Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Popup and slow performance [CLOSED]


  • This topic is locked This topic is locked

#1
need h3lp...

need h3lp...

    Member

  • Member
  • PipPip
  • 16 posts
I ran CCleaner before HiJack this, I don't know if it was necessary but I did it.

Here's the CCleaner log file:

CLEANING COMPLETE - (30.290 secs)
------------------------------------------------------------------------------------------
169.4MB removed.
------------------------------------------------------------------------------------------

Details of files deleted
------------------------------------------------------------------------------------------
IE Temporary Internet Files (6206 files) 166.3MB
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 219 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 487 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 106 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 100 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 344 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 306 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 213 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 680 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 84 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 319 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 152 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 113 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 661 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 263 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 97 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 88 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 139 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 267 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 565 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 108 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 237 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 202 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 249 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 365 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 144 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 130 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 163 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 118 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 321 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 146 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 304 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 420 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 366 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 421 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 490 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 226 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 382 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 89 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 827 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 438 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 110 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 359 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 68 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 186 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 591 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 80 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 75 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 96 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 502 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 107 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 101 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 175 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 243 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 138 bytes
C:\Documents and Settings\Windows\Cookies\[email protected]%20Scripts[1].txt 86 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 183 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 115 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 683 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 117 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 102 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][3].txt 301 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 164 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 341 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 110 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 119 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 322 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 431 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 96 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 68 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 92 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 260 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 600 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 108 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 513 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 77 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 115 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 188 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 83 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 680 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 366 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 381 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 77 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 77 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 98 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 326 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 212 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 135 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 433 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 370 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 132 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 83 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 104 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 618 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 88 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 323 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 397 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 181 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 92 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 421 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 125 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 257 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 356 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 179 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 832 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 255 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 268 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 71 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 347 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 93 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 129 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][2].txt 191 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 98 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 309 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 100 bytes
C:\Documents and Settings\Windows\Cookies\[email protected][1].txt 91 bytes
Marked for deletion: C:\Documents and Settings\Windows\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marked for deletion: C:\Documents and Settings\Windows\Cookies\index.dat
Marked for deletion: C:\Documents and Settings\Windows\Local Settings\History\History.IE5\index.dat
C:\WINDOWS\TEMP\symlcsv1.exe 57.38KB
C:\Documents and Settings\Windows\Local Settings\Temp\931.txt 49.81KB
C:\Documents and Settings\Windows\Local Settings\Temp\CmdLineExt02.dll 36.00KB
C:\Documents and Settings\Windows\Local Settings\Temp\dat5F.tmp 33.24KB
C:\Documents and Settings\Windows\Local Settings\Temp\jusched.log 6.92KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\0PtyWkwjc1uLuQHR4owIKW0VTRk= 8.62KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\2KJQLQ2IDv2FdAiKmOLbz7RaG4Mo= 17.75KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\2W6yO4wSxCiudZ4bA4WKuTClfEo= 2.68KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\4a2FtWlOrEojS35bdaeIsKhY6kIE= 0.12MB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\a9AsbWJoNcPMYV5ZudplNj46I7A= 28.02KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\aiYkE98S7g6nWXtblCOhvmPiblQ= 11.84KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\aQlgP9d29ZmJyR8oYvQS3MdJhZY= 3.29KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\AQZuFYDeqP8+voBYrQXfpQHe1Zs= 17.38KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\awpzCz2F7dfibD9ywKhn5mdZ6xDY= 3.23KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\c4uCUtcBBPFCgG6ruNJfxMaNtUc= 1.50KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\CWzvjldexZ1wtDJ2FZ2Fwv6krcLng= 20.72KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\dilf2FqFPOGedaHymrmQI5AOw4W4= 2.97KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\ganfDx2FFRLHCaFv9BFSouGtYxeQ= 18.01KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\HVZ2dtpvc5pO6VLxDtvshIvC264= 8.38KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\i57i8x+G+Wl4c+ZtsGQh0jqaEGg= 3.30KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\MoDdDhEbUpBbzbvVMzGQAdRShlw= 24.84KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\PuZu0GhlK2FIovog2FbmKNynM0gMg= 19.50KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\qPf2FrD3mXNdquk3tY3ORKAaJiTU= 2.58KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\qVI6uYJLf7ZKc7QMtP9Du5yZUDg= 2.35KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\RRyMNF42FOm7VeA9RAXzDd3pkMkA= 1.08KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\s7IlMXnYwQWH5TpickKKD5b732Fo= 2.94KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\SQ2FdzMDoI9q0oN3vAxm2FXMM0x2FM= 10.08KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\SwjUGtZ2A2FQFNNwMeW6ooEkAuN8= 9.28KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\SxiOZ6ciRbYabe20lzsyiaM6O2Fo= 8.64KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\t9Nb3Mny74qgLUYv7z0vM9STexU= 40.12KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\VyKOQjqnjftDAuKCsGo1bGFzOZc= 5.77KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\X1rcHCIk1ZfamjRRCQFcwiU8xK8= 28.04KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\YFLA+enV9fPANTGLrunVwSTQuwM= 4.96KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\YH+72F8Rxkjj0zSixe67cRHZsDMA= 2.55KB
C:\Documents and Settings\Windows\Local Settings\Temp\MessengerCache\zoj+urcP9DLFhADbWvnK3eD+NZ4= 2.60KB
C:\Documents and Settings\Windows\Local Settings\Temp\SIntf16.dll 11.78KB
C:\Documents and Settings\Windows\Local Settings\Temp\SIntf32.dll 19.46KB
C:\Documents and Settings\Windows\Local Settings\Temp\SIntfIcn.ani 4.48KB
C:\Documents and Settings\Windows\Local Settings\Temp\SIntfNT.dll 23.94KB
C:\Documents and Settings\Windows\Local Settings\Temp\TFR24.tmp 66.40KB
C:\Documents and Settings\Windows\Local Settings\Temp\TFR2C.tmp 22.72KB
C:\Documents and Settings\Windows\Local Settings\Temp\W7U12JWK.emf 336 bytes
C:\Documents and Settings\Windows\Local Settings\Temp\war3_Install.exe 0.28MB
C:\Documents and Settings\Windows\Local Settings\Temp\~DF3727.tmp 32.00KB
C:\Documents and Settings\Windows\Local Settings\Temp\~DF4036.tmp 32.00KB
C:\Documents and Settings\Windows\Local Settings\Temp\~DF768F.tmp 32.00KB
C:\Documents and Settings\Windows\Local Settings\Temp\~DF8381.tmp 32.00KB
C:\Documents and Settings\Windows\Local Settings\Temp\~DF89F2.tmp 32.00KB
C:\Documents and Settings\Windows\Local Settings\Temp\~DF92E5.tmp 32.00KB
C:\Documents and Settings\Windows\Local Settings\Temp\~DFA2AE.tmp 32.00KB
C:\Documents and Settings\Windows\Local Settings\Temp\~DFAD2.tmp 32.00KB
C:\Documents and Settings\Windows\Local Settings\Temp\~DFB77F.tmp 16.00KB
C:\Documents and Settings\Windows\Local Settings\Temp\~DFBDC7.tmp 16.00KB
C:\Documents and Settings\Windows\Local Settings\Temp\~DFD94A.tmp 32.00KB
C:\WINDOWS\system32\wbem\Logs\FrameWork.log 19.17KB
C:\WINDOWS\system32\wbem\Logs\wbemess.log 49.57KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 5.63KB
C:\WINDOWS\system32\wbem\Logs\FrameWork.lo_ 64.05KB
C:\WINDOWS\system32\wbem\Logs\wbemess.lo_ 64.08KB
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\comsetup.log 13.75KB
C:\WINDOWS\FaxSetup.log 42.26KB
C:\WINDOWS\iis6.log 44.61KB
C:\WINDOWS\imsins.log 1.34KB
C:\WINDOWS\KB950749.log 16.54KB
C:\WINDOWS\KB950759.log 39.67KB
C:\WINDOWS\KB950760.log 7.42KB
C:\WINDOWS\KB950762.log 12.93KB
C:\WINDOWS\KB951376-v2.log 9.59KB
C:\WINDOWS\KB951376.log 8.79KB
C:\WINDOWS\KB951698.log 18.85KB
C:\WINDOWS\MedCtrOC.log 2.91KB
C:\WINDOWS\msgsocm.log 2.11KB
C:\WINDOWS\msmqinst.log 12.55KB
C:\WINDOWS\netfxocm.log 7.40KB
C:\WINDOWS\ntdtcsetup.log 8.37KB
C:\WINDOWS\ocgen.log 19.93KB
C:\WINDOWS\ocmsn.log 2.34KB
C:\WINDOWS\setupact.log 0 bytes
C:\WINDOWS\setupapi.log 38.38KB
C:\WINDOWS\setuperr.log 0 bytes
C:\WINDOWS\tabletoc.log 2.13KB
C:\WINDOWS\tsoc.log 19.28KB
C:\WINDOWS\updspapi.log 3.02KB
C:\WINDOWS\imsins.BAK 1.34KB
C:\WINDOWS\ntbtlog.txt 524 bytes
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log 0.75MB
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp 93.97KB
C:\WINDOWS\Debug\mrt.log 1.43KB
C:\WINDOWS\Debug\mrteng.log 1.13KB
C:\WINDOWS\Debug\UserMode\userenv.log 11.36KB
C:\WINDOWS\Debug\UserMode\userenv.bak 0.30MB
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\#SharedObjects\YL3C27VA\70.84.248.90\~fetchga\Games-D5-140406\Cubiz2.swf\WellGames_Cubiz2.sol 420 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\#SharedObjects\YL3C27VA\70.84.248.90\~fetchga\Games-D5-140406\mission_Impossible.swf\gm02.sol 182 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\#SharedObjects\YL3C27VA\70.84.61.34\~fundotn\Games-D5-140406\pushiesplus2.swf\pushiesBestScore.sol 55 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\#SharedObjects\YL3C27VA\70.84.61.34\~fundotn\Games-D5-140406\santas-tower.swf\santas_tower-gamezhero.com.sol 86 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\#SharedObjects\YL3C27VA\70.84.61.34\~fundotn\Games-D5-140406\uphill_rush.swf\GameData.sol 191 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\#SharedObjects\YL3C27VA\70.84.61.34\~fundotn\Games-D5-140406\uphill_rush.swf\highScoreList.sol 586 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\#SharedObjects\YL3C27VA\core.mochibot.com\com.mochibot.sol 105 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\#SharedObjects\YL3C27VA\games.mochiads.com\FWGPlayerInfo.sol 91 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\#SharedObjects\YL3C27VA\games.mochiads.com\Tank2008GameSave.sol 493 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\#SharedObjects\YL3C27VA\games.mochiads.com\Tank2008KeySetting.sol 134 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\#SharedObjects\YL3C27VA\interclick.com\ud.sol 139 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\#SharedObjects\YL3C27VA\mochiads.com\com.mochiads.sol 279 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\#SharedObjects\YL3C27VA\mochibot.com\com.mochibot.sol 105 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\#SharedObjects\YL3C27VA\www.addictinggames.com\D78AQSAKQLQWI9\4736.swf\rdmutesettings.sol 81 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\#SharedObjects\YL3C27VA\www.youtube.com\soundData.sol 58 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\#SharedObjects\YL3C27VA\www.youtube.com\videostats.sol 123 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#70.84.248.90\settings.sol 82 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#70.84.61.34\settings.sol 81 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.mochibot.com\settings.sol 87 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#games.mochiads.com\settings.sol 88 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol 84 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mochiads.com\settings.sol 82 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mochibot.com\settings.sol 82 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.addictinggames.com\settings.sol 92 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol 85 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#zone.msn.com\settings.sol 82 bytes
C:\Documents and Settings\Windows\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 621 bytes
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\logfile.txt 358 bytes
------------------------------------------------------------------------------------------



And here is the HiJack This log fle:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:16 PM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\sebastien\My Documents\My Videos\Veoh\VeohClientService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\VSTASCAN\vsaccess.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\MDM.EXE
C:\Documents and Settings\sebastien\My Documents\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iPodConverterSuite_upgrade] "C:\Program Files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" /upgrade
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PiXPO] "C:\Program Files\ProPix Share\1.5\Pixpo.exe" /startup
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Veoh Client Service - Veoh Networks, Inc. - C:\Documents and Settings\sebastien\My Documents\My Videos\Veoh\VeohClientService.exe

--
End of file - 10727 bytes



Tuesday, I'm leaving for a month and I would like this problem, if possible, to be solved. If it isn't, well obviously I won't be posting any information for a month. I'll check tuesday before leaving.
Thanks

need h3lp
  • 0

Advertisements


#2
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello need h3lp and welcome at Geekstogo,

I am Thunderbird1988 and I am going ot help to remove your malwareproblems. If you have questions, feel free to ask.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Thunderbird1988
  • 0

#3
need h3lp...

need h3lp...

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks a lot for helping me out !

Here are the .txt you asked for:


Main.txt
Deckard's System Scanner v20071014.68
Run by Windows on 2008-07-22 12:33:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
55: 2008-07-22 16:33:50 UTC - RP55 - Deckard's System Scanner Restore Point
54: 2008-07-22 01:52:19 UTC - RP54 - System Checkpoint
53: 2008-06-26 10:36:52 UTC - RP53 - System Checkpoint
52: 2008-06-25 09:36:53 UTC - RP52 - System Checkpoint
51: 2008-06-24 09:11:12 UTC - RP51 - System Checkpoint


-- First Restore Point --
1: 2008-04-26 13:01:04 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Windows.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:02 PM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\sebastien\My Documents\My Videos\Veoh\VeohClientService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\VSTASCAN\vsaccess.exe
C:\WINDOWS\system32\MDM.EXE
C:\Documents and Settings\Windows\Desktop\dss.exe
C:\DOCUME~1\SEBAST~1\MYDOCU~1\Windows.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iPodConverterSuite_upgrade] "C:\Program Files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" /upgrade
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PiXPO] "C:\Program Files\ProPix Share\1.5\Pixpo.exe" /startup
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Veoh Client Service - Veoh Networks, Inc. - C:\Documents and Settings\sebastien\My Documents\My Videos\Veoh\VeohClientService.exe

--
End of file - 10675 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\SEBAST~1\MYDOCU~1\backups\) -----------

backup-20080424-170355-127 O4 - HKUS\S-1-5-21-1214440339-725345543-682003330-1004\..\Run: [dc287cd1] rundll32.exe "C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\swmekvkk.dll",b (User 'sebastien')
backup-20080424-170355-128 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080424-170355-241 O4 - HKUS\S-1-5-21-1214440339-725345543-682003330-1004\..\Run: [cmds] rundll32.exe C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\khfEWNec.dll,c (User 'sebastien')
backup-20080424-170355-332 O4 - HKUS\S-1-5-21-1214440339-725345543-682003330-1004\..\Run: [BMdf1b4f4d] Rundll32.exe "C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\oeaivglt.dll",s (User 'sebastien')
backup-20080424-170355-429 O4 - HKUS\S-1-5-21-1214440339-725345543-682003330-1004\..\Run: [MS Juan] rundll32 "C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\kkwwpkqr.dll",run (User 'sebastien')
backup-20080424-170355-896 R3 - URLSearchHook: (no name) - - (no file)
backup-20080424-170355-908 O4 - HKUS\S-1-5-21-1214440339-725345543-682003330-1004\..\Run: [MSServer] rundll32.exe C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\ljJCssqp.dll,#1 (User 'sebastien')
backup-20080424-170356-919 O4 - S-1-5-21-1214440339-725345543-682003330-1004 Startup: abcMover1.3.lnk = C:\Documents and Settings\sebastien\My Documents\My Received Files\auto clicker\abcMov13.exe (User 'sebastien')
backup-20080426-222640-284 R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
backup-20080426-222640-322 O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
backup-20080426-222640-605 O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ATMhelpr - c:\windows\system32\drivers\atmhelpr.sys <Not Verified; Adobe Systems Incorporated; Adobe Type Manager Deluxe>
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 PPCLASS - c:\windows\system32\drivers\ppclass.sys <Not Verified; Silitek Corporation.; >
R3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys <Not Verified; Windows ® Server 2003 DDK provider; Microsoft® Windows® Operating System>

S2 PPSCAN - c:\windows\system32\drivers\ppscan.sys <Not Verified; Shuttle Technology.; >
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 dump_wmimmc - c:\ijji\english\u_sf\gameguard\dump_wmimmc.sys (file missing)
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>
R2 Veoh Client Service - c:\documents and settings\sebastien\my documents\my videos\veoh\veohclientservice.exe <Not Verified; Veoh Networks, Inc.; VeohClientService Application>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-25 21:50:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-06-20 20:00:00 568 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Windows.job


-- Files created between 2008-06-22 and 2008-07-22 -----------------------------

2008-06-22 15:02:20 0 dr-h----- C:\Documents and Settings\Windows\Recent


-- Find3M Report ---------------------------------------------------------------

2008-07-22 12:35:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-22 09:28:54 0 d-------- C:\Program Files\Microsoft AntiSpyware


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/05/2005 02:22 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/05/2005 02:19 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/05/2005 02:23 AM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [01/07/2005 05:07 PM C:\WINDOWS\system32\HdAShCut.exe]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [07/12/2005 03:35 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [10/31/2003 07:42 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 11:22 AM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [03/10/2004 12:20 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [03/10/2004 12:39 PM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [05/25/2004 10:16 AM]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [07/20/2004 10:34 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 03:48 AM]
"ToolBoxFX"="C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [11/21/2005 04:55 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/24/2005 01:08 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 10:59 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [09/05/2006 09:22 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 08:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 11:56 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 01:10 PM]
"iPodConverterSuite_upgrade"="C:\Program Files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" [11/29/2007 04:22 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [05/21/2008 05:12 PM]
"PiXPO"="C:\Program Files\ProPix Share\1.5\Pixpo.exe" [08/20/2004 12:13 PM]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []

C:\Documents and Settings\Windows\Start Menu\Programs\Startup\
UMAX VistaAccess.lnk - C:\VSTASCAN\vsaccess.exe [7/30/2005 11:58:17 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 4:15:54 AM]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2/5/2006 1:27:29 PM]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [12/23/1998 5:51:52 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-07-22 12:37:21 ------------













Extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 503.23 MiB / 217.08 MiB
Pagefile Memory (total/avail): 1229.95 MiB / 718.33 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.55 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 28.91 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800JD-60LUA0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

\\.\PHYSICALDRIVE1 - Brother MFC-210C USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office\\1033\\WFXMSRVR.EXE"="C:\\Program Files\\Microsoft Office\\Office\\1033\\WFXMSRVR.EXE:*:Disabled:WFXMSRVR"
"C:\\Documents and Settings\\sebastien\\My Documents\\My Games\\Warcraft III\\Warcraft III.exe"="C:\\Documents and Settings\\sebastien\\My Documents\\My Games\\Warcraft III\\Warcraft III.exe:*:Disabled:Warcraft III"
"C:\\Documents and Settings\\Windows\\My Documents\\My Videos\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Windows\\My Documents\\My Videos\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\stephanie\\My Documents\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\stephanie\\My Documents\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Windows\Application Data
CLASSPATH=C:\Program Files\PhotoDeluxe HE 3.0\AdobeConnectables;
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CENTRAL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Windows
LOGONSERVER=\\CENTRAL
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Windows\LOCALS~1\Temp
TMP=C:\DOCUME~1\Windows\LOCALS~1\Temp
USERDOMAIN=CENTRAL
USERNAME=Windows
USERPROFILE=C:\Documents and Settings\Windows
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Windows (admin)
sebastien
stephanie
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\PhotoDeluxe HE 3.0\DeIsL1.isu" -c"C:\Program Files\PhotoDeluxe HE 3.0\Uninst.dll"
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Aarons Cliker Version 2.89 --> "C:\Program Files\AARONS CLIKER\unins000.exe"
ACID Music Studio 7.0 de Sony --> MsiExec.exe /X{A6CE9D67-88BF-4AC1-A391-D3F79651DDD3}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Type Manager 4.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
Age of Empires III Trial --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{25B25C84-6132-4662-972B-4E4DC1B00C98}
Age of Mythology --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
Age of Mythology - The Titans Expansion --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTXP.EXE" /runtemp /addremove
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Arcade Chess 3D us --> "C:\Program Files\BoontyGames\Arcade Chess 3D\unins000.exe"
ArtMoney SE v7.19 --> C:\Program Files\ArtMoney\uninstall.bat
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
BitDownload 1.5.3 --> C:\Documents and Settings\Windows\My Documents\BitDownload\Uninstall.exe
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40A6C96D-808E-41DD-8716-617AB6B0F1F1}\Setup.exe" -l0x40c Brunin03.dllBrunin03.dll
CameraMate ProPix OnTV v1.4 --> "C:\Program Files\ProPixOnTV\unins000.exe"
CameraMate ProPix Sound --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D13E4A3B-CCA5-47C2-BC60-F749438E8AC5}\Setup.exe"
Canon Camera Access Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{901F8ED7-13E8-43EF-B738-2FE89B0588EB} /l1036
Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1036
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}
Canon Camera Window DSLR 5 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 6 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}
Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B147DC1B-49B3-4368-8A01-5AD9992CD58D}
Canon PhotoRecord --> MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
Canon ZoomBrowser EX (F) --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cheat Engine 5.4 --> "C:\Documents and Settings\sebastien\Cheat Engine\unins000.exe"
Code::Blocks --> "C:\Documents and Settings\sebastien\My Documents\CodeBlocks\unins000.exe"
Color LaserJet 2600n --> C:\Program Files\Zenographics\{AB276EBD-A7AF-4191-AB3B-7BCE69C3C39D}\setup.exe -u "HPCLJKCInstaller.dll=CLJ2600.INF"
Creature Chaos 2.8 --> "C:\Program Files\Microsoft Games\Impossible Creatures\unins000.exe"
Creature Chaos 2.82 --> "C:\Program Files\Microsoft Games\Impossible Creatures\unins001.exe"
Cucusoft DVD to iPod + iPod Video Converter Suite 7.7.7.6 --> "C:\Program Files\Cucusoft\ipod-converter\unins000.exe"
Dev-C++ 5 beta 9 release (4.9.9.2) --> "C:\Dev-Cpp\uninstall.exe"
Dora Connaît Ton Nom --> "C:\Program Files\Fisher-Price\Dora Connait Ton Nom\unins000.exe"
DVDFab HD Decrypter 4.0.3.2 --> "C:\Program Files\DVDFab HD Decrypter 4\unins000.exe"
GameShark Media Manager for PSP --> MsiExec.exe /I{C2A80AA7-1A04-404C-A5C2-E7DE3BB8A397}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Documents and Settings\sebastien\My Documents\HijackThis.exe" /uninstall
HP Color LaserJet 2605 Series 1.0 --> C:\Program Files\HP\Digital Imaging\{4E59AA98-3EF3-47A3-9DEA-6B37F00C901F}\setup\hpzscr01.exe -datfile hppscr03.dat -forcereboot
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center and Imaging Support Tools 6.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji Auto Installer --> "C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Impossible Creatures --> "C:\Program Files\Microsoft Games\Impossible Creatures\UNINSTAL.EXE" /runtemp /addremove
Impossible Creatures 1.0.1 --> MsiExec.exe /X{6B2B0D05-2B4A-4855-A47B-D69CD9E3CDD6}
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
iPhoneBrowser --> MsiExec.exe /I{ABAA2247-78BF-456B-BBE4-64E0397A8977}
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Journal Macro 1.84 --> C:\Documents and Settings\sebastien\My Documents\My Received Files\Journal Macro\Uninstall.exe
King Kong Screensaver --> C:\WINDOWS\system32\King Kong Screensaver.scr /u
LimeWire 4.12.6 --> "C:\Documents and Settings\stephanie\My Documents\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Microsoft AntiSpyware --> MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileVideo For iPod 2.0 --> "C:\Program Files\Keronsoft\MobileVideo For iPod\unins000.exe"
Morpheus 5.2 (remove only) --> "C:\Program Files\UninstMorpheus.exe"
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\mtbs.exe c
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_0_0_86\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Paint.NET v3.20 --> MsiExec.exe /X{C1CAAF9E-2A80-4AD0-8D9A-B4327966249F}
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PDFCreator --> "C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_4625.exe" -hu _?=C:\Program Files\PDFCreator Toolbar
PDFCreator Toolbar --> "C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_4625.exe" _?=C:\Program Files\PDFCreator Toolbar
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PQ DVD to iPod Video Converter (remove only) --> "C:\Program Files\PQDVD\PQ DVD to iPod Video Converter\bt-uninst.exe"
Presto! ImageFolio LE --> C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\ImageFolioLE\DeIsL1.isu"
Presto! PageManager --> C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PageManager\DeIsL1.isu"
Presto! PageType --> C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PageManager\PageType\DeIsL1.isu"
ProPix Share 1.5 --> "C:\Program Files\ProPix Share\1.5\unins000.exe"
PSP Movie Creator(remove only) --> "C:\Program Files\PQDVD\PSPMovieCreator\bt-uninst.exe"
PTFB Pro 3.1.2.0 --> "C:\Documents and Settings\sebastien\My Documents\My Received Files\auto clicker\unins000.exe"
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
SafeCast Shared Components --> C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
Shareaza version 2.2.1.0 --> "C:\Program Files\Shareaza\Uninstall\unins000.exe"
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SWF Toolbox 3.1 (build 3.1.12.153) --> "C:\Program Files\Eltima Software\SWF Toolbox\unins000.exe"
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The Sims Superstar --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}\setup.exe" -l0009
Tsearch --> "C:\Documents and Settings\sebastien\My Documents\My Received Files\Uninstall.exe" "C:\Documents and Settings\sebastien\My Documents\My Received Files\install.log" -u
Veoh --> C:\Documents and Settings\sebastien\My Documents\My Videos\Veoh\uninst.exe
Videora iPod touch Converter 3.06 --> C:\Documents and Settings\sebastien\My Documents\Video Converter 3\uninstaller.exe
VistaShuttle --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Newsoft\VistaShuttle\Uninst.isu"
Warcraft III --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.5 --> "C:\Program Files\WinSCP\unins000.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
X-OOM Movies On PSP désinstaller --> C:\Program Files\X-OOM\Movies On PSP\uninstall.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type23948 / Error
Event Submitted/Written: 07/22/2008 00:36:26 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type23927 / Error
Event Submitted/Written: 07/21/2008 09:31:04 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type23916 / Success
Event Submitted/Written: 07/21/2008 09:21:12 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type23888 / Success
Event Submitted/Written: 07/21/2008 08:51:40 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type23770 / Error
Event Submitted/Written: 06/22/2008 09:00:01 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type40021 / Error
Event Submitted/Written: 07/22/2008 00:36:43 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.

Event Record #/Type40020 / Warning
Event Submitted/Written: 07/22/2008 10:57:48 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type39910 / Warning
Event Submitted/Written: 06/25/2008 05:12:32 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type39878 / Error
Event Submitted/Written: 06/24/2008 01:41:54 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0254F2B0-7116-40FC-8551-A2ED8C0C5872} did not register with DCOM within the required timeout.

Event Record #/Type39811 / Warning
Event Submitted/Written: 06/22/2008 03:43:57 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2008-07-22 12:37:21 ------------
  • 0

#4
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
I strongly recommend you to remove Shareaza and Limewire. These programs are P2P programs. These kind of programs do cause a lot of malware. Also the use of it is illegal in many countries.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.


Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

ijji
ijji Auto Installer


Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\ijji

After that, reboot and post a new log of DSS

Thunderbird1988
  • 0

#5
need h3lp...

need h3lp...

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I removed Shareaza but not limewire because I'm not the only one using it on this computer... I found ijji Auto Installer in the Add or Remove program list but not ijji. However, i found C:\ijji.
There wasn't really any program I ddn't recognized so I didn't noted any... If this step is really important then I can go check it out and try to find something...

And here's the main.txt (there was no extra.txt):

Deckard's System Scanner v20071014.68
Run by Windows on 2008-07-22 15:52:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Windows.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:52:51 PM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\sebastien\My Documents\My Videos\Veoh\VeohClientService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\VSTASCAN\vsaccess.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Windows\Desktop\dss.exe
C:\DOCUME~1\SEBAST~1\MYDOCU~1\Windows.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iPodConverterSuite_upgrade] "C:\Program Files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" /upgrade
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PiXPO] "C:\Program Files\ProPix Share\1.5\Pixpo.exe" /startup
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Veoh Client Service - Veoh Networks, Inc. - C:\Documents and Settings\sebastien\My Documents\My Videos\Veoh\VeohClientService.exe

--
End of file - 10623 bytes

-- Files created between 2008-06-22 and 2008-07-22 -----------------------------

2008-06-22 15:02:20 0 dr-h----- C:\Documents and Settings\Windows\Recent


-- Find3M Report ---------------------------------------------------------------

2008-07-22 15:50:23 0 d-------- C:\Program Files\Microsoft AntiSpyware
2008-07-22 15:45:08 0 d-------- C:\Program Files\BoontyGames
2008-07-22 13:23:31 0 d-------- C:\Program Files\Common Files\Symantec Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/05/2005 02:22 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/05/2005 02:19 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/05/2005 02:23 AM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [01/07/2005 05:07 PM C:\WINDOWS\system32\HdAShCut.exe]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [07/12/2005 03:35 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [10/31/2003 07:42 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 11:22 AM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [03/10/2004 12:20 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [03/10/2004 12:39 PM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [05/25/2004 10:16 AM]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [07/20/2004 10:34 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 03:48 AM]
"ToolBoxFX"="C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [11/21/2005 04:55 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/24/2005 01:08 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 10:59 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [09/05/2006 09:22 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 08:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 11:56 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 01:10 PM]
"iPodConverterSuite_upgrade"="C:\Program Files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" [11/29/2007 04:22 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [05/21/2008 05:12 PM]
"PiXPO"="C:\Program Files\ProPix Share\1.5\Pixpo.exe" [08/20/2004 12:13 PM]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []

C:\Documents and Settings\Windows\Start Menu\Programs\Startup\
UMAX VistaAccess.lnk - C:\VSTASCAN\vsaccess.exe [7/30/2005 11:58:17 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 4:15:54 AM]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2/5/2006 1:27:29 PM]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [12/23/1998 5:51:52 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-07-22 15:53:11 ------------
  • 0

#6
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello need h3lp...,

Please boot into safe mode, and remove the following folder

C:\Program Files\BoontyGames

After that reboot.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Thunderbird1988
  • 0

#7
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP