Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Consistant error message and application closed [RESOLVED]


  • This topic is locked This topic is locked

#1
Bamf3000

Bamf3000

    Member

  • Member
  • PipPip
  • 19 posts
I consistently get error messaged throughout the day on my home PC. If I am browsing IE or Firefox it will show up with an error message and close down the browser.
If I am playing a game such as Starcraft, the game will suddenly close.
Randomly Avira will show up with an error message about a fill missing but avira continues to run fine...
When I tried to scan my computer with the online Panda Scan it got to 98% and then states it cant update b/c of an error.
Itunes will randomly shut down, other applications will randomly shut down and say that it can't download or something of that extent.

You get the picture. The reason this seems like such a big deal is because this has been happening for awhile and as a last resort I completely reformatted my main OS hard drive and reinstalled windows. While installing windows it gave me a few error messages but I said retry and never got the issue again.

This was about 2-4 weeks ago and the problem still persists.
I updated the Bios and all the hardware drivers.

I am almost to the point of buying a completely new computer, so some help would be awesome!

Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:42 AM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4954 bytes


Here is the malaware log

Malwarebytes' Anti-Malware 1.12
Database version: 789

Scan type: Quick Scan
Objects scanned: 52880
Time elapsed: 12 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Uninstall list

ABITEQ
Adobe Flash Player ActiveX
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal – Free Antivirus
FlashMenu
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB915865)
iTunes
Java™ 6 Update 6
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Mozilla Firefox (2.0.0.14)
NVIDIA Drivers
QuickTime
Realtek AC'97 Audio
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Sonic Encoders
Starcraft
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip

and the superantispyware log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/27/2008 at 02:41 AM

Application Version : 4.1.1046

Core Rules Database Version : 3468
Trace Rules Database Version: 1459

Scan type : Complete Scan
Total Scan Time : 00:42:35

Memory items scanned : 404
Memory threats detected : 0
Registry items scanned : 3736
Registry threats detected : 0
File items scanned : 57573
File threats detected : 76

Adware.Tracking Cookie
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][3].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][1].txt
C:\Documents and Settings\BAMF3000\Cookies\[email protected][2].txt

BearShare File Sharing Client
D:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE
C:\WINDOWS\Prefetch\BEARSHARE.EXE-35739D34.pf
  • 0

Advertisements


#2
Bamf3000

Bamf3000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Now I can't open IE at all.....
  • 0

#3
Bamf3000

Bamf3000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Any assistance would be greatly appreciated.
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
You shouldn't bump your own topic, that is why you didn't get a reply

Please don't put the logs in colours


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



Download RootAlyzer to your desktop.
  • Unzip it to a folder on your desktop, close all windows, and run RootAlyzer.exe
  • Click Ok to the two prompts and let the program run it's Quick Scan automatically, this should only take a few seconds
  • Click the Deep Scan tab, check all the boxes and click Ok. Let the scan run un-interrupted, it will take a few minutes.
  • When it is finished scanning, a Log tab will appear at the top, click that. Highlight all the text, right-click on it and press Copy.
  • Paste that information back here by pressing Ctrl + V, or right-click and press Paste. Also mention if you had any problems.

  • 0

#5
Bamf3000

Bamf3000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here is DSS:

Deckard's System Scanner v20071014.68
Run by BAMF3000 on 2008-05-31 18:57:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as BAMF3000.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:12 PM, on 5/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\BAMF3000\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\BAMF3000.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5050 bytes

-- Files created between 2008-04-30 and 2008-05-31 -----------------------------

2008-05-31 14:05:13 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-31 14:05:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-31 14:05:12 0 d-------- C:\WINDOWS\LastGood
2008-05-27 14:34:32 0 dr-h----- C:\Documents and Settings\BAMF3000\Recent
2008-05-27 14:28:54 0 d-------- C:\Program Files\CCleaner
2008-05-27 14:26:16 0 d-------- C:\WINDOWS\setup.pss
2008-05-27 14:26:02 0 d-------- C:\WINDOWS\setupupd
2008-05-27 02:48:06 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-27 01:25:49 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-27 01:25:11 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-27 01:25:11 0 d-------- C:\Documents and Settings\BAMF3000\Application Data\SUPERAntiSpyware.com
2008-05-27 01:24:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-27 01:00:07 0 d-------- C:\Documents and Settings\BAMF3000\Application Data\Malwarebytes
2008-05-27 01:00:03 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 01:00:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-27 00:59:41 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-27 00:55:32 0 d-------- C:\Program Files\Trend Micro
2008-05-27 00:46:49 0 d-------- C:\Documents and Settings\BAMF3000\Application Data\Uniblue
2008-05-27 00:12:00 0 d-------- C:\WINDOWS\Sun
2008-05-27 00:12:00 0 d-------- C:\Documents and Settings\BAMF3000\Application Data\Sun
2008-05-27 00:11:29 0 d-------- C:\Program Files\Java
2008-05-27 00:11:09 0 d-------- C:\Program Files\Common Files\Java
2008-05-26 23:27:18 0 d-------- C:\Documents and Settings\BAMF3000\Contacts
2008-05-23 12:33:54 2568 --a------ C:\WINDOWS\mozver.dat
2008-05-22 23:52:07 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-22 00:50:00 0 d-------- C:\Documents and Settings\BAMF3000\Application Data\Mozilla
2008-05-21 18:01:07 0 d-------- C:\unzipped
2008-05-21 17:54:23 3548 --a------ C:\WINDOWS\system32\drivers\WinFlash.sys
2008-05-21 17:54:10 42487 --a------ C:\WINDOWS\system32\FlashMenu.sys
2008-05-18 23:33:18 29293 --a------ C:\WINDOWS\scunin.dat
2008-05-18 23:33:17 967 --a------ C:\WINDOWS\ScUnin.pif
2008-05-18 23:33:17 70656 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-05-11 03:42:07 0 d-------- C:\Documents and Settings\BAMF3000\Application Data\Apple Computer
2008-05-11 03:41:26 0 d-------- C:\Program Files\QuickTime
2008-05-11 03:36:21 0 d-------- C:\Program Files\iPod
2008-05-11 03:36:17 0 d-------- C:\Program Files\iTunes
2008-05-11 03:36:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-11 03:35:49 0 d-------- C:\Program Files\Apple Software Update
2008-05-11 03:35:47 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-11 03:35:40 0 d-------- C:\Program Files\Common Files\Apple
2008-05-11 03:35:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-11 03:32:30 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-11 03:32:25 0 d-------- C:\Program Files\Windows Live
2008-05-11 03:32:20 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-11 03:28:08 0 d-------- C:\Program Files\Avira
2008-05-11 03:28:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-11 03:22:00 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-11 03:15:30 40960 -ra------ C:\WINDOWS\system32\ChCfg.exe
2008-05-11 03:15:10 0 d-------- C:\Program Files\Realtek Sound Manager
2008-05-11 03:15:10 0 d-------- C:\Program Files\Realtek Audio
2008-05-11 03:15:07 0 d-------- C:\Program Files\Realtek AC97
2008-05-11 03:15:04 307200 -ra------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-05-11 03:15:04 212992 -ra------ C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool>
2008-05-11 03:14:12 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-11 03:04:03 0 d-------- C:\WINDOWS\nview
2008-05-11 03:01:47 0 d-------- C:\Program Files\Nvidia Driver
2008-05-11 02:57:44 0 d-------- C:\Documents and Settings\BAMF3000\Application Data\Adobe
2008-05-11 02:57:36 0 d-------- C:\Documents and Settings\BAMF3000\Application Data\Macromedia
2008-05-11 02:39:51 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-11 02:38:36 7296 -----n--- C:\WINDOWS\system32\drivers\Wbhwdoct.sys <Not Verified; Winbond Electronics Corp.; Winbond Hardware Doctor>
2008-05-11 02:38:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-11 02:38:36 0 d-------- C:\Program Files\ABIT
2008-05-11 02:38:22 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-11 02:35:47 0 d-------- C:\Documents and Settings\BAMF3000\Application Data\Identities
2008-05-11 02:33:58 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-11 02:33:37 0 d-------- C:\Program Files\RGB
2008-05-11 02:28:00 0 d--h----- C:\Documents and Settings\BAMF3000\Templates
2008-05-11 02:28:00 0 dr------- C:\Documents and Settings\BAMF3000\Start Menu
2008-05-11 02:28:00 0 dr-h----- C:\Documents and Settings\BAMF3000\SendTo
2008-05-11 02:28:00 0 d--h----- C:\Documents and Settings\BAMF3000\PrintHood
2008-05-11 02:28:00 2097152 --ah----- C:\Documents and Settings\BAMF3000\NTUSER.DAT
2008-05-11 02:28:00 0 d--h----- C:\Documents and Settings\BAMF3000\NetHood
2008-05-11 02:28:00 0 dr------- C:\Documents and Settings\BAMF3000\My Documents
2008-05-11 02:28:00 0 d--h----- C:\Documents and Settings\BAMF3000\Local Settings
2008-05-11 02:28:00 0 dr------- C:\Documents and Settings\BAMF3000\Favorites
2008-05-11 02:28:00 0 d-------- C:\Documents and Settings\BAMF3000\Desktop
2008-05-11 02:28:00 0 d--hs---- C:\Documents and Settings\BAMF3000\Cookies
2008-05-11 02:28:00 0 dr-h----- C:\Documents and Settings\BAMF3000\Application Data
2008-05-11 02:27:02 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-11 02:26:59 0 d-------- C:\WINDOWS\Prefetch
2008-05-11 02:26:58 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-11 02:26:57 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-05-11 02:26:57 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-05-11 02:26:57 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-05-11 02:26:57 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-05-11 02:26:57 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-11 02:26:21 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-05-11 02:26:21 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-05-11 02:26:21 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-05-11 02:26:21 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-11 02:26:20 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-11 02:23:19 0 d-------- C:\WINDOWS\system32\xircom
2008-05-11 02:23:19 0 d-------- C:\Program Files\microsoft frontpage
2008-05-11 02:22:51 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-05-11 02:22:51 0 d-------- C:\DELL
2008-05-11 02:22:37 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-11 02:22:23 0 -rahs---- C:\MSDOS.SYS
2008-05-11 02:22:23 0 -rahs---- C:\IO.SYS
2008-05-11 02:22:23 0 --a------ C:\CONFIG.SYS
2008-05-11 02:22:23 0 --a------ C:\AUTOEXEC.BAT
2008-05-11 02:21:08 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-05-11 02:21:00 0 dr------- C:\WINDOWS\Offline Web Pages
2008-05-11 02:21:00 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-11 02:20:50 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-11 02:20:36 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-11 02:20:19 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-05-11 02:20:16 0 d---s---- C:\WINDOWS\Tasks
2008-05-11 02:20:16 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-11 02:20:14 0 d-------- C:\WINDOWS\srchasst
2008-05-11 02:20:13 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-11 02:20:03 0 d-------- C:\WINDOWS\system32\Restore
2008-05-11 02:20:02 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-05-11 02:19:02 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-11 02:18:46 0 d-------- C:\WINDOWS\Registration
2008-05-11 02:18:14 0 d-------- C:\Program Files\Windows Plus
2008-05-11 02:18:06 0 d-------- C:\Program Files\Movie Maker
2008-05-11 02:17:34 0 d-------- C:\Program Files\Messenger
2008-05-11 02:17:30 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-11 02:17:20 16896 --a------ C:\WINDOWS\system32\qappsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-11 02:17:10 0 d-------- C:\Program Files\Windows NT
2008-05-11 02:17:08 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-11 02:17:07 0 d-------- C:\WINDOWS\system32\Com
2008-05-10 20:12:50 0 d--hs---- C:\WINDOWS\Installer
2008-05-10 20:12:49 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-10 20:12:47 0 dr------- C:\Program Files
2008-05-10 20:12:47 0 d-------- C:\Program Files\Common Files
2008-05-10 20:12:47 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-10 20:12:28 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-05-10 20:12:28 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-05-10 20:12:28 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-05-10 20:12:28 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-05-10 20:12:28 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-05-10 20:12:28 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-05-10 20:12:28 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-05-10 20:12:28 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-05-10 20:12:28 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-05-10 20:12:28 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-05-10 20:12:28 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-05-10 20:12:28 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-05-10 20:12:28 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-05-10 20:12:28 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-05-10 20:12:28 0 dr------- C:\Documents and Settings\All Users\Documents
2008-05-10 20:12:28 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-05-10 20:10:39 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-10 20:10:39 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-10 20:10:34 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-05-10 20:10:34 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-10 20:10:33 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-05-10 20:10:33 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-10 20:10:15 0 d-------- C:\Documents and Settings
2008-05-10 20:10:14 0 d--hs---- C:\System Volume Information
2008-05-10 20:04:27 0 d-------- C:\WINDOWS
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\WinSxS
2008-05-10 20:04:27 0 dr------- C:\WINDOWS\Web
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\twain_32
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\wins
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\wbem
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\usmt
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\spool
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\Setup
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\ras
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\oobe
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\npp
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\mui
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\IME
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\ias
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\export
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\drivers
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-10 20:04:27 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\config
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\3076
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\2052
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\1054
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\1042
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\1041
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\1037
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\1033
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\1031
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\1028
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system32\1025
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\system
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\security
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\Resources
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\repair
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\Provisioning
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\PeerNet
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\pchealth
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\mui
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\msapps
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\msagent
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\Media
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\java
2008-05-10 20:04:27 0 d--h----- C:\WINDOWS\inf
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\ime
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\Help
2008-05-10 20:04:27 0 dr--s---- C:\WINDOWS\Fonts
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\ehome
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\Driver Cache
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\dell
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\Debug
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\Cursors
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\Config
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\AppPatch
2008-05-10 20:04:27 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-05-10 20:12:28 62 --ahs---- C:\Documents and Settings\BAMF3000\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 04:04 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"SoundMan"="SOUNDMAN.EXE" [08/17/2005 06:39 PM C:\WINDOWS\soundman.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/13/2008 12:43 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15f4b981-1efa-11dd-b1d4-806d6172696f}]
AutoRun\command- F:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-05-31 18:57:49 ------------



Here is Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 31, 2008 6:42:30 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 31/05/2008
Kaspersky Anti-Virus database records: 818915
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 43322
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:39:22

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\BAMF3000\Application Data\Mozilla\Firefox\Profiles\rpn2dq14.default\cert8.db Object is locked skipped
C:\Documents and Settings\BAMF3000\Application Data\Mozilla\Firefox\Profiles\rpn2dq14.default\history.dat Object is locked skipped
C:\Documents and Settings\BAMF3000\Application Data\Mozilla\Firefox\Profiles\rpn2dq14.default\key3.db Object is locked skipped
C:\Documents and Settings\BAMF3000\Application Data\Mozilla\Firefox\Profiles\rpn2dq14.default\parent.lock Object is locked skipped
C:\Documents and Settings\BAMF3000\Application Data\Mozilla\Firefox\Profiles\rpn2dq14.default\search.sqlite Object is locked skipped
C:\Documents and Settings\BAMF3000\Application Data\Mozilla\Firefox\Profiles\rpn2dq14.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\BAMF3000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-31-2008( 7-4-55 ).LOG Object is locked skipped
C:\Documents and Settings\BAMF3000\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\BAMF3000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\BAMF3000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\BAMF3000\Local Settings\Application Data\Mozilla\Firefox\Profiles\rpn2dq14.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\BAMF3000\Local Settings\Application Data\Mozilla\Firefox\Profiles\rpn2dq14.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\BAMF3000\Local Settings\Application Data\Mozilla\Firefox\Profiles\rpn2dq14.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\BAMF3000\Local Settings\Application Data\Mozilla\Firefox\Profiles\rpn2dq14.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\BAMF3000\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BAMF3000\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\BAMF3000\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BAMF3000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\BAMF3000\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{5C960178-C3DB-4942-9A15-2DBC73BAF0CB}\RP43\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{07E1B2EB-FA4D-4800-BE72-4ED0D05EA9E5}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{5C960178-C3DB-4942-9A15-2DBC73BAF0CB}\RP43\change.log Object is locked skipped
E:\RECYCLER\S-1-5-21-1757981266-1284227242-725345543-1004\De4\%temp%dd_msxml_retMSI.txt Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{5C960178-C3DB-4942-9A15-2DBC73BAF0CB}\RP43\change.log Object is locked skipped

Scan process completed.

Here is Rootalyzer

// info: Rootkit removal help file
// copyright: © 2008 Safer Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","E:\Videos\TT Videos\SkyonFire.bmp:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0001.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0006.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0007.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0011.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0012.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0013.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0014.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0015.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0016.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0017.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0018.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0019.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0020.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0021.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0022.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0023.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0024.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0025.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0026.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0027.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0028.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0029.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0030.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0031.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0032.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0033.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0034.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0035.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0036.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","E:\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0037.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0001.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0006.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0007.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0011.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0012.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0013.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0014.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0015.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0016.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0017.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0018.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0019.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0020.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0021.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0022.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0023.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0024.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0025.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0026.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0027.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0028.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0029.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0030.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0031.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0032.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0033.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0034.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0035.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0036.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
File:"Unknown ADS","C:\Documents and Settings\BAMF3000\My Documents\My Pictures\My Pictures- family- irreplaceable\dec 03 - feb 04\DSCF0037.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA"
  • 0

#6
Bamf3000

Bamf3000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Nevermind Found the Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3700+
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 1022.42 MiB / 676.14 MiB
Pagefile Memory (total/avail): 2459.53 MiB / 2079.43 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.83 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 63.64 GiB free.
D: is Fixed (NTFS) - 153.38 GiB total, 123.21 GiB free.
E: is Fixed (NTFS) - 298.09 GiB total, 269.85 GiB free.
F: is CDROM (CDFS)
G: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - ST380013A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD1600YS-01SHB0 - 153.38 GiB - 1 partition
\PARTITION0 - Installable File System - 153.38 GiB - D:

\\.\PHYSICALDRIVE3 - Apple iPod USB Device - 7.35 GiB - 1 partition
\PARTITION0 - Unknown - 7.41 GiB - G:

\\.\PHYSICALDRIVE2 - Seagate FreeAgent Pro USB Device - 298.09 GiB - 1 partition
\PARTITION0 - Installable File System - 298.09 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Games\\Starcraft\\StarCraft.exe"="D:\\Games\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"D:\\Program Files\\Bearshare\\BearShare.exe"="D:\\Program Files\\Bearshare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\ABIT\\FlashMenu.exe"="C:\\Program Files\\ABIT\\FlashMenu.exe:*:Enabled:ABIT FlashMenu Application"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\BAMF3000\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GIGANTORPC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\BAMF3000
LOGONSERVER=\\GIGANTORPC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 55 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=3702
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\BAMF3000\LOCALS~1\Temp
TMP=C:\DOCUME~1\BAMF3000\LOCALS~1\Temp
USERDOMAIN=GIGANTORPC
USERNAME=BAMF3000
USERPROFILE=C:\Documents and Settings\BAMF3000
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

BAMF3000 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABITEQ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{149B898E-BDCA-11D7-B544-00105A845E81}\Setup.exe" -l0x9
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
FlashMenu --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0555CC40-C007-11D4-B257-0050BAA96AA5}\Setup.exe" -l0x9
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinZip --> D:\Program Files\WinZip\WINZIP32.EXE /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type388 / Error
Event Submitted/Written: 05/31/2008 01:54:12 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 768833767.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type387 / Error
Event Submitted/Written: 05/31/2008 00:05:25 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application avwsc.exe, version 8.0.0.9, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0001103c.
Processing media-specific event for [avwsc.exe!ws!]

Event Record #/Type383 / Error
Event Submitted/Written: 05/31/2008 07:02:40 AM
Event ID/Source: 1015 / Winlogon
Event Description:
A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code 80000007. The machine
must now be restarted.

Event Record #/Type382 / Success
Event Submitted/Written: 05/31/2008 01:27:56 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type381 / Error
Event Submitted/Written: 05/31/2008 01:18:23 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00011f6c.
Processing media-specific event for [firefox.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1720 / Warning
Event Submitted/Written: 05/31/2008 01:59:52 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk2\D during a paging operation.

Event Record #/Type1717 / Warning
Event Submitted/Written: 05/31/2008 01:08:27 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk2\D during a paging operation.

Event Record #/Type1716 / Warning
Event Submitted/Written: 05/31/2008 00:08:27 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk2\D during a paging operation.

Event Record #/Type1715 / Warning
Event Submitted/Written: 05/31/2008 11:08:27 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk2\D during a paging operation.

Event Record #/Type1714 / Warning
Event Submitted/Written: 05/31/2008 10:08:27 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk2\D during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-05-31 14:01:15 ------------

Edited by Bamf3000, 31 May 2008 - 07:20 PM.

  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15f4b981-1efa-11dd-b1d4-806d6172696f}
    F:\setup.exe
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Reboot and tell me how your PC is running
  • 0

#8
Bamf3000

Bamf3000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Explorer killed successfully
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15f4b981-1efa-11dd-b1d4-806d6172696f} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15f4b981-1efa-11dd-b1d4-806d6172696f}\\ not found.
File move failed. F:\setup.exe scheduled to be moved on reboot.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06012008_132305

Files moved on Reboot...
File move failed. F:\setup.exe scheduled to be moved on reboot.


On reboot Avira failed to start up on its own and had to be started manually.
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Well your logs are clean, don't know what is causing that

  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#10
Bamf3000

Bamf3000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I just tried IE and opened about 5 windows to see if i would get an error and I did.

this is the error
Posted Image

Edited by Bamf3000, 01 June 2008 - 01:35 PM.

  • 0

#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
That problem isn't malware, so go ahead with my previous instructions

Do you have add-ons for IE ? Maybe one of them is responsible

Or possibly a BHO, try remove some of your toolbars
  • 0

#12
Bamf3000

Bamf3000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here is an Avira error I get occasionally also

Posted Image

Also I don't have any add-ons for IE and any toolbars. I always stay away from both. Also I already started using Firefox since IE was giving me the most issues.

Also is Service Pack 3 worth getting for XP?

Edited by Bamf3000, 01 June 2008 - 01:48 PM.

  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Sounds like your problems are caused by Avira, maybe try uninstall it and see if it continues

I have heard of a few problems with Service Pack 3, I would leave it for a while


If the problem persists after removing Avira, then post in the Windows XP forum
  • 0

#14
Bamf3000

Bamf3000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I don't think its avira as it has happened before with AVG where AVG would not even install, it kept giving me an error about something being moved or deleted. I'll give the XP forum a try.

Thanks for all your help, as it does not seem like I have any issues with IE so far. :)
  • 0

#15
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP