[skysignor]

When i first got infected, i had Advanced XP Defender, Advanced XP Fixer, and Antivirus XP 2008. i downloaded and used Malwarebytes Anti-Malware which got rid of the first two, and seemed to get rid of Antivirus XP 2008, but when i next restarted my computer, Antivirus XP 2008 came back. i ran the Anti-Malware program again, which again found and supposedly 'removed' Antivirus XP 2008 that time too, but when i restarted my comp, it came back AGAIN. i tried RogueRemover FREE which did nothing. i also tried Ad-Aware 2007 and Spybot S&D, both did not remove it successfully. also, whenever i computer boots up, i get a message saying "Windows cannot find 'c:\windows\svchost.exe'."

so i have 2 problems i was looking to get help with...

1) getting rid of Antivirus XP 2008 permanently
2) fixing the error that displays a dialog box at startup saying "windows cannot find 'c:\windows\svchost.exe'."


here's my HijackThis log...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:39 AM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [CatalystRegistration] "C:\Program Files\ATI\CatalystRegistration\dolce.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [lphce8dj0e3fj] C:\WINDOWS\system32\lphce8dj0e3fj.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [SMrhca8dj0e3fj] C:\Program Files\rhca8dj0e3fj\rhca8dj0e3fj.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1161302498553
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211413956734
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5198 bytes

[Advertisements]

Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[Rorschach112]

Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[skysignor]

Here are report.txt, extra.txt, and main.txt......




SDFix: Version 1.197
Run by Sky on Fri 06/27/2008 at 02:49 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\C6.TMP - Deleted
C:\CE.TMP - Deleted
C:\CF.TMP - Deleted
C:\D2.TMP - Deleted
C:\WINDOWS\system32\nusrmgr.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 15:00:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:LastFM"
"C:\\Program Files\\Kazaa Lite\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite\\KazaaLite.kpp:*:Enabled:KazaaLite"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1173310139\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1173310139\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1173310139\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1173310139\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Diablo II\\Game.exe"="C:\\Program Files\\Diablo II\\Game.exe:*:Enabled:Diablo II"
"C:\\Program Files\\Common Files\\AOL\\1177866148\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1177866148\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1177866148\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1177866148\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\skysignor\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\skysignor\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\skysignor\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\skysignor\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"="C:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe:*:Enabled:Unreal Tournament 3 Demo"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"
"C:\\Documents and Settings\\Sky\\Local Settings\\Temp\\.tt1B.tmp"="C:\\Documents and Settings\\Sky\\Local Settings\\Temp\\.tt1B.tmp:*:Enabled:enable"
"C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Wed 16 Apr 2008 88 ..SHR --- "C:\Documents and Settings\All Users\Application Data\EDB0CA8C97.sys"
Thu 15 May 2008 1,890 A.SH. --- "C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys"
Tue 7 Nov 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Mon 31 Dec 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Sun 21 Jul 2002 418,816 ...HR --- "C:\WINDOWS\system32\Tools\All.exe"
Fri 19 Jul 2002 390,144 ...HR --- "C:\WINDOWS\system32\Tools\Change.exe"
Fri 19 Jul 2002 574,464 ...HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"
Tue 20 Aug 2002 430,592 ...HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
Tue 23 Jul 2002 390,656 ...HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"
Fri 22 Nov 2002 399,872 ...HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"
Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 ...HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"
Fri 12 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Mon 9 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Mon 9 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Mon 9 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Mon 9 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Mon 9 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Mon 9 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Mon 9 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Mon 9 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Mon 9 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Mon 9 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Mon 9 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Mon 9 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT1.tmp"
Fri 27 Jun 2008 2,421 ...HR --- "C:\Documents and Settings\Sky\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!













Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron™ Processor 3000+
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 1535.3 MiB / 1033.66 MiB
Pagefile Memory (total/avail): 3385.89 MiB / 3037.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.37 MiB

C: is Fixed (NTFS) - 76.32 GiB total, 18.43 GiB free.
D: is Fixed (NTFS) - 37.3 GiB total, 0.29 GiB free.
E: is CDROM (No Media)
F: is CDROM (UDF)
G: is Fixed (FAT32) - 298.02 GiB total, 42.65 GiB free.

\\.\PHYSICALDRIVE0 - Maxtor 4D080H4 - 76.33 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.32 GiB - C:

\\.\PHYSICALDRIVE1 - SAMSUNG SV4002H - 37.3 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.3 GiB - D:

\\.\PHYSICALDRIVE2 - WD 3200JB External USB Device - 298.09 GiB - 1 partition
\PARTITION0 - Unknown - 298.09 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:LastFM"
"C:\\Program Files\\Kazaa Lite\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite\\KazaaLite.kpp:*:Enabled:KazaaLite"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1173310139\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1173310139\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1173310139\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1173310139\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Diablo II\\Game.exe"="C:\\Program Files\\Diablo II\\Game.exe:*:Enabled:Diablo II"
"C:\\Program Files\\Common Files\\AOL\\1177866148\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1177866148\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1177866148\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1177866148\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\skysignor\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\skysignor\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\skysignor\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\skysignor\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"="C:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe:*:Enabled:Unreal Tournament 3 Demo"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"
"C:\\Documents and Settings\\Sky\\Local Settings\\Temp\\.tt1B.tmp"="C:\\Documents and Settings\\Sky\\Local Settings\\Temp\\.tt1B.tmp:*:Enabled:enable"
"C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe:*:Enabled:enable"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Sky\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SEMPRON3000
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Sky
LOGONSERVER=\\SEMPRON3000
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\PROGRA~1\BORLAND\CBUILD~1\PROJECTS\BPL;C:\PROGRA~1\BORLAND\CBUILD~1\BIN;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Sky\LOCALS~1\Temp
TMP=C:\DOCUME~1\Sky\LOCALS~1\Temp
USERDOMAIN=SEMPRON3000
USERNAME=Sky
USERPROFILE=C:\Documents and Settings\Sky
VS90COMNTOOLS=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Sky (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AntivirXP08 --> "C:\Program Files\rhca8dj0e3fj\uninstall.exe"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6974
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Bodog Poker Version 2.6.0.18 --> "C:\Program Files\Bodog Poker\unins000.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Borland C++Builder 5 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Borland\CBuilder5\Uninst.isu" -cC:\WINDOWS\system32\C5UNINST.DLL
Call of Duty® 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
Catalyst Registration --> MsiExec.exe /X{5E2691D1-9EDF-43E8-9CF2-E3DF6A17706E}
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Gothic III Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F1941D2-45A2-4CA6-8041-EA2B10CD2ECD}\setup.exe" -l0x9 -removeonly
Graph 4.3 --> "C:\Program Files\Graph\unins000.exe"
Half-Life --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Half-Life\Uninst.isu -c"C:\SIERRA\Half-Life\HLUNINST.DLL"
Half-Life 2: Deathmatch --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/320
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Heroes of Might and Magic V --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28101984-0BA6-40FD-9ABE-72F62F80C06C}\setup.exe" -l0x9
Heroes of Might and Magic® III --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Heroes3\Uninst.isu" -c"C:\Program Files\3DO\Heroes3\uninst.dll
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft Visual C++ 2008 Express Edition SP1 (Beta) - ENU (KB945282) --> C:\WINDOWS\system32\msiexec.exe /package {5A932A2B-4D69-317E-AFDA-C4F118962BCE} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition SP1 (Beta) - ENU (KB946040) --> C:\WINDOWS\system32\msiexec.exe /package {5A932A2B-4D69-317E-AFDA-C4F118962BCE} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition SP1 (Beta) - ENU (KB946308) --> C:\WINDOWS\system32\msiexec.exe /package {5A932A2B-4D69-317E-AFDA-C4F118962BCE} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition SP1 (Beta) - ENU (KB947540) --> C:\WINDOWS\system32\msiexec.exe /package {5A932A2B-4D69-317E-AFDA-C4F118962BCE} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition SP1 (Beta) - ENU (KB947789) --> C:\WINDOWS\system32\msiexec.exe /package {5A932A2B-4D69-317E-AFDA-C4F118962BCE} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition SP1 (Beta) - ENU (KB948127) --> C:\WINDOWS\system32\msiexec.exe /package {5A932A2B-4D69-317E-AFDA-C4F118962BCE} /uninstall /qb+ REBOOTPROMPT=""
HTML Help Workshop --> C:\Program Files\HTML Help Workshop\setup.exe Uninstall
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ SE Development Kit 6 Update 4 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160040}
JGsoft HelpScribble DEMO 7.7.2 --> C:\WINDOWS\UnDeploy.exe "C:\Program Files\JGsoft\HelpScribble\Deploy.log"
Magic Online --> C:\Program Files\Wizards of the Coast\Magic Online\magic.exe -u
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1 --> "C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft SQL Server Management Objects --> MsiExec.exe /I{8074613A-77B4-42AC-BC53-B6FB5D8B29ED}
Microsoft Visual C++ 2008 Express Edition SP1 (Beta) - ENU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition SP1 (Beta) - ENU\setup.exe
Microsoft Visual C++ 2008 Express Edition SP1 (Beta) - ENU --> MsiExec.exe /X{5A932A2B-4D69-317E-AFDA-C4F118962BCE}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30428 --> MsiExec.exe /X{A4B9450B-2933-3A66-9CD6-F059BA3776D1}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries --> MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SP1 (Beta) Express Tools for .NET Framework --> MsiExec.exe /X{54385919-3F2D-3D32-90F3-02167CC25294}
Microsoft Windows SDK for Visual Studio 2008 SP1 (Beta) Express Tools for Win32 --> MsiExec.exe /X{838F009C-92C3-84E3-860B-CC18A9348D6D}
Microsoft Xbox 360 Accessories 1.1 --> MsiExec.exe /X{66F0AC35-4805-44BC-A3D4-347D4196F9B3}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Sky\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MProtector --> "C:\Program Files\shc98dj0e3fj\uninstall.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NetBeans IDE 6.0.1 --> "C:\Program Files\NetBeans 6.0.1\uninstall.exe"
NETGEAR WG311T Wireless Adapter --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FC321AD2-48B4-4013-B997-A65D5FBBD006}
Neverwinter Nights 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RPG Maker 2003 v1.08 --> "C:\Program Files\rpg2003\unins000.exe"
RPG Maker VX --> "C:\Program Files\Enterbrain\RPGVX\unins000.exe"
RPG Maker VX RTP --> "C:\Program Files\Common Files\Enterbrain\RGSS2\RPGVX\unins000.exe"
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006] --> "C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
Sid Meier's Pirates! --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SolveigMM AVI Trimmer --> "C:\Program Files\Solveig Multimedia\SolveigMM AVI Trimmer\Uninstall.exe" "C:\Program Files\Solveig Multimedia\SolveigMM AVI Trimmer\install.log" -u
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SPORE™ Creature Creator --> "C:\Program Files\InstallShield Installation Information\{8CC42289-E228-4A35-B8A9-015242283BB2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SQL Server System CLR Types --> MsiExec.exe /I{862F4E4D-01C0-4C23-A5B6-A128569C38D3}
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPER © Version 2007.bld.23 (July 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
System Requirements Lab --> C:\Program Files\Common Files\SystemRequirementsLab\Uninstall.exe
The Witcher Demo --> "C:\Program Files\InstallShield Installation Information\{52B94500-1782-411F-BFA5-EBAC312964DE}\setup.exe" -runfromtemp -l0x0009 -removeonly
Unreal Tournament 3 Demo --> "C:\Documents and Settings\Sky\Application Data\InstallShield Installation Information\{3266FEA9-98E9-448B-B235-DAC63D4CE781}\setup.exe" -runfromtemp -l0x0409 -removeonly
Unreal Tournament 3 Demo --> MsiExec.exe /X{3266FEA9-98E9-448B-B235-DAC63D4CE781}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type2142 / Error
Event Submitted/Written: 06/25/2008 04:42:29 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application divx player.exe, version 6.4.0.13, faulting module unknown, version 0.0.0.0, fault address 0x0992a047.
Processing media-specific event for [divx player.exe!ws!]

Event Record #/Type2141 / Error
Event Submitted/Written: 06/25/2008 00:24:47 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2089 / Error
Event Submitted/Written: 06/19/2008 02:28:49 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application itunes.exe, version 7.6.2.9, faulting module quicktime.qts, version 7.4.5.67, fault address 0x001515d3.
Processing media-specific event for [itunes.exe!ws!]

Event Record #/Type2087 / Error
Event Submitted/Written: 06/19/2008 03:38:27 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2086 / Error
Event Submitted/Written: 06/18/2008 11:57:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3753 / Error
Event Submitted/Written: 06/27/2008 03:14:41 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type3743 / Error
Event Submitted/Written: 06/27/2008 03:05:09 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type3742 / Error
Event Submitted/Written: 06/27/2008 03:05:07 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type3733 / Error
Event Submitted/Written: 06/27/2008 02:54:38 PM / 06/27/2008 02:55:21 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type3730 / Error
Event Submitted/Written: 06/27/2008 02:41:32 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
AmdK8
ASPI32
Fips
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip



-- End of Deckard's System Scanner: finished at 2008-06-27 15:20:07 ------------













Deckard's System Scanner v20071014.68
Run by Sky on 2008-06-27 15:18:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-06-27 19:18:45 UTC - RP11 - Deckard's System Scanner Restore Point
2: 2008-06-27 06:19:42 UTC - RP10 - Configured EA Download Manager
1: 2008-06-27 05:33:12 UTC - RP9 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Sky.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:35 PM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\lphce8dj0e3fj.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\rhca8dj0e3fj\rhca8dj0e3fj.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\pphce8dj0e3fj.exe
C:\Documents and Settings\Sky\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Sky.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [CatalystRegistration] "C:\Program Files\ATI\CatalystRegistration\dolce.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [lphce8dj0e3fj] C:\WINDOWS\system32\lphce8dj0e3fj.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [SMrhca8dj0e3fj] C:\Program Files\rhca8dj0e3fj\rhca8dj0e3fj.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1161302498553
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211413956734
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5343 bytes

-- File Associations -----------------------------------------------------------

.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 SSHDRV85 - c:\windows\system32\drivers\sshdrv85.sys <Not Verified; ; ProtectCD>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R3 AR5211 (NETGEAR WG311T V1H3 Wireless Adapter Service) - c:\windows\system32\drivers\wg311t13.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter>
R3 catchme - c:\docume~1\sky\locals~1\temp\catchme.sys (file missing)

S3 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing)
S3 PavTPK.sys - c:\windows\system32\pavtpk.sys (file missing)
S3 pohci13F - c:\docume~1\sky\locals~1\temp\pohci13f.sys (file missing)
S3 SbcpHid - c:\windows\system32\drivers\sbcphid.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: SiS 900 PCI Fast Ethernet Adapter
Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_09001039&REV_90\3&267A616A&0&20
Manufacturer: SiS
Name: SiS 900 PCI Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_09001039&REV_90\3&267A616A&0&20
Service: SISNIC


-- Files created between 2008-05-27 and 2008-06-27 -----------------------------

2008-06-27 14:41:49 0 d-------- C:\WINDOWS\ERUNT
2008-06-27 01:45:41 0 d-------- C:\Program Files\Trend Micro
2008-06-27 01:33:28 94208 --a------ C:\WINDOWS\system32\pphce8dj0e3fj.exe
2008-06-27 01:33:11 0 d-------- C:\Program Files\rhca8dj0e3fj
2008-06-27 00:14:05 0 d-------- C:\Documents and Settings\Sky\Application Data\rhca8dj0e3fj
2008-06-26 23:56:21 0 d-------- C:\Documents and Settings\Sky\Application Data\Malwarebytes
2008-06-26 23:56:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-26 23:56:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-26 23:52:48 0 d-------- C:\Program Files\RogueRemover FREE
2008-06-24 04:23:01 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-24 01:29:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-24 00:29:32 1458 --a------ C:\smitfra.reg
2008-06-24 00:29:31 88524 --a------ C:\smitfrau.reg
2008-06-23 23:39:44 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-23 23:39:44 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-23 23:39:44 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-23 23:39:44 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-23 23:39:44 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-23 23:39:44 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-23 23:39:44 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-23 23:39:44 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-23 23:39:44 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-23 23:39:44 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-23 23:39:44 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-23 23:39:44 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-23 23:39:44 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-23 23:39:44 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-23 15:24:01 60928 --a------ C:\WINDOWS\system32\blphce8dj0e3fj.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-06-23 15:23:56 109056 --a------ C:\WINDOWS\system32\lphce8dj0e3fj.exe
2008-06-18 16:03:47 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-18 01:44:52 0 d-------- C:\ProgramData
2008-06-18 01:44:46 2004 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-06-15 02:38:54 0 d-------- C:\Documents and Settings\Sky\Application Data\SPORE Creature Creator
2008-06-15 02:38:00 0 d-------- C:\Program Files\Electronic Arts
2008-06-11 21:44:47 0 d-------- C:\Program Files\Common Files\Logitech
2008-06-11 20:24:56 0 d-------- C:\Program Files\Microsoft Xbox 360 Accessories


-- Find3M Report ---------------------------------------------------------------

2008-06-27 14:37:47 0 d-------- C:\Documents and Settings\Sky\Application Data\Azureus
2008-06-27 02:20:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-25 12:44:54 0 d-------- C:\Program Files\Soulseek
2008-06-23 18:20:16 0 d-------- C:\Program Files\Spyware Doctor
2008-06-18 00:55:48 0 d-------- C:\Documents and Settings\Sky\Application Data\Adobe
2008-06-11 21:46:11 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-06-11 21:46:11 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-06-11 21:46:11 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-05-22 00:46:01 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-22 00:44:39 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-05-22 00:44:08 0 d-------- C:\Program Files\Microsoft.NET
2008-05-22 00:43:31 0 d-------- C:\Program Files\Common Files
2008-05-22 00:41:34 0 d-------- C:\Program Files\Microsoft SDKs
2008-05-21 19:24:03 0 d-------- C:\Program Files\Bonjour
2008-05-21 15:04:44 0 d-------- C:\Program Files\MSBuild
2008-05-21 15:04:22 0 d-------- C:\Program Files\Reference Assemblies
2008-05-21 15:03:07 0 d-------- C:\Program Files\MSXML 6.0
2008-05-14 16:49:05 0 d-------- C:\Documents and Settings\Sky\Application Data\OpenOffice.org2
2008-05-13 15:50:34 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-11 03:21:53 0 d-------- C:\Program Files\iTunes
2008-05-11 03:21:42 0 d-------- C:\Program Files\iPod
2008-05-11 03:20:36 0 d-------- C:\Program Files\QuickTime
2008-05-11 03:18:56 0 d-------- C:\Program Files\Apple Software Update
2008-05-11 03:18:21 0 d-------- C:\Program Files\Common Files\Apple
2008-04-06 22:48:04 0 --a------ C:\WINDOWS\ativpsrm.bin


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CatalystRegistration"="C:\Program Files\ATI\CatalystRegistration\dolce.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2

[Rorschach112]

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKLM\..\Run: [lphce8dj0e3fj] C:\WINDOWS\system32\lphce8dj0e3fj.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [SMrhca8dj0e3fj] C:\Program Files\rhca8dj0e3fj\rhca8dj0e3fj.exe

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [kill explorer]
  C:\WINDOWS\system32\pphce8dj0e3fj.exe
  C:\Program Files\rhca8dj0e3fj
  C:\Documents and Settings\Sky\Application Data\rhca8dj0e3fj
  C:\WINDOWS\system32\blphce8dj0e3fj.scr 
  C:\WINDOWS\system32\lphce8dj0e3fj.exe
  purity 
  EmptyTemp
  [start explorer]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Reboot and post a new DSS log

[skysignor]

when i ran the System Scan Only, none of the O4 checkboxes that you listed were there.

here are the contents of the OTMoveIt2 log and main.txt (an extra.txt was not created this time...)



Explorer killed successfully
C:\WINDOWS\system32\pphce8dj0e3fj.exe moved successfully.
C:\Program Files\rhca8dj0e3fj moved successfully.
C:\Documents and Settings\Sky\Application Data\rhca8dj0e3fj\Quarantine\Packages moved successfully.
C:\Documents and Settings\Sky\Application Data\rhca8dj0e3fj\Quarantine\BrowserObjects moved successfully.
C:\Documents and Settings\Sky\Application Data\rhca8dj0e3fj\Quarantine\Autorun\StartMenuCurrentUser moved successfully.
C:\Documents and Settings\Sky\Application Data\rhca8dj0e3fj\Quarantine\Autorun\StartMenuAllUsers moved successfully.
C:\Documents and Settings\Sky\Application Data\rhca8dj0e3fj\Quarantine\Autorun\HKLM\RunOnce moved successfully.
C:\Documents and Settings\Sky\Application Data\rhca8dj0e3fj\Quarantine\Autorun\HKLM moved successfully.
C:\Documents and Settings\Sky\Application Data\rhca8dj0e3fj\Quarantine\Autorun\HKCU\RunOnce moved successfully.
C:\Documents and Settings\Sky\Application Data\rhca8dj0e3fj\Quarantine\Autorun\HKCU moved successfully.
C:\Documents and Settings\Sky\Application Data\rhca8dj0e3fj\Quarantine\Autorun moved successfully.
C:\Documents and Settings\Sky\Application Data\rhca8dj0e3fj\Quarantine moved successfully.
C:\Documents and Settings\Sky\Application Data\rhca8dj0e3fj moved successfully.
C:\WINDOWS\system32\blphce8dj0e3fj.scr moved successfully.
C:\WINDOWS\system32\lphce8dj0e3fj.exe moved successfully.
< purity >
C:\Program Files\ѕуstem moved successfully.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 06282008_191946








Deckard's System Scanner v20071014.68
Run by Sky on 2008-06-28 19:23:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Sky.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:34 PM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Sky\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Sky.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [CatalystRegistration] "C:\Program Files\ATI\CatalystRegistration\dolce.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1161302498553
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211413956734
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4896 bytes

-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-27 14:41:49 0 d-------- C:\WINDOWS\ERUNT
2008-06-27 01:45:41 0 d-------- C:\Program Files\Trend Micro
2008-06-26 23:56:21 0 d-------- C:\Documents and Settings\Sky\Application Data\Malwarebytes
2008-06-26 23:56:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-26 23:56:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-26 23:52:48 0 d-------- C:\Program Files\RogueRemover FREE
2008-06-24 04:23:01 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-24 01:29:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-24 00:29:32 1458 --a------ C:\smitfra.reg
2008-06-24 00:29:31 88524 --a------ C:\smitfrau.reg
2008-06-23 23:39:44 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-23 23:39:44 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-23 23:39:44 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-23 23:39:44 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-23 23:39:44 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-23 23:39:44 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-23 23:39:44 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-23 23:39:44 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-23 23:39:44 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-23 23:39:44 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-23 23:39:44 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-23 23:39:44 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-23 23:39:44 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-23 23:39:44 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-18 16:03:47 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-18 01:44:52 0 d-------- C:\ProgramData
2008-06-18 01:44:46 2004 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-06-15 02:38:54 0 d-------- C:\Documents and Settings\Sky\Application Data\SPORE Creature Creator
2008-06-15 02:38:00 0 d-------- C:\Program Files\Electronic Arts
2008-06-11 21:44:47 0 d-------- C:\Program Files\Common Files\Logitech
2008-06-11 20:24:56 0 d-------- C:\Program Files\Microsoft Xbox 360 Accessories


-- Find3M Report ---------------------------------------------------------------

2008-06-28 11:04:24 0 d-------- C:\Documents and Settings\Sky\Application Data\Azureus
2008-06-27 02:20:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-25 12:44:54 0 d-------- C:\Program Files\Soulseek
2008-06-23 18:20:16 0 d-------- C:\Program Files\Spyware Doctor
2008-06-18 00:55:48 0 d-------- C:\Documents and Settings\Sky\Application Data\Adobe
2008-06-11 21:46:11 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-06-11 21:46:11 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-06-11 21:46:11 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-05-22 00:46:01 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-22 00:44:39 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-05-22 00:44:08 0 d-------- C:\Program Files\Microsoft.NET
2008-05-22 00:43:31 0 d-------- C:\Program Files\Common Files
2008-05-22 00:41:34 0 d-------- C:\Program Files\Microsoft SDKs
2008-05-21 19:24:03 0 d-------- C:\Program Files\Bonjour
2008-05-21 15:04:44 0 d-------- C:\Program Files\MSBuild
2008-05-21 15:04:22 0 d-------- C:\Program Files\Reference Assemblies
2008-05-21 15:03:07 0 d-------- C:\Program Files\MSXML 6.0
2008-05-14 16:49:05 0 d-------- C:\Documents and Settings\Sky\Application Data\OpenOffice.org2
2008-05-13 15:50:34 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-11 03:21:53 0 d-------- C:\Program Files\iTunes
2008-05-11 03:21:42 0 d-------- C:\Program Files\iPod
2008-05-11 03:20:36 0 d-------- C:\Program Files\QuickTime
2008-05-11 03:18:56 0 d-------- C:\Program Files\Apple Software Update
2008-05-11 03:18:21 0 d-------- C:\Program Files\Common Files\Apple
2008-04-06 22:48:04 0 --a------ C:\WINDOWS\ativpsrm.bin


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CatalystRegistration"="C:\Program Files\ATI\CatalystRegistration\dolce.exe" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/21/2008 12:17 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [09/26/2007 06:05 PM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 03:56 AM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 03:56 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphce8dj0e3fj]
C:\WINDOWS\system32\lphce8dj0e3fj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhca8dj0e3fj]
C:\Program Files\rhca8dj0e3fj\rhca8dj0e3fj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\install.EXE id= ver=1.0.0.0




-- End of Deckard's System Scanner: finished at 2008-06-28 19:23:59 ------------

[Rorschach112]

Hello

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [kill explorer]
  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphce8dj0e3fj
  C:\WINDOWS\system32\lphce8dj0e3fj.exe
  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhca8dj0e3fj
  C:\Program Files\rhca8dj0e3fj
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F
  F:\install.EXE 
  purity 
  EmptyTemp
  [start explorer]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Also post a new DSS log

[Rorschach112]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.