" button to accept the user agreement, install the ActiveX control, and download the program.
  • When you get the Windows dialog asking if you want to install this software, click the "Install" button.
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button lights up with a green arrow, click it.
  • Click on the "Scan Settings" button, and in the next window select the "extended" database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window, and post the text in kavscan.txt in your next reply.

Please post the log from kaspersky.
  • 0

#10
AccidentalClick

AccidentalClick

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
Hm...

Hi there AccidentalClick,

You still have Authentium AntiVirus installed, and a service is still running. Since you have an Antivirus program already I would recommend removing it.

Uninstall through Add or Remove programs the following:

Authentium AntiVirus SDK - 2


I don't have Add/Remove Programs, but I have Programs and Features. But no matter what, I still can't find this Authentium antivirus...

Then

* Open HiJackThis
* Click on the "Config..." button on the bottom right
* Click on the tab "Misc Tools"
* click on "delete an NT service"
* Copy and paste this in: dvpapi
* Click "ok"



You also have a leftover from norton
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

If you want it removed please do the same above (as with dvapapi) and substitute dvapapi for CLTNetCnService.


Can I do this at anytime? Or should I do it only after removing the other antivirus?
Optional

You have Azureus installed. These are Peer to Peer programs. These types of programs are very dangerous as you literally allow anyone to access your computer. Please read Dangers of P2P.

If you wish to uninstall them please go to Start >Control Panel > Add or Remove Programs an uninstall:

Azureus

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Users\Game Master\AppData\Roaming\Azureus
C:\Program Files\Azureus


Hm... Now, I don't randomly go around and download torrents. I go to a site that seems honest enough (I've downloaded plenty from it) and doesn't seem to have any problems in terms of viruses. Would it still be OK to have it? Or do the viruses come from a different source?

You also have a video grabbing tool. While I do not know how you use it, I would like to inform you that downloading videos from sites such as Youtube that themselves do not provide downloads is illegal and (at least for youtube) against their Terms of use. I would recommend you uninstall the following two programs.

Megarotic Video Downloader 3.14
Redtube Video Downloader 3.12

And deleteing this folder C:\Program Files\DownloadToolz


Ah, OK then. Just wondering, is there any harm (in terms of viruses) in downloading the programs and using them? :)



Step 1. Running ATF Cleaner

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


I'm on Vista... Anything to do here?


Sorry for the load of questions...
  • 0

Advertisements


#11
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi AccidentalClick,

Yes you can remove those services at any time if you are not using those programs.

You did not necessarily get the virus through a torrent but it is a likely place, It is simply a recommendation and is completely up to you whether you wish to remove those programs or not.

I have never used the above programs (the video grabber ones) so I cannot tell you if the program itself is safe, from my research it doesn't seem to be malicious. This was also just a suggestion.

My apologies, I completely looked over the fact that you are running Vista. Please substitute ATF Cleaner for this:

Please download CCleaner
http://www.majorgeek...wnload4191.html
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner click the Windows [tab]
The following should be selected by default, if not, please select:
Posted Image
Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit

Warning: Do not use the registry cleaner!

And proceed with the Kaspersky scan.

Also no worries about the questions, I'll do my best to answer any more that you have.
  • 0

#12
AccidentalClick

AccidentalClick

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
Hm... Firstly, is there anything I can do about this second antivirus?

If I can't, should I still perform this:

Then

* Open HiJackThis
* Click on the "Config..." button on the bottom right
* Click on the tab "Misc Tools"
* click on "delete an NT service"
* Copy and paste this in: dvpapi
* Click "ok"


??? Beside the "Delete an NT service", it says ??/??(forgot these)/XP only...

Secondly, did I actually happen to get a virus from Azureus?

The following should be selected by default, if not, please select:

OK, all of those are selected by default, but I also have others automatically checked, should I keep those checked as well?

Edited by AccidentalClick, 21 May 2008 - 03:54 PM.

  • 0

#13
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there AccidentalClick,

I cannot tell you where you got the virus, from Azureus the program no, but maybe from a torrent you downloaded.
I don't see any leftovers of your other antivirus other than the service I suggested you remove.

let's get rid of the services another way.

Open notepad by going to START > RUN and type notepad.exe in the box that appears. In the window that pops up please copy and paste the following

@ECHO off
sc stop CLTNetCnService
sc delete CLTNetCnService
sc stop dvpapi
sc delete dvpapi
exit

In Notepad click on the "File" menu > Save As... Under "File name" type fix.bat and Change "Save as type" to All Files, save it to a place you will remember.

Posted Image

Double click on fix.bat.

Those services should now be gone.

For your second question, it's fine the way the default is set, just run it and move on to the Kaspersky Scan.

Please post me the log here and tell me how your computer is running.

Edited by Mike, 22 May 2008 - 06:32 AM.

  • 0

#14
AccidentalClick

AccidentalClick

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
Agh, sorry for not posting the log again, but another thing's come up. -_-

Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit


I can't seem to find the "older than 48 hours" thing...

Also... what's the registry cleaner? I don't want to accidentally click it... -_-

EDIT: Oh wait, found a "Only delete files in Windows Temp folders older than 48 hours. Would this be it?

Also, should I delete the .bat file now?

Edited by AccidentalClick, 22 May 2008 - 03:17 PM.

  • 0

#15
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
.

Edited by Mike, 23 May 2008 - 03:32 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP