Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

svchost.exe SysTray.Exe nwiz.exe [CLOSED]


  • This topic is locked This topic is locked

#1
Draigcoch

Draigcoch

    New Member

  • Member
  • Pip
  • 6 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:02, on 08/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\EXPLORER.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [nwiz] nwiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] "C:\Program Files\Essentials Codec Pack\update.exe" -silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [Advanced WindowsCare 3] "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: FreshDownload - {4EFC61EF-69C0-46C6-A0E7-4F0397E6623C} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard - C:\Program Files\BullGuard Software\BullGuard\support\bgrasvc.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 7558 bytes


Active Disk
Adobe Flash Player Plugin
Adobe Reader 8.1.0
Advanced WindowsCare 3 Beta
Advanced WindowsCare Personal
Apple Software Update
ArcSoft PhotoBase
ArcSoft PhotoStudio 2000
Bios Wizard
Blender (remove only)
Broken Sword - The Sleeping Dragon
BullGuard 7.0
BurnAware Free Edition
Canon ScanGear Toolbox 3.0
CD_DRV_70
Civ3 Conquests v1.22 Full
Civ3 MultiTool
Civilization III Complete Edition
Civilization III v1.29f
CleanMyPC Popup Blocker
C-Media 3D Audio
CTP2 Modswapper 1.12
DarkLoader 4.3
Drive Rescue 1.9
Editor
Explorer Breadcrumbs 1.3.0.1
Freeciv 2.1.3 (GTK+ client)
FreshDownload
GarrettLoader 1.41
GIMP 2.4.2
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
IE7Pro
ieSpell 2.0.1 (build 325)
Inkscape 0.46
IObit SmartDefrag
IomegaWare 4.0.2
Java™ 6 Update 3
Java™ 6 Update 4
Java™ 6 Update 5
LaBelle CD Toolbox v1.5
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Moffsoft FreeCalc
Mozilla Firefox (2.0.0.14)
Mozilla Thunderbird (2.0.0.5)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MT882
NetObjects Fusion Essentials
NVIDIA Drivers
OmniPage Pro 9.0
OpenOffice.org 2.4
Opera 9.25
Password Safe
Python 2.5.2
QuickTime
Recuva (remove only)
Samsung ML-4500 Series Driver
Scan Manager 5.2
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Send To Toys v2.5
Serif WebPlus SE
Sib Icon Editor
SiS 900 PCI Fast Ethernet Adapter Driver
Spybot - Search & Destroy
Startup Delayer v2.3 (build 130)
Task Coach 0.70.0
The Color Picker 1.0
Thief 2
Thief:The Dark Project
Uniblue RegistryBooster 2
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
UpdateStar
Visual Task Tips 3.3
VP3 Codec for Video for Windows
Windows Communication Foundation
Windows Essentials Media Codec Pack 1.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Windows XP Uninstall
WinRAR archiver
WonderWebWare Template Shaker 2.3
XnView 1.92.1
Yahoo! Toolbar

Notes: I have a beta version of Advanced Windows Care which identified three viruses but could not remove them -

svchost.exe (Services) - Trojan
SysTray.Exe (StartUp) - added by Trojan
nwiz.exe (StartUp) - added by Chode-J worm

I am running Windows XP (with SP2) on an AMD Athlon 3000+ machine. I tried to install SP3 but had a number of problems with it.

I run AWC every day, have Bullguard running in the background to provide anti-virus and fireguard. Every week I run Spybot as well. What else should I be doing?

Thanx
  • 0

Advertisements


#2
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Hello Draigcoch, and welcome to Geeks to Go! :)

Please read this post completely. It may make it easier for you if you print, or copy and paste this post to a new text document for reference later.

This will likely be a few steps process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Regards

eddie
  • 0

#3
Draigcoch

Draigcoch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanx - Eddie6569

Here are the two logs taken with DSS:

Deckard's System Scanner v20071014.68
Run by Thomas Morgan on 2008-06-17 20:55:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
112: 2008-06-17 19:55:18 UTC - RP209 - Deckard's System Scanner Restore Point
111: 2008-06-17 16:28:48 UTC - RP208 - System Checkpoint
110: 2008-06-14 16:05:51 UTC - RP207 - Restore Operation
109: 2008-06-13 23:11:14 UTC - RP206 - Restore Operation
108: 2008-06-13 00:18:39 UTC - RP205 - Restore Operation


-- First Restore Point --
1: 2008-04-19 14:26:51 UTC - RP98 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Thomas Morgan.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:56:40, on 17/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Thomas Morgan\My Documents\Computing\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Thomas Morgan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] "C:\Program Files\Essentials Codec Pack\update.exe" -silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [Advanced WindowsCare 3] "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: FreshDownload - {4EFC61EF-69C0-46C6-A0E7-4F0397E6623C} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard - C:\Program Files\BullGuard Software\BullGuard\support\bgrasvc.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 7527 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-153
.com - comfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,2
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,23
.ini - inifile - DefaultIcon - shell32.dll,-151
.js - JSFile - DefaultIcon - unable to read value
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.txt - txtfile - DefaultIcon - shell32.dll,-152
.vbs - VBSFile - DefaultIcon - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 iomdisk (Iomega Devices Disk Filter Services) - c:\windows\system32\drivers\iomdisk.sys <Not Verified; Iomega Corporation; Microsoft® Windows NT® Operating System>
R1 NetworkX - c:\windows\system32\ckldrv.sys
R1 VFILT (BullGuard Firewall Kernel Driver) - c:\program files\bullguard software\bullguard\fwengine\filtnt.sys <Not Verified; Agnitum Ltd.; Virtual Firewall>
R3 PROTECT.DLL (BullGuard Firewall Protection Plugin) - c:\program files\bullguard software\bullguard\fwengine\protect.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 ADBLOCK.DLL (BullGuard Firewall Adware Plugin) - c:\program files\bullguard software\bullguard\fwengine\adblock.dll (file missing)
S3 HTMLFILT.DLL (BullGuard Firewall HTML Plugin) - c:\program files\bullguard software\bullguard\fwengine\htmlfilt.dll (file missing)
S3 HTTPFILT.DLL (BullGuard Firewall HTTP Plugin) - c:\program files\bullguard software\bullguard\fwengine\httpfilt.dll (file missing)
S3 iadusb (MT882) - c:\windows\system32\drivers\glauiad.sys <Not Verified; Conexant Systems Inc.; Conexant USB to Ethernet (LAN) Viking Modem>
S3 lredbooo - c:\docume~1\thomas~1\locals~1\temp\lredbooo.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 _IOMEGA_ACTIVE_DISK_SERVICE_ (Iomega Active Disk) - "c:\program files\iomega\autodisk\adservice.exe" <Not Verified; Iomega Corporation; Iomega Active Disk>
R2 BGLiveSvc (BullGuard LiveUpdate) - "c:\program files\bullguard software\bullguard\bullguardupdate.exe" <Not Verified; BullGuard Software; BullGuard>
R2 Crypkey License - crypserv.exe <Not Verified; CrypKey (Canada) Ltd.; CrypKey Software Licensing System>
R2 Iomega App Services - "c:\progra~1\iomega\system32\appservices.exe" <Not Verified; Iomega Corporation; Iomega App Services>

S3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe (file missing)
S4 Iomega Activity Disk2 - ""


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_1040&SUBSYS_10008086&REV_00\3&61AAA01&0&68
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_1040&SUBSYS_10008086&REV_00\3&61AAA01&0&68
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-06-17 20:28:56 416 --a------ C:\WINDOWS\Tasks\AWC AutoSweep.job
2008-06-17 17:08:12 422 --a------ C:\WINDOWS\Tasks\AWC AutoCare.job


-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-17 20:54:04 13312 --a------ C:\WINDOWS\system32\topdfo.dll <Not Verified; ; BhoNew Module>
2008-06-14 22:46:40 0 d-------- C:\Program Files\Black Isle
2008-06-14 21:37:50 13312 --a------ C:\WINDOWS\system32\poplsim.dll <Not Verified; ; BhoNew Module>
2008-06-14 21:36:16 13312 --a------ C:\WINDOWS\system32\papdfo.dll <Not Verified; ; BhoNew Module>
2008-06-13 00:47:12 7602176 --a------ C:\Documents and Settings\Thomas Morgan\ntuser.dat
2008-06-11 20:41:21 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-06-10 23:32:07 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-10 19:46:42 0 d-------- C:\Isolation Ward Three
2008-06-10 17:39:22 0 d-------- C:\Documents and Settings\Thomas Morgan\.scribus
2008-06-10 17:38:22 0 d-------- C:\Program Files\Scribus 1.3.3.9
2008-06-09 02:33:36 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-08 16:42:49 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-08 16:42:41 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-08 16:42:40 0 d-------- C:\Documents and Settings\Thomas Morgan\Application Data\SUPERAntiSpyware.com
2008-06-08 16:42:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-08 15:37:06 0 d--hs---- C:\FOUND.016
2008-06-08 13:51:23 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-08 13:49:33 0 d-------- C:\Documents and Settings\Thomas Morgan\Application Data\Uniblue
2008-06-06 23:45:43 0 d-------- C:\Program Files\QuickTime
2008-06-06 23:45:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-05 18:56:03 0 d-------- C:\Program Files\Steinberg
2008-06-05 18:52:48 0 d-------- C:\Program Files\Sib Icon Editor
2008-06-05 18:51:10 0 d-------- C:\Documents and Settings\Thomas Morgan\Application Data\TaskCoach
2008-06-05 18:37:11 4 --a------ C:\WINDOWS\vx86036.dat
2008-06-05 18:37:10 0 d-------- C:\Documents and Settings\Thomas Morgan\.jdatastore7
2008-06-05 18:36:06 0 d-------- C:\Documents and Settings\Thomas Morgan\Application Data\Konrad Papala
2008-06-05 18:34:50 0 d-------- C:\Program Files\Moffsoft FreeCalc
2008-06-05 18:34:22 0 d-------- C:\Program Files\TaskCoach
2008-06-05 18:33:43 0 d-------- C:\Program Files\Organizer
2008-06-05 18:33:09 0 d-------- C:\Program Files\VisualTaskTips
2008-06-05 18:24:57 122880 --a------ C:\WINDOWS\system32\Crypserv.exe <Not Verified; CrypKey (Canada) Ltd.; CrypKey Software Licensing System>
2008-06-05 18:24:57 16896 --a------ C:\WINDOWS\system32\Ckldrv.sys
2008-06-05 18:24:57 27648 -ra------ C:\WINDOWS\Setup_ck.exe
2008-06-05 18:24:57 18432 --a------ C:\WINDOWS\Setup_ck.dll
2008-06-05 18:24:57 11776 --a------ C:\WINDOWS\Ckrfresh.exe
2008-06-05 18:24:57 165888 --a------ C:\WINDOWS\Ckconfig.exe <Not Verified; Kenonic Controls; CKCONFIG Application>
2008-06-05 18:24:37 0 d--h----- C:\Program Files\Zero G Registry
2008-06-05 18:21:00 0 d--h----- C:\Documents and Settings\Thomas Morgan\InstallAnywhere
2008-06-05 13:29:56 0 d--hs---- C:\FOUND.015
2008-05-31 17:05:50 0 d--hs---- C:\FOUND.014
2008-05-31 15:05:08 0 d--hs---- C:\FOUND.013
2008-05-29 13:10:02 0 d--hs---- C:\FOUND.012
2008-05-28 15:11:47 0 d-------- C:\WINDOWS\system32\FxsTmp
2008-05-27 15:08:11 0 d-------- C:\Documents and Settings\Thomas Morgan\.SunDownloadManager
2008-05-26 14:13:06 0 d-------- C:\Documents and Settings\Thomas Morgan\Application Data\WeatherWatcher
2008-05-26 02:30:28 0 d-------- C:\Program Files\The Color Picker
2008-05-25 22:10:47 0 d-------- C:\Python25
2008-05-25 22:02:09 0 d-------- C:\Documents and Settings\Thomas Morgan\Application Data\Blender Foundation
2008-05-25 22:02:06 0 d-------- C:\Program Files\Blender Foundation
2008-05-25 22:00:43 102400 --a------ C:\WINDOWS\system32\unzip32.dll <Not Verified; Info-ZIP; Info-ZIP's UnZip Windows DLL>
2008-05-25 22:00:43 0 d-------- C:\Program Files\Weather Watcher
2008-05-25 21:59:51 0 d-------- C:\Program Files\WonderWebWare Template Shaker
2008-05-25 17:55:16 0 d--hs---- C:\FOUND.011
2008-05-22 00:19:17 0 d-------- C:\Program Files\C3MT
2008-05-20 21:03:25 0 d-------- C:\Program Files\Firaxis Games
2008-05-19 22:58:07 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-18 22:30:51 0 d-------- C:\Program Files\Histopedia(2)
2008-05-18 22:27:15 0 d-------- C:\DBA Online(2)
2008-05-17 02:04:03 0 d-------- C:\WINDOWS\Prefetch
2008-05-17 01:57:11 0 d-------- C:\WINDOWS\system32\scripting
2008-05-17 01:57:10 0 d-------- C:\WINDOWS\l2schemas


-- Find3M Report ---------------------------------------------------------------

2008-05-17 01:50:46 250048 -rahs---- C:\ntldr
2008-05-14 18:44:20 0 d-------- C:\Program Files\Virtual Mechanics
2008-05-14 18:44:20 0 d-------- C:\Program Files\Common Files\Wintertree
2008-05-14 17:54:00 0 d-------- C:\Program Files\WebWizard
2008-05-13 17:06:58 0 d-------- C:\Documents and Settings\Thomas Morgan\Application Data\IObit
2008-05-06 01:25:04 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-04-26 22:34:56 0 d-------- C:\Documents and Settings\Thomas Morgan\Application Data\gtk-2.0
2008-04-26 22:33:20 0 d-------- C:\Documents and Settings\Thomas Morgan\Application Data\Inkscape
2008-04-26 22:31:00 0 d-------- C:\Program Files\Inkscape
2008-04-21 18:00:38 0 d-------- C:\Program Files\Flipz4Flash
2008-04-21 17:41:26 0 d-------- C:\Program Files\NetObjects
2008-04-21 12:42:04 0 d-------- C:\Program Files\Simple CSS
2008-04-21 12:41:14 0 d-------- C:\Documents and Settings\Thomas Morgan\Application Data\Acreon
2008-04-20 19:42:56 0 d-------- C:\Documents and Settings\Thomas Morgan\Application Data\Serif
2008-04-20 19:39:24 0 d-------- C:\Program Files\Serif
2008-04-20 15:27:06 0 d-------- C:\Program Files\Essentials Codec Pack
2008-04-20 14:50:46 3350 --a------ C:\Program Files\uninstal.log
2008-04-20 14:45:54 0 d-------- C:\Program Files\Pencil 2D
2008-04-17 16:19:32 90668 --a------ C:\WINDOWS\system32\vobis32.dll
2008-04-14 18:21:28 58157 --a------ C:\WINDOWS\system32\Uninstal.exe
2008-04-14 05:55:28 1804 --a------ C:\WINDOWS\system32\Dcache.bin
2008-03-19 10:47:00 1845248 --a------ C:\WINDOWS\system32\WIN32K.SYS <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupDelayer"="C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe" [14/12/2007 09:11]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 01:41]
"SystemTray"="SysTray.Exe" [29/08/2002 12:00 C:\WINDOWS\SYSTEM32\systray.exe]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [11/04/2008 22:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [08/04/2007 17:44]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [11/04/2008 22:16]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 16:46]
"Advanced WindowsCare 3"="C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" [22/04/2008 17:01]
"VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [31/05/2008 11:50]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [09/06/2008 13:11]

C:\Documents and Settings\Thomas Morgan\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [21/01/2008 15:41:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [09/06/2008 13:11 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 09/06/2008 13:11 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"IrMon"=IrMon.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard BgMainSvc BsFileScan BsMailProxy
BullGuardFw BsFwall


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}]
rundll32.exeadvpack.dll



-- End of Deckard's System Scanner: finished at 2008-06-17 20:57:47 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 3000+
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 511.48 MiB / 142.64 MiB
Pagefile Memory (total/avail): 1250.75 MiB / 925.61 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.04 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 74.51 GiB total, 32.22 GiB free.
D: is Fixed (FAT32) - 74.5 GiB total, 68.24 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is Removable (No Media)

\\.\PHYSICALDRIVE1 - IOMEGA ZIP 100

\\.\PHYSICALDRIVE0 - MAXTOR STM3160215A - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Unknown - 74.53 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 74.52 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: BullGuard Firewall v (BullGuard Software)
AV: BullGuard Antivirus v (BullGuard Software) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Thomas Morgan\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=L3E1I9
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Thomas Morgan
LOGONSERVER=\\L3E1I9
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$p$g
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp
USERDOMAIN=L3E1I9
USERNAME=Thomas Morgan
USERPROFILE=C:\Documents and Settings\Thomas Morgan
winbootdir=C:\WINDOWS
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Thomas Morgan (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /UNINSTALL /PROMPT
--> C:\PROGRA~1\Yahoo!\Common\unyt.exe
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Active Disk --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\AutoDisk\uninstal.log
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Advanced WindowsCare 3 Beta --> "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\unins000.exe"
Advanced WindowsCare Personal --> "C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoBase --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoBase\Uninst.isu"
ArcSoft PhotoStudio 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoStudio 2000\Uninst.isu"
BasicOffice Cardfile 1.0 --> "C:\Program Files\BasicOffice 1.0\unins000.exe"
Bios Wizard --> "C:\Program Files\Bios Wizard\Uninstall Bios Wizard.exe"
Blender (remove only) --> "C:\Program Files\Blender Foundation\Blender\uninstall.exe"
Broken Sword - The Sleeping Dragon --> C:\WINDOWS\unvise32.exe C:\Program Files\THQ\Broken Sword - The Sleeping Dragon\uninstal.log
BullGuard 7.0 --> C:\Program Files\BullGuard Software\BullGuard\uninst.exe
BurnAware Free Edition --> "C:\Documents and Settings\All Users\Application Data\{732094A9-8D45-41EB-B8CC-4EBAADD7808E}\burnaware_free.exe" REMOVE=TRUE MODIFY=FALSE
C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
Canon ScanGear Toolbox 3.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ScanGear Toolbox Ver3\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox Ver3\uninst.dll"
CD_DRV_70 --> C:\WINDOWS\unins000.exe
Civ3 Conquests v1.22 Full --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}\Setup.exe"
Civ3 MultiTool --> C:\WINDOWS\ViXUnin.exe C:\Program Files\C3MT\Vinstall.log
Civilization III Complete Edition --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2157961D-0507-44A8-BCF2-1EE2D439E8DF}
Civilization III v1.29f --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}\Setup.exe"
CleanMyPC Popup Blocker --> "C:\Program Files\CleanMyPC Popup Blocker\uninst.exe"
CTP2 Modswapper 1.12 --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Activision Value\Call To Power 2\ST5UNST.LOG"
DarkLoader 4.3 --> "C:\Thief Independent\DarkLoader\unins000.exe"
Drive Rescue 1.9 --> "C:\Program Files\Drive Rescue\unins000.exe"
Editor --> "C:\2EasyHTMLEditor\uninstall.exe"
Explorer Breadcrumbs 1.3.0.1 --> "C:\Program Files\Minimalist\Explorer Breadcrumbs\unins000.exe"
Freeciv 2.1.3 (GTK+ client) --> "C:\Program Files\Freeciv-2.1.3-gtk2\uninstall.exe"
FreshDownload --> "C:\Program Files\FreshDevices\FreshDownload\unins000.exe"
GarrettLoader 1.41 --> "C:\Thief Independent\GarrettLoader\unins000.exe"
GIMP 2.4.2 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Icewind Dale --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{433BF933-81D6-4646-A318-3DE5DB6108F2}\Setup.exe" -uninstall
Icewind Dale - Heart of Winter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{433BF933-81D6-4646-A318-3DE5DB6108F2}\Setup.exe" -uninstall
IE7Pro --> C:\Program Files\IEPro\uninst.exe
ieSpell 2.0.1 (build 325) --> "C:\Program Files\ieSpell\uninst.exe"
Inkscape 0.46 --> C:\Program Files\Inkscape\Uninstall.exe
IObit SmartDefrag --> "C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
IomegaWare 4.0.2 --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\uninstal.log
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LaBelle CD Toolbox v1.5 --> C:\WINDOWS\unvise32.exe C:\Program Files\uninstal.log
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Moffsoft FreeCalc --> "C:\Program Files\Moffsoft FreeCalc\unins000.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.5) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MT882 --> C:\Program Files\MT882\Adsl\uninstall.exe
NetObjects Fusion Essentials --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NetObjects\NetObjects Fusion Essentials\Uninst.isu" -c"C:\Program Files\NetObjects\NetObjects Fusion Essentials\uninst.dll"
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OmniPage Pro 9.0 --> C:\Program Files\Caere\OmniPagePro90\Deinstall.exe "C:\Program Files\Caere\OmniPagePro90\uninstall.exe -f'C:\Program Files\Caere\OmniPagePro90\DeIsL1.isu'"
OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
Opera 9.25 --> MsiExec.exe /X{870B0889-A92E-4230-A6A1-F739C1D140DD}
Password Safe --> "C:\Program Files\Password Safe\Uninstall.exe"
Python 2.5.2 --> MsiExec.exe /I{6B976ADF-8AE8-434E-B282-A06C7F624D2F}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Recuva (remove only) --> "C:\Program Files\Recuva\uninst.exe"
Samsung ML-4500 Series Driver --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\Samsung\ML4500\Ssgk2.isu
Scan Manager 5.2 --> MsiExec.exe /I{E0A1559B-9886-11D4-8D06-0050DA284A39}
Scribus 1.3.3.9 --> C:\Program Files\Scribus 1.3.3.9\uninst.exe
Send To Toys v2.5 --> "C:\Program Files\Send To Toys\unins000.exe"
Serif WebPlus SE --> MsiExec.exe /X{6A5FE305-1147-400D-9795-8B80E693476A}
Shockwave --> C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~2\INSTALL.LOG
Sib Icon Editor --> "C:\Program Files\Sib Icon Editor\uninstall.exe"
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Startup Delayer v2.3 (build 130) --> C:\Program Files\r2 Studios\Startup Delayer\Uninstall.exe
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Task Coach 0.70.0 --> "C:\Program Files\TaskCoach\unins000.exe"
The Color Picker 1.0 --> C:\Program Files\The Color Picker\uninst.exe
Thief - Deadly Shadows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC123EEA-330A-4685-911C-95B8F5E9DE68}\Setup.exe" -l0x9
Thief 2 --> C:\WINDOWS\IsUninst.exe -f"c:\isolation ward\lglass.u"
Thief:The Dark Project --> C:\WINDOWS\IsUninst.exe -f"c:\isolation ward one\thiefalphaIIu.log"
UpdateStar --> MsiExec.exe /X{378B2F52-8A32-4B2D-930A-D04C3D60972F}
Visual Task Tips 3.3 --> C:\Program Files\VisualTaskTips\uninst.exe
VP3 Codec for Video for Windows --> C:\WINDOWS\system32\Uninstal.exe
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Essentials Media Codec Pack 1.0 --> C:\Program Files\Essentials Codec Pack\uninst.exe
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Uninstall --> %SYSTEMROOT%\system32\osuninst.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WonderWebWare Template Shaker 2.3 --> "C:\Program Files\WonderWebWare Template Shaker\unins000.exe"
XML Paper Specification Shared Components Pack 1.0 -->
XnView 1.92.1 --> "C:\Program Files\XnView\unins000.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3080 / Error
Event Submitted/Written: 06/17/2008 08:56:52 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Event Record #/Type3079 / Error
Event Submitted/Written: 06/17/2008 08:56:50 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The server name or address could not be resolved

Event Record #/Type3078 / Warning
Event Submitted/Written: 06/17/2008 08:28:54 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type3077 / Warning
Event Submitted/Written: 06/17/2008 08:28:54 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type3075 / Warning
Event Submitted/Written: 06/17/2008 08:28:47 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20182 / Error
Event Submitted/Written: 06/17/2008 08:55:19 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type20181 / Error
Event Submitted/Written: 06/17/2008 08:55:19 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type20180 / Error
Event Submitted/Written: 06/17/2008 08:55:17 PM
Event ID/Source: 29053 / IPRIP
Event Description:
IPRIP could not join the multicast group 224.0.0.9
on the local interface with IP address 192.168.0.1.
The data is the error code.

Event Record #/Type20175 / Error
Event Submitted/Written: 06/17/2008 08:29:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type20173 / Error
Event Submitted/Written: 06/17/2008 08:28:59 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}



-- End of Deckard's System Scanner: finished at 2008-06-17 20:57:47 ------------

A horrendous 14 pages of tech - hope you understand it!!!

Regards
  • 0

#4
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Thanks :)

I see you have SuperAntiSpware installed, but you may not have the options set, so run it as follows:

  • Double-click the desktop icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.



Also, run an MBAM scan:


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

And post both the SAS and MBAM logs :)

eddie
  • 0

#5
Draigcoch

Draigcoch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Dear Eddie5659

Posted a reply to your last message on 21st June but it doesn't show on the forum!
Maybe I did something wrong - as they are fairly short they are included below:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/20/2008 at 11:05 PM

Application Version : 4.15.1000

Core Rules Database Version : 3486
Trace Rules Database Version: 1477

Scan type : Complete Scan
Total Scan Time : 01:53:22

Memory items scanned : 495
Memory threats detected : 0
Registry items scanned : 4699
Registry threats detected : 0
File items scanned : 136549
File threats detected : 0

Adware.Tracking Cookie
.statcounter.com [ C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt ]
counter.mycomputer.com [ C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt ]


Malwarebytes' Anti-Malware 1.18
Database version: 873

00:32:11 21/06/2008
mbam-log-6-21-2008 (00-32-11).txt

Scan type: Quick Scan
Objects scanned: 38814
Time elapsed: 22 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

My machine is still criminally slow and takes ages to start up Open Office.

Regards - Draigcoch
  • 0

#6
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
You have a file that may/may not be okay.

Can you open Windows Explorer, and find the following file:

C:\WINDOWS\SYSTEM32\systray.exe

Rightclick on the file, and select Properties. Does it say its a Microsoft file? Also, what size is it?


=====


While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.


Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3


1. Please open Notepad

  • Click Start , then Run
  • Type notepad.exe in the Run Box


2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
lredbooo

File::
c:\docume~1\stephe~1\locals~1\temp\lredbooo.sys


3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

ComboFix.txt
A New HijackThis log
  • 0

#7
Draigcoch

Draigcoch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Dear Eddie

Sorry it's been a while but I have had other commitments. Backup up all my files after seeing the Combo warning.

1) Systray.exe stub
Company: Microsoft Corporation
File Version: 5.1.2600.0
Date Created: 24/12/2007 23:27
Size: 3.00 KB

2) Spybot - teatime - NOT ticked

3) Combo log:

ComboFix 08-07-04.6 - Thomas Morgan 2008-07-05 16:52:39.1 - FAT32x86
Running from: C:\Documents and Settings\Thomas Morgan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Thomas Morgan\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\docume~1\stephe~1\locals~1\temp\lredbooo.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\start.exe
C:\WINDOWS\temp\perflib_perfdata_1cc.dat
C:\WINDOWS\Web\default.htt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Legacy_LREDBOOO
-------\Service_Iprip
-------\Service_lredbooo


((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.

2008-07-01 16:09 . 2008-07-01 16:09 <DIR> d-------- C:\Documents and Settings\Thomas Morgan\Application Data\Leadertech
2008-07-01 16:06 . 2008-07-01 16:06 <DIR> d-------- C:\Program Files\Common Files\Sonic
2008-07-01 16:06 . 2008-07-01 16:06 <DIR> d-------- C:\Documents and Settings\Thomas Morgan\Application Data\Sonic
2008-07-01 16:04 . 2008-07-01 16:04 <DIR> d-------- C:\Program Files\Sonic
2008-07-01 15:55 . 2008-07-01 15:55 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-06-29 21:39 . 2008-06-29 22:29 544 --a------ C:\WINDOWS\_delis32.ini
2008-06-26 19:35 . 2008-06-26 19:35 <DIR> d-------- C:\Documents and Settings\Thomas Morgan\Application Data\Avanquest
2008-06-26 19:33 . 2008-06-26 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avanquest
2008-06-26 19:32 . 2008-06-26 19:32 <DIR> d-------- C:\Program Files\Avanquest
2008-06-26 19:32 . 2008-06-26 19:32 <DIR> d-------- C:\Documents and Settings\Thomas Morgan\Application Data\InstallShield
2008-06-24 15:49 . 2008-06-24 15:49 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-21 21:39 . 2008-06-21 21:39 <DIR> d-------- C:\Games
2008-06-20 23:58 . 2008-06-20 23:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-20 23:58 . 2008-06-20 23:58 <DIR> d-------- C:\Documents and Settings\Thomas Morgan\Application Data\Malwarebytes
2008-06-20 23:58 . 2008-06-20 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-20 23:58 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-06-20 23:58 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-06-17 20:55 . 2008-06-17 20:55 <DIR> d-------- C:\Deckard
2008-06-11 20:41 . 2000-05-22 00:00 244,416 --a------ C:\WINDOWS\SYSTEM32\MSFLXGRD.OCX
2008-06-11 20:41 . 2000-05-22 00:00 118,976 --a------ C:\WINDOWS\SYSTEM32\MSADODC.OCX
2008-06-11 20:41 . 2000-07-15 00:00 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL
2008-06-11 16:03 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\SYSTEM32\dllcache\bthport.sys
2008-06-10 19:46 . 2008-06-10 19:46 <DIR> d-------- C:\Isolation Ward Three
2008-06-10 17:39 . 2008-06-10 17:39 <DIR> d-------- C:\Documents and Settings\Thomas Morgan\.scribus
2008-06-10 17:38 . 2008-06-10 17:38 <DIR> d-------- C:\Program Files\Scribus 1.3.3.9
2008-06-09 02:33 . 2008-06-09 02:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-08 16:42 . 2008-06-08 16:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-08 16:42 . 2008-06-08 16:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-08 16:42 . 2008-06-08 16:42 <DIR> d-------- C:\Documents and Settings\Thomas Morgan\Application Data\SUPERAntiSpyware.com
2008-06-08 16:42 . 2008-06-08 16:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-08 13:52 . 2008-06-08 13:52 4,580 --a------ C:\WINDOWS\SYSTEM32\PerfStringBackup.TMP
2008-06-08 13:51 . 2008-06-08 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-08 13:49 . 2008-06-08 13:49 <DIR> d-------- C:\Documents and Settings\Thomas Morgan\Application Data\Uniblue
2008-06-06 23:48 . 2008-07-05 15:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-06 23:48 . 2008-06-06 23:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-06 23:45 . 2008-06-06 23:45 <DIR> d-------- C:\Program Files\QuickTime
2008-06-06 23:45 . 2008-06-06 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-05 18:56 . 2008-06-05 18:56 <DIR> d-------- C:\Program Files\Steinberg
2008-06-05 18:52 . 2008-06-05 18:52 <DIR> d-------- C:\Program Files\Sib Icon Editor
2008-06-05 18:51 . 2008-06-05 18:51 <DIR> d-------- C:\Documents and Settings\Thomas Morgan\Application Data\TaskCoach
2008-06-05 18:37 . 2008-06-05 18:37 <DIR> d-------- C:\Documents and Settings\Thomas Morgan\.jdatastore7
2008-06-05 18:37 . 2008-06-05 18:39 2,240 --a------ C:\WINDOWS\SYSTEM32\esnecil.nlp
2008-06-05 18:37 . 2008-06-05 18:46 2,240 --a------ C:\WINDOWS\SYSTEM32\esnecil.ind
2008-06-05 18:37 . 2008-06-05 18:39 4 --a------ C:\WINDOWS\vx86036.dat
2008-06-05 18:36 . 2008-06-05 18:36 <DIR> d-------- C:\Documents and Settings\Thomas Morgan\Application Data\Konrad Papala
2008-06-05 18:34 . 2008-06-05 18:34 <DIR> d-------- C:\Program Files\TaskCoach
2008-06-05 18:34 . 2008-06-05 18:34 <DIR> d-------- C:\Program Files\Moffsoft FreeCalc
2008-06-05 18:33 . 2008-06-05 18:33 <DIR> d-------- C:\Program Files\VisualTaskTips
2008-06-05 18:33 . 2008-06-05 18:33 <DIR> d-------- C:\Program Files\Organizer
2008-06-05 18:25 . 2008-06-05 18:25 30 --a------ C:\WINDOWS\Crypkey.ini
2008-06-05 18:24 . 2008-06-05 18:24 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-06-05 18:24 . 1999-06-18 22:49 165,888 --a------ C:\WINDOWS\Ckconfig.exe
2008-06-05 18:24 . 2007-05-23 19:29 122,880 --a------ C:\WINDOWS\SYSTEM32\Crypserv.exe
2008-06-05 18:24 . 1996-05-03 18:21 27,648 -ra------ C:\WINDOWS\Setup_ck.exe
2008-06-05 18:24 . 1996-05-03 16:36 18,432 --a------ C:\WINDOWS\Setup_ck.dll
2008-06-05 18:24 . 2007-05-01 22:15 16,896 --a------ C:\WINDOWS\SYSTEM32\Ckldrv.sys
2008-06-05 18:24 . 1995-07-04 19:33 11,776 --a------ C:\WINDOWS\Ckrfresh.exe
2008-06-05 18:21 . 2008-06-05 18:21 <DIR> d--h----- C:\Documents and Settings\Thomas Morgan\InstallAnywhere

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-21 21:32 98,304 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-26 13:13 --------- d-----w C:\Documents and Settings\Thomas Morgan\Application Data\WeatherWatcher
2008-05-26 01:30 --------- d-----w C:\Program Files\The Color Picker
2008-05-25 21:02 --------- d-----w C:\Program Files\Blender Foundation
2008-05-25 21:02 --------- d-----w C:\Documents and Settings\Thomas Morgan\Application Data\Blender Foundation
2008-05-25 21:00 --------- d-----w C:\Program Files\Weather Watcher
2008-05-25 20:59 --------- d-----w C:\Program Files\WonderWebWare Template Shaker
2008-05-18 21:30 --------- d-----w C:\Program Files\Histopedia(2)
2008-05-14 17:44 --------- d-----w C:\Program Files\Virtual Mechanics
2008-05-14 17:44 --------- d-----w C:\Program Files\Common Files\Wintertree
2008-05-14 16:54 --------- d-----w C:\Program Files\WebWizard
2008-05-13 16:06 --------- d-----w C:\Documents and Settings\Thomas Morgan\Application Data\IObit
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\SYSTEM32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\SYSTEM32\dllcache\quartz.dll
2008-04-23 21:16 3,591,680 ------w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2008-04-20 13:50 3,350 ----a-w C:\Program Files\uninstal.log
2008-04-20 05:07 161,792 ------w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll
2008-04-17 15:19 90,668 ----a-w C:\WINDOWS\SYSTEM32\vobis32.dll
2008-04-14 17:21 58,157 ----a-w C:\WINDOWS\SYSTEM32\Uninstal.exe
2008-04-14 04:55 1,804 ----a-w C:\WINDOWS\SYSTEM32\Dcache.bin
2007-12-24 22:01 266 --sh--w C:\Program Files\desktop.ini
2007-12-24 22:01 11,079 ---h--w C:\Program Files\folder.htt
2006-07-17 08:21 74,752 ----a-w C:\Program Files\opera\program\plugins\fdplugin.dll
2006-07-17 08:21 74,752 ----a-w C:\Program Files\opera\program\plugins\FDOperaPlugin.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2007-10-26 03:34 8460288 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-09 13:11 1506544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupDelayer"="C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2007-12-14 09:11 26112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]

C:\Documents and Settings\Thomas Morgan\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-09 13:11 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-06-09 13:11 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"vidc.vp31"= vp31vfw.dll
"vidc.COL1"= Col4codk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"IrMon"=IrMon.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 VFILT;BullGuard Firewall Kernel Driver;C:\Program Files\BullGuard Software\BullGuard\FwEngine\FiltNt.sys [2006-11-02 11:36]
R2 BdFileSpy;BullGuard File Monitor Driver;C:\WINDOWS\system32\drivers\BdFileSpy.sys [2007-12-30 16:12]
R2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
R2 BsFwall;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-07-27 15:37]
R3 PROTECT.DLL;BullGuard Firewall Protection Plugin;C:\Program Files\BullGuard Software\BullGuard\FwEngine\Protect.dll [2006-11-02 11:36]
R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Software\BullGuard\reconn.sys [2007-12-30 16:12]
S3 ADBLOCK.DLL;BullGuard Firewall Adware Plugin;C:\Program Files\BullGuard Software\BullGuard\FwEngine\AdBlock.dll []
S3 BGRaSvc;BGRaSvc;C:\Program Files\BullGuard Software\BullGuard\support\bgrasvc.exe [2008-03-23 14:10]
S3 HTMLFILT.DLL;BullGuard Firewall HTML Plugin;C:\Program Files\BullGuard Software\BullGuard\FwEngine\HtmlFilt.dll []
S3 HTTPFILT.DLL;BullGuard Firewall HTTP Plugin;C:\Program Files\BullGuard Software\BullGuard\FwEngine\HttpFilt.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy
BullGuardFw REG_MULTI_SZ BsFwall


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}]
rundll32.exeadvpack.dll
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 16:57:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\OPENOFFICE.ORG 2.4\PROGRAM\SOFFICE.EXE
C:\PROGRAM FILES\OPENOFFICE.ORG 2.4\PROGRAM\SOFFICE.BIN
C:\PROGRAM FILES\BULLGUARD SOFTWARE\BULLGUARD\BULLGUARDUPDATE.EXE
C:\WINDOWS\SYSTEM32\CRYPSERV.EXE
C:\PROGRAM FILES\IOMEGA\SYSTEM32\APPSERVICES.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\SYSTEM32\TCPSVCS.EXE
C:\WINDOWS\SYSTEM32\SNMP.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
.
**************************************************************************
.
Completion time: 2008-07-05 17:03:29 - machine was rebooted [Thomas Morgan]
ComboFix-quarantined-files.txt 2008-07-05 16:03:20

Pre-Run: 38,497,157,120 bytes free
Post-Run: 38,436,077,568 bytes free

206 --- E O F --- 2008-06-21 00:50:33

4) New Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:19, on 05/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: FreshDownload - {4EFC61EF-69C0-46C6-A0E7-4F0397E6623C} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard - C:\Program Files\BullGuard Software\BullGuard\support\bgrasvc.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 7326 bytes

After looking at these files it makes me wonder why I have so many programs running that I hardly ever use!

Regards - Twmas Morgan
  • 0

#8
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
That's okay, we all have other lives other than here :)

The main ones to look at are the 04 entries in the HijackThis log, as these are your startup programs. having too many slows the computer down when starting Windows.

As for the other files, you may want to look thru your program files, or AddRemove, and see if you want to uninstall any. Use the uninstall option via AddRemove, or in Start | programs :)


Re-open HiJackThis and choose do a system scan only. Check the box of the entry listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

Now close all windows other than HiJackThis, then click Fix Checked.



Now download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select ""Do no automatically generate report""
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.


eddie
  • 0

#9
Draigcoch

Draigcoch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Dear Eddie

Followed your instructions - AVG took about 2 hours for the scan - here's the log:


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:40:02 20/07/2008

+ Scan result:



:mozilla.541:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.222:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.223:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.224:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.225:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.321:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Thomas Morgan\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Thomas Morgan\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.133:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.134:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.135:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.29:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.30:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.31:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.554:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.378:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.379:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.380:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.381:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.382:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.383:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.384:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.385:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.386:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.387:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.82:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.83:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.84:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.85:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.86:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.87:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.88:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.89:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.90:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.91:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.329:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.132:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.134:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.140:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.143:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.144:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.309:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.310:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.311:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.312:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.313:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.147:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.583:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.150:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.54:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.87:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Thomas Morgan\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.84:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.85:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.86:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Thomas Morgan\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Thomas Morgan\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.74:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.75:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.75:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.76:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.76:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.77:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.77:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.78:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.78:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.79:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.79:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.80:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.81:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.82:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.83:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Thomas Morgan\Cookies\[email protected][2].txt -> TrackingCookie.Cnw : Cleaned.
:mozilla.36:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.46:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.440:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.441:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.442:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.59:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.60:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.61:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.62:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.405:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.406:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.407:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.408:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.409:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.410:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.411:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.148:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.149:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.256:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.257:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.115:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.116:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.117:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.88:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Thomas Morgan\Cookies\[email protected][1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.240:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.164:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.165:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.166:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.167:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.168:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.169:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.170:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.171:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.172:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Thomas Morgan\Cookies\[email protected][1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Thomas Morgan\Cookies\[email protected][1].txt -> TrackingCookie.Real : Cleaned.
:mozilla.114:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.127:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.128:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.129:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.130:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.187:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.190:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.191:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.193:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.194:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.195:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.198:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.322:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.323:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.324:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.325:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.326:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.327:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.328:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.481:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.28:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.29:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.30:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.31:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.32:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.33:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.34:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.35:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.37:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.38:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.42:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.45:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.133:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.135:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.136:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.137:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.145:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.297:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.298:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.303:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.304:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.305:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.448:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.97:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.98:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.99:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.163:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Thomas Morgan\Cookies\[email protected][2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.152:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.47:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.48:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.49:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:C:\Documents and Settings\Thomas Morgan\Application Data\Mozilla\Firefox\Profiles\go644ccn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.68:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.69:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.70:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.71:C:\Documents and Settings\Thomas Morgan\Application Data\Flock\Browser\Profiles\jmtg5bdy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Thomas Morgan\Desktop\NOT backed up\Computing\Misc\frui.exe -> Trojan.Obfuscated.mu : Cleaned with backup (quarantined).
C:\Documents and Settings\Thomas Morgan\My Documents\Computing\Sound & Vision\sg02setup.exe -> Trojan.Obfuscated.mu : Cleaned with backup (quarantined).
C:\Documents and Settings\Thomas Morgan\My Documents\Computing\Web page building\Web Editors\Alley Code\alleycodesetup.exe -> Trojan.Obfuscated.mu : Cleaned with backup (quarantined).


::Report end


As you can see one Trojan and 171 tracker cookies!

I think I need to do a spring clean!

Thanks for your help.
  • 0

#10
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Edited by eddie5659, 21 July 2008 - 04:59 PM.

  • 0

#11
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
I've edited the above reply to use a different scaner, if you saw my original reply. If not, just run the above for me :)

Also, does Advanced Windows Care find those files as viruses still? As this is a Beta version, it may still be in the development stages, so don't remove the files with the program, as we need to determine if they're legit files.
  • 0

#12
Draigcoch

Draigcoch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Dear Eddie

Problem - tried using Kaspersky WebScanner but got this error message

"Starting Java applet has failed! Please go online to use this program."

Puzzling in 2 ways: (a) I was obviously online at the time!
(b) I have the latest updated Java (and Javascript) runtimes installed on my machine.

I tried several times and did manage to get the updates - then the error message again?

Can you suggest an alternative or am I just being dim (no change there then!).

Regards - Draigcoch
  • 0

#13
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Hmm, wonder if the security settings are disallowing it.

Go to Control Panel | Internet Options. Security tab. Click on Default Level, apply and ok.

If it still doesn't work, try Panda:

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

eddie
  • 0

#14
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Back again, and we have a better option for the online scan, as its now updated :)

Try this first:


Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right cklick on the jre-6u7-windows-i586-p.exe and select "Run as an Administrator.")

[/LIST]
  • 0

#15
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP