Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

... not a valid win32 application [CLOSED]


  • This topic is locked This topic is locked

#1
louie10

louie10

    New Member

  • Member
  • Pip
  • 7 posts
Whenever I try to open a photograph with Kodak EasyShare software, I get a message telling me..

C/:Documents and Settings/.../100_0829.JPG is not a valid Win32 application.

I cannot open any of my photographs on my computer, with any software.

I don't have a clue why or what it means? I thought that there was something faulty on my Kodak software, so I removed it and re-installed it several times. I now know this doesn't help at all.
I have also ran Ad-aware and removed two Malware files.

My computer has also been running extremely slow recently, i dont know whether it is connected?

I would greatly appreciate any help you could give me.

Thankyou.
  • 0

Advertisements


#2
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hello louie10 and Welcome to Geeks to Go!

Sorry for the delay.
We've been quite busy this week. :)

We very much would like to help but you must post a Hijackthis log first. This will aid us in determining what type of malware infection(s) you may have on your system.

To do so,

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
louie10

louie10

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi koko_crunch
Thankyou for your reply. I followed your instructions and this is what it gave me...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:39, on 24/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\wltray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BT Voyager\BT Voyager Wireless\WLM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nec-online.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\System32\wltray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-21-892050303-2886691247-3887011261-1006\..\Run: [Sonic RecordNow!] (User '?????')
O4 - HKUS\S-1-5-21-892050303-2886691247-3887011261-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?????')
O4 - HKUS\S-1-5-21-892050303-2886691247-3887011261-1006\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h (User '?????')
O4 - HKUS\S-1-5-21-892050303-2886691247-3887011261-1006\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all (User '?????')
O4 - HKUS\S-1-5-21-892050303-2886691247-3887011261-1006\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User '?????')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1185733011123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7181 bytes
  • 0

#4
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Let's do some scan submit some files for analysis then do a scan.

First,

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\system32\drivers\Icon.exe
    • C:\WINDOWS\system32\SOUNDMAN.EXE
  • Click on the submit button
  • Please post the results in your next reply.

Next,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Finally,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.

Click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt

Check to make sure your post doesn't doesn't get cut off.
Logs required on reply.

- MBAM log
- Jotti log
- DSS main and extra.

Edited by koko_crunch, 24 June 2008 - 11:12 AM.

  • 0

#5
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#6
admin

admin

    Founder Geek

  • Administrator
  • 24,540 posts
Topic opened at member's request.
  • 0

#7
louie10

louie10

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I carried out the first scan with jotti and i am not sure if it completed as the green bar did not reach 100%, despite being left for a length of time.
This is all that it said...


A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

I also downloaded Malwarebytes Anti-Malware, and after the scan had completed, i followed your instructions to remove everything it found. The scan found 7 Trojan. Downloaders, but when i had checked them all and pressed remove selected, 7 errors popped up saying;

Cannot export C:/Documents and Settings/?????/Application Data/Malwarebyes/Malwarebytes' Anti-Malware/Quarantine/QUAR3.62248: Error opening the file. There may be a disk or file system error.

..or similar.

I also got another error saying:

Windows cannot find 'C:/Documents and Settings/?????/Application Data/Malwarebyes/Malwarebytes' Anti-Malware/Logs/mbam-log-7-2-2008 (28-29-04).txt' Make sure you typed the name correctly and then try again. To search for a file, click the start button, and then click search.

I didnt have anything in the log either, so i dont know what went wrong?


I then downloaded and ran the final scan, these are the main results;


Deckard's System Scanner v20071014.68
Run by ????? on 2008-07-02 23:49:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
27: 2008-07-02 22:50:46 UTC - RP199 - Deckard's System Scanner Restore Point
26: 2008-07-02 18:03:03 UTC - RP198 - System Checkpoint
25: 2008-06-21 18:49:36 UTC - RP197 - Software Distribution Service 3.0
24: 2008-06-20 12:43:25 UTC - RP196 - Software Distribution Service 3.0
23: 2008-06-19 23:12:34 UTC - RP195 - Printer Driver Microsoft Office Document Image Writer Installed


-- First Restore Point --
1: 2008-04-03 19:05:35 UTC - RP173 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 224 MiB (512 MiB recommended).


-- HijackThis (run as ?????.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-02 23:58:55
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wltrysvc.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wltray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BT Voyager\BT Voyager Wireless\WLM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Temporary Internet Files\Content.IE5\G3QZY9K9\dss[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nec-online.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\System32\wltray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: BT Voyager Wireless Utility.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.stumbleupon.com (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1185733011123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\wltrysvc.exe


--
End of file - 7401 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S3 BTUsbrXP® (BT Voyager 1010 USB Adapter) - c:\windows\system32\drivers\btusbrxp.sys <Not Verified; Askey Computer; BT Voyager 1010 USB Adapter>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA VT6105 Rhine III Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_D0041631&REV_8B\4&16793A72&0&10F0
Manufacturer: VIA Technologies, Inc.
Name: VIA VT6105 Rhine III Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_D0041631&REV_8B\4&16793A72&0&10F0
Service: FETNDISB


-- Files created between 2008-06-02 and 2008-07-02 -----------------------------

2008-07-02 23:13:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-02 23:13:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-24 13:46:45 0 d-------- C:\Program Files\Trend Micro
2008-06-20 00:07:13 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-19 17:53:02 0 d-------- C:\Program Files\ErrorClean
2008-06-19 16:31:51 0 d-------- C:\Program Files\Uniblue
2008-06-19 14:46:10 0 d-------- C:\Program Files\Lavasoft
2008-06-19 14:46:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-19 14:43:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 16:16:15 0 d-------- C:\Documents and Settings\Guest\Application Data\Apple Computer


-- Find3M Report ---------------------------------------------------------------

2008-07-02 18:10:46 21953 --a------ C:\logfile
2008-06-20 00:05:38 0 d-------- C:\Program Files\Common Files
2008-06-19 15:51:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-02 01:44:52 0 d-------- C:\Program Files\Canon
2008-05-08 08:59:28 0 d-------- C:\Documents and Settings\?????\Application Data\MSN6


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [02/10/2003 14:37]
"STDSB"="C:\WINDOWS\system32\drivers\STDSB.exe" [17/12/2003 16:50]
"Icon"="C:\WINDOWS\system32\drivers\Icon.exe" [16/04/2004 11:17]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [27/03/2003 17:43]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [27/03/2003 17:43]
"SoundMan"="SOUNDMAN.EXE" [27/03/2003 16:34 C:\WINDOWS\SOUNDMAN.EXE]
"wltray.exe"="C:\WINDOWS\System32\wltray.exe" [01/03/2005 15:44]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/02/2008 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/02/2008 15:18]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"ares"="C:\Program Files\Ares\Ares.exe" []
"kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BT Voyager Wireless Utility.lnk - C:\Program Files\BT Voyager\BT Voyager Wireless\WLM.exe [07/12/2004 20:21:24]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [19/09/2007 05:33:46]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-07-02 23:59:54 ------------


And these are the ‘extra’ results;

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1500MHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 223.48 MiB / 70.22 MiB
Pagefile Memory (total/avail): 364.24 MiB / 158.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.69 MiB

C: is Fixed (NTFS) - 35.25 GiB total, 21.18 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC25N040ATMR04-0 - 37.26 GiB - 2 partitions
\PARTITION0 - Unknown - 2.01 GiB
\PARTITION1 (bootable) - Installable File System - 35.25 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Ares Ultra\\Ares Ultra.exe"="C:\\Program Files\\Ares Ultra\\Ares Ultra.exe:*:Enabled:Ares Ultra p2p for windows"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\?????\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EMILYS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\?????
LOGONSERVER=\\EMILYS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\2912~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\2912~1\LOCALS~1\Temp
USERDOMAIN=EMILYS
USERNAME=?????
USERPROFILE=C:\Documents and Settings\?????
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

????? (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\system32\drivers\unSTDSB.exe
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80426743-0CC7-4967-BFEC-10DE08D1B6F3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80426743-0CC7-4967-BFEC-10DE08D1B6F3}\setup.exe" -l0x9 /remove
--> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
--> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4oD --> MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Advanced Video FX Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x9 /remove
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
BT Voyager 1065 Wireless Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1AFAE2EB-BC93-4B28-9C7C-004BBF974E3C}\setup.exe" -l0x9
BT Voyager Wireless Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34DB8A8D-73CD-11D6-BD16-0050BA11CC04}\Setup.exe" -l0x9
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
EPSON PhotoQuicker3.4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A793FC6-6DF5-11DD-BB6A-00018021113F}\SETUP.EXE" -l0x9 uninst
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ESC64 Reference Guide --> C:\Program Files\EPSON\ESC64\REF_G\DOCUNINS.EXE
ESC64 Software Guide --> C:\Program Files\EPSON\ESC64\PQU_G\DOCUNINS.EXE
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0002_36b64f\Setup.exe /APR-REMOVE
LG PC Suite --> C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe -runfromtemp -l0x0009 -removeonly
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 LG -removeonly
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\SETUP.EXE" -uninstall
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SightSpeed (remove only) --> "C:\Program Files\SightSpeed\uninst.exe"
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type4036 / Error
Event Submitted/Written: 07/02/2008 11:53:24 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mbam.exe, version 1.19.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3999 / Error
Event Submitted/Written: 06/19/2008 02:57:22 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 767637487.

Event Record #/Type3998 / Error
Event Submitted/Written: 06/19/2008 02:57:00 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3956 / Error
Event Submitted/Written: 06/04/2008 06:26:21 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iTunes.exe, version 7.6.0.29, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13911 / Warning
Event Submitted/Written: 07/02/2008 08:37:48 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 020CF147CFF3. The IP address being used is 169.254.34.113.

Event Record #/Type13884 / Error
Event Submitted/Written: 07/02/2008 06:08:22 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The STDSB service failed to start due to the following error:
%%2

Event Record #/Type13883 / Error
Event Submitted/Written: 07/02/2008 06:08:22 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Parallel port driver service failed to start due to the following error:
%%1058

Event Record #/Type13860 / Error
Event Submitted/Written: 06/24/2008 01:37:05 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The STDSB service failed to start due to the following error:
%%2

Event Record #/Type13859 / Error
Event Submitted/Written: 06/24/2008 01:37:05 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Parallel port driver service failed to start due to the following error:
%%1058



-- End of Deckard's System Scanner: finished at 2008-07-02 23:59:54 ------------

Hope this helps :)
  • 0

#8
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Sorry for the wait. I'm having internet problems lately.

Moving on...

Anti-virus is a necessity this days.
Please install one.
Choose one from these free Anti-Virus softwares.

Note: Installing more than one anti-virus software can lead to system hang ups and conflicts, providing less protection, not more!.

INSTALL
Then
UPDATE


next,

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

  • 0

#9
louie10

louie10

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi, thankyou for your reply.

I downloaded avast! to my computer.
However, I could not follow the instructions for SDFix.
The window appears asking if I want to save, install or cancel, when I chose to install, the programme didnt save to my desktop and I couldn't find it again on my computer to run in safemode. I tried again, this time choosing to save, i saved to my desktop. When I double clicked on the icon, a window appears saying that the publisher could not be verified and do i still want to continue to runthe software? I clicked Run and another window appears titled WinRAR self-extracting achive. Inside the window, i recieve a message saying 'Cannot open C:\Documents and Settings\?????\Desktop'
I pressed install and an error window appears saying '"C:\Documents and Settings\?????\Desktop" folder is not accessible'

Could you advise me of what I am doing wrong?

Thankyou
  • 0

#10
louie10

louie10

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi again,

I have since re-tried to run SDFix and I have managed to get it working.
I ran it in safe mode and I got these results after it had finished:


SDFix: Version 1.207
Run by ????? on 22/07/2008 at 01:13

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 01:34:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DocFolderPaths]
"T\4<\4W\4\a\4^\4"="C:\Documents and Settings\T<W^\My Documents"
source file error: C:\Documents and Settings\?????\ntuser.dat

scanning hidden files ...

folder error: C:\Documents and Settings\?????

Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Ares Ultra\\Ares Ultra.exe"="C:\\Program Files\\Ares Ultra\\Ares Ultra.exe:*:Enabled:Ares Ultra p2p for windows"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :



Files with Hidden Attributes :

Wed 11 Aug 2004 193 A.SHR --- "C:\BOOT.BAK"
Mon 4 Oct 2004 417,792 A..H. --- "C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP186\A0036403.exe"
Tue 11 May 2004 61,440 A..H. --- "C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP186\A0036404.dll"
Sun 29 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\409eeb5b15ac5b9aeee323d7da0f978c\BIT3B.tmp"
Sun 29 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\92554586f3df257ccc6f5cd3e1efab22\BIT42.tmp"
Sun 29 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a1394c19ce964344512c4b8ba52cbec5\BIT46.tmp"
Sun 29 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bcb3a3806a563c7b761fcff92a4f36ad\BIT52.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT1.tmp"
Mon 21 May 2007 19,968 A..H. --- "C:\Documents and Settings\?????\Application Data\Microsoft\Word\~WRL0003.tmp"
Sun 29 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4cd8fa349c86e90c2d5b6edfe250f0d9\download\BIT5E.tmp"
Sun 29 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\94ee68f37097c1148365727afa16d894\download\BIT61.tmp"

Finished!


Thankyou and please ignore the previous reply.
  • 0

#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt




Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#12
louie10

louie10

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi

DSS Configeration did not run, instead, I got an error message saying:

Windows cannot find 'C:/Documents and Settings/..../Desktop/dss.exe' Make sure you typed the name correctly then try again. To search for a file, to search for a file, click the start button, and then click search.

I also used the link and followed your instructions for Kaspersky Online Scanner. I was prompted to install the active x component, I agreed to install, but the programme dit not launch.

What should I do now?
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Run DSS normally and post the log here
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP