Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan win32/vundo.gen!N [RESOLVED]


  • This topic is locked This topic is locked

#1
westonfields

westonfields

    Member

  • Member
  • PipPip
  • 17 posts
I have run all the recommended scans but Vundo will not go away.

I am running Vista home premium and winows defender is finding Vundo but is not clearing it. I am getting random popup advertising and firefox is being hijacked to the extent that the attachment scanner below was closed so I am sending this from another computer.

Vundofix and vundobegone have not detected anything but I have attached a HJT log.

Hope you can help this time as well.

Attached Files


  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do not attached logs unless requested.. Just post it here as it is..


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator



Regards
fenzodahl512
  • 0

#3
westonfields

westonfields

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thank you for your prompt reply.

Here are the scan results.

Westonfields

Deckard's System Scanner v20071014.68
Run by John Harris on 2008-06-28 18:08:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
21: 2008-06-28 12:09:27 UTC - RP276 - Scheduled Checkpoint
20: 2008-06-27 21:54:00 UTC - RP275 - Windows Defender Checkpoint
19: 2008-06-27 20:14:40 UTC - RP273 - Windows Defender Checkpoint
18: 2008-06-27 08:47:43 UTC - RP271 - Windows Defender Checkpoint
17: 2008-06-27 08:45:26 UTC - RP269 - Windows Defender Checkpoint


-- First Restore Point --
1: 2008-06-25 22:43:02 UTC - RP243 - Spyware Doctor: Cleaning Threats


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 5.86 GiB (less than 15%) free.


-- HijackThis (run as John Harris.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:10:54, on 28/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\SYSTEM32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Kalender\Kalender.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\explorer.exe
C:\Users\John Harris\Desktop\dss.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\John Harris.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.peakhouse54.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe"
O4 - HKLM\..\Run: [ScanSoft OmniPage 15.0-reminder] "C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage15.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_14_silver\TrayServer.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [EPSON Stylus Photo R360 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE /FU "C:\Users\JOHNHA~1\AppData\Local\Temp\E_S8098.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Kalender] C:\Program Files\Kalender\Kalender.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JOHNHA~1\AppData\Local\Temp\rqrQIARH.dll,c
O4 - HKCU\..\Run: [BM516f70f4] Rundll32.exe "C:\Users\JOHNHA~1\AppData\Local\Temp\nvojduju.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus Photo R360 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE /FU "C:\Windows\TEMP\E_S5550.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [EPSON Stylus Photo R360 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE /FU "C:\Windows\TEMP\E_S5550.tmp" /EF "HKCU" (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 11174 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\program files\magix\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-28 18:04:13 486 --a------ C:\Windows\Tasks\20080527_151600_Daily backup.job


-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-27 22:33:27 0 --a------ C:\jlgjmpsv
2008-06-27 21:28:48 0 d-------- C:\Users\All Users\Malwarebytes
2008-06-27 21:28:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 07:26:36 0 d-------- C:\Program Files\Enigma Software Group
2008-06-26 22:24:48 0 d-------- C:\Users\All Users\ACD Systems
2008-06-26 22:24:34 0 d-------- C:\Program Files\Common Files\ACD Systems
2008-06-26 22:24:34 0 d-------- C:\Program Files\ACD Systems
2008-06-26 21:27:24 262144 --a------ C:\ntuser.dat
2008-06-26 19:52:45 0 d-------- C:\VundoFix Backups
2008-06-26 07:57:35 0 d-------- C:\Users\All Users\ESET
2008-06-26 07:45:24 0 d-------- C:\Users\All Users\Avg8
2008-06-26 00:00:49 0 d-------- C:\Program Files\Panda Security
2008-06-25 00:07:05 0 d-------- C:\Users\John Harris\.housecall6.6
2008-06-24 08:29:09 0 d-------- C:\Program Files\Trend Micro
2008-06-20 22:25:08 0 d-------- C:\Users\All Users\CyberLink
2008-06-20 22:15:46 0 d-------- C:\Users\All Users\SmartSound Software Inc
2008-06-20 22:15:46 0 d-------- C:\Program Files\SmartSound Software
2008-06-20 22:14:33 0 d-------- C:\Program Files\QuickTime
2008-06-20 22:14:20 0 d-------- C:\Users\All Users\Apple Computer
2008-06-19 23:45:53 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-19 18:21:39 0 d-------- C:\Program Files\Microsoft Works
2008-06-19 18:20:43 0 d-------- C:\Windows\PCHEALTH
2008-06-19 18:04:27 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-19 18:01:02 0 dr-h----- C:\MSOCache
2008-06-15 23:33:26 0 d-------- C:\Windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-06-15 23:24:17 0 d-------- C:\Program Files\Lavasoft
2008-06-15 23:24:16 0 d-------- C:\Users\All Users\Lavasoft
2008-06-15 23:23:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 16:26:19 24576 --a------ C:\Windows\system32\TTIC32.dll <Not Verified; PoINT Software & Systems GmbH; TTIC32>
2008-06-15 16:26:19 24576 --a------ C:\Windows\system32\TTI32.dll <Not Verified; PoINT Software & Systems GmbH; TTI32>
2008-06-15 16:26:19 32768 --a------ C:\Windows\system32\STRING32.dll <Not Verified; PoINT Software & Systems GmbH; STRING32>
2008-06-15 16:26:19 430080 --a------ C:\Windows\system32\MXRestore.exe <Not Verified; MAGIX AG; MAGIX Restore>
2008-06-15 16:26:19 57344 --a------ C:\Windows\system32\DLLTPO32.dll <Not Verified; PoINT Software & Systems GmbH; DLLTPO32>
2008-06-15 16:26:19 192512 --a------ C:\Windows\system32\DLLRES32.dll <Not Verified; PoINT Software & Systems GmbH; DLLRES32>
2008-06-15 16:26:19 40960 --a------ C:\Windows\system32\DLLRD32.dll <Not Verified; PoINT Software & Systems GmbH; DLLRD32>
2008-06-15 16:26:19 65536 --a------ C:\Windows\system32\DLLPTL32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPTL32>
2008-06-15 16:26:19 53248 --a------ C:\Windows\system32\DLLPRJ32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPRJ32>
2008-06-15 16:26:19 49152 --a------ C:\Windows\system32\DLLPRF32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPRF32>
2008-06-15 16:26:19 36864 --a------ C:\Windows\system32\DLLPNT32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPNT32>
2008-06-15 16:26:19 32768 --a------ C:\Windows\system32\DLLMSC32.dll <Not Verified; PoINT Software & Systems GmbH; DLLMSC32>
2008-06-15 16:26:19 24576 --a------ C:\Windows\system32\DLLIX.dll <Not Verified; PoINT Software & Systems GmbH; DLLIX>
2008-06-15 16:26:19 32768 --a------ C:\Windows\system32\DLLISO32.dll <Not Verified; PoINT Software & Systems GmbH; DLLISO32>
2008-06-15 16:26:19 53248 --a------ C:\Windows\system32\DLLIO32.dll <Not Verified; PoINT Software & Systems GmbH; DLLIO32>
2008-06-15 16:26:19 45056 --a------ C:\Windows\system32\DLLIMG32.dll <Not Verified; PoINT Software & Systems GmbH; DLLIMG32>
2008-06-15 16:26:19 0 d-------- C:\Program Files\Common Files\MAGIX Shared
2008-06-15 16:26:18 151552 --a------ C:\Windows\system32\DLLDRV32.dll <Not Verified; PoINT Software & Systems GmbH; DLLDRV32>
2008-06-15 16:26:18 32768 --a------ C:\Windows\system32\DLLDIR32.dll <Not Verified; PoINT Software & Systems GmbH; DLLDIR32>
2008-06-15 16:26:18 167936 --a------ C:\Windows\system32\DLLDEV32.dll <Not Verified; PoINT Software & Systems GmbH; DLLDEV32>
2008-06-15 16:26:18 98304 --a------ C:\Windows\system32\DLLCPY32.dll <Not Verified; PoINT Software & Systems GmbH; DLLCPY32>
2008-06-15 16:26:18 61440 --a------ C:\Windows\system32\DLLCDF32.dll <Not Verified; PoINT Software & Systems GmbH; DLLCDF32>
2008-06-15 16:26:18 114688 --a------ C:\Windows\system32\DLLCDA32.dll <Not Verified; PoINT Software & Systems GmbH; PoINT CDarchive for Windows>
2008-06-15 16:26:18 618496 --a------ C:\Windows\system32\DLLAV32.dll <Not Verified; PoINT Software & Systems GmbH; PoINT CD/DVD Audio/Video SDK for Windows>
2008-06-15 16:25:26 0 d-------- C:\Users\All Users\MAGIX
2008-06-15 16:25:06 120200 --a------ C:\Windows\system32\DLLDEV32i.dll <Not Verified; ; DLLDEV32i>
2008-06-15 16:25:06 0 d-------- C:\Program Files\MAGIX
2008-06-15 16:23:38 700416 --a------ C:\Windows\system32\mgxoschk.dll <Not Verified; MAGIX AG; mgxoschk>
2008-06-15 16:23:38 0 d-------- C:\Windows\system32\MAGIX
2008-06-09 15:23:23 0 d-------- C:\Users\John Harris\EurekaLog
2008-06-08 17:45:15 0 d-------- C:\Program Files\Reasonable NoClone 2007 Home
2008-06-05 22:14:40 0 d-------- C:\Users\All Users\WindowsSearch
2008-06-03 16:37:07 0 d-------- C:\Program Files\Pure Motion
2008-06-03 08:10:25 163840 --a------ C:\Windows\system32\stamin32.dll <Not Verified; MicroDexterity, Inc.; Stamina>
2008-06-01 15:02:08 0 --a------ C:\MSDOS.SYS
2008-06-01 15:02:08 0 --a------ C:\IO.SYS
2008-06-01 14:34:12 0 d-------- C:\Users\All Users\ashampoo
2008-05-31 11:54:50 0 d-------- C:\Program Files\FileMonk


-- Find3M Report ---------------------------------------------------------------

2008-06-28 17:07:47 4184 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-06-28 13:45:48 0 d-------- C:\Users\John Harris\AppData\Roaming\Mozilla
2008-06-27 21:28:51 0 d-------- C:\Users\John Harris\AppData\Roaming\Malwarebytes
2008-06-27 21:28:27 0 d-------- C:\Users\John Harris\AppData\Roaming\Download Manager
2008-06-26 23:20:48 0 d-------- C:\Users\John Harris\AppData\Roaming\ACD Systems
2008-06-26 22:24:34 0 d-------- C:\Program Files\Common Files
2008-06-26 13:22:03 0 d-------- C:\Users\John Harris\AppData\Roaming\uTorrent
2008-06-26 08:08:32 0 d-------- C:\Program Files\Spyware Doctor
2008-06-25 15:52:09 0 d-------- C:\Users\John Harris\AppData\Roaming\Skype
2008-06-22 12:14:05 0 d-------- C:\Users\John Harris\AppData\Roaming\LimeWire
2008-06-22 11:52:32 0 d-------- C:\Users\John Harris\AppData\Roaming\Vso
2008-06-22 11:52:32 33 --a------ C:\Users\John Harris\AppData\Roaming\pcouffin.log
2008-06-22 11:52:32 7887 --a------ C:\Users\John Harris\AppData\Roaming\pcouffin.cat
2008-06-22 10:26:40 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-20 22:24:33 0 d-------- C:\Users\John Harris\AppData\Roaming\CyberLink
2008-06-20 22:17:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-20 22:16:48 0 d-------- C:\Program Files\CyberLink
2008-06-19 19:15:06 0 d-------- C:\Program Files\Google
2008-06-19 18:21:23 0 d-------- C:\Program Files\MSBuild
2008-06-18 21:32:46 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-15 20:55:20 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-15 20:51:49 0 d-------- C:\Program Files\Creative
2008-06-15 20:51:33 0 d-------- C:\Users\John Harris\AppData\Roaming\Corel
2008-06-15 20:51:33 0 d-------- C:\Program Files\Common Files\Corel
2008-06-15 16:26:45 0 d-------- C:\Users\John Harris\AppData\Roaming\MAGIX
2008-06-13 09:52:48 0 d-------- C:\Users\John Harris\AppData\Roaming\Adobe
2008-06-13 09:52:33 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-13 09:12:11 0 d-------- C:\Program Files\LimeWire
2008-06-12 09:03:44 0 d-------- C:\Program Files\Windows Mail
2008-06-08 08:51:29 0 d-------- C:\Users\John Harris\AppData\Roaming\.wyzo
2008-06-04 08:41:28 0 d-------- C:\Users\John Harris\AppData\Roaming\UseNeXT
2008-06-02 20:50:13 0 d-------- C:\Program Files\TagRename
2008-06-02 10:39:40 0 d-------- C:\Users\John Harris\AppData\Roaming\Ahead
2008-06-01 14:34:37 0 d-------- C:\Users\John Harris\AppData\Roaming\Ashampoo Photo Commander 5
2008-06-01 10:30:30 0 d-------- C:\Users\John Harris\AppData\Roaming\NCH Swift Sound
2008-05-31 12:03:14 0 d-------- C:\Users\John Harris\AppData\Roaming\Reasonable Software House Ltd
2008-05-27 17:37:30 0 d-------- C:\Program Files\Futuremark
2008-05-27 16:44:34 0 d-------- C:\Program Files\NCH Software
2008-05-27 08:53:51 0 d-------- C:\Program Files\Siber Systems
2008-05-27 08:52:56 0 d-------- C:\Users\John Harris\AppData\Roaming\GoodSync
2008-05-27 08:44:29 0 d-------- C:\Program Files\East-Tec Backup 2007
2008-05-25 18:51:10 98488 --a------ C:\Users\John Harris\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-05-25 14:58:56 0 d-------- C:\Users\John Harris\AppData\Roaming\Softland
2008-05-25 13:07:47 0 d-------- C:\Users\John Harris\AppData\Roaming\Google
2008-05-25 11:56:14 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-05-25 11:51:39 0 d-------- C:\Program Files\ScanSoft
2008-05-24 17:30:59 0 d-------- C:\Program Files\MusicBrainz Tagger
2008-05-24 12:28:11 0 d-------- C:\Program Files\MediaMonkey
2008-05-15 16:38:37 0 d-------- C:\Users\John Harris\AppData\Roaming\UK's Kalender
2008-05-14 08:52:45 0 d-------- C:\Users\John Harris\AppData\Roaming\PC Tools
2008-05-09 11:39:23 0 d-------- C:\Program Files\BCL Technologies
2008-05-09 11:39:22 0 d-------- C:\Program Files\Family Tree Maker 2008
2008-05-09 11:32:40 0 d-------- C:\Program Files\Microsoft.NET
2008-05-09 11:32:33 0 d-------- C:\Program Files\Microsoft WSE
2008-05-07 21:27:57 0 d-------- C:\Program Files\Corel
2008-05-03 20:59:00 0 d-------- C:\Users\John Harris\AppData\Roaming\foobar2000
2008-05-02 20:47:49 88 -r-hs---- C:\Windows\system32\2A23671938.sys
2008-05-02 17:26:05 0 d-------- C:\Program Files\Macromedia
2008-05-02 17:09:53 0 d-------- C:\Program Files\Common Files\Macromedia
2008-05-02 17:08:44 0 d-------- C:\Users\John Harris\AppData\Roaming\Macromedia
2008-05-02 17:01:20 0 d-------- C:\Program Files\Express Thumbnail Creator
2008-05-01 19:01:16 0 d-------- C:\Program Files\Lame MP3 Codec
2008-05-01 19:00:54 65024 --a------ C:\Windows\IFinst26.exe
2008-05-01 19:00:48 0 d-------- C:\Program Files\XviD
2008-05-01 18:59:32 0 d-------- C:\Users\John Harris\AppData\Roaming\DataCast
2008-05-01 18:59:21 0 d-------- C:\Program Files\MarkAny
2008-05-01 18:59:06 0 d-------- C:\Program Files\Samsung
2008-05-01 18:58:41 0 d-------- C:\Users\John Harris\AppData\Roaming\InstallShield
2008-05-01 12:08:58 0 d-------- C:\Users\John Harris\AppData\Roaming\ScanSoft
2008-04-21 16:41:43 21316 --a------ C:\Windows\system32\emptyregdb.dat
2008-04-18 13:41:51 0 --a------ C:\Windows\nsreg.dat
2008-03-29 19:10:19 152576 --a------ C:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-29 19:00:30 262144 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-03-29 19:00:30 86016 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/01/2008 03:23]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [11/12/2007 17:06]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [11/12/2007 17:06]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [11/12/2007 17:06]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 10:44]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55]
"OpScheduler"="C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe" []
"ScanSoft OmniPage 15.0-reminder"="C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe" [03/06/2005 15:29]
"TrayServer"="C:\Program Files\MAGIX\Movie_Edit_Pro_14_silver\TrayServer.exe" [04/12/2007 12:34]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [20/06/2008 22:14]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [10/06/2008 18:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R360 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOE.exe" [29/05/2006 04:00]
"Kalender"="C:\Program Files\Kalender\Kalender.exe" [12/10/2007 15:37]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [14/05/2008 08:52]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [21/01/2008 03:25]
"Device Detector"="DevDetect.exe" []
"cmds"="C:\Users\JOHNHA~1\AppData\Local\Temp\rqrQIARH.dll,c" []
"BM516f70f4"="C:\Users\JOHNHA~1\AppData\Local\Temp\nvojduju.dll,s" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"EPSON Stylus Photo R360 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE /FU "C:\Windows\TEMP\E_S5550.tmp" /EF "HKCU"

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [5/14/2008 8:52:18 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [23/11/2004 16:51 192512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM516f70f4]
Rundll32.exe "C:\Users\JOHNHA~1\AppData\Local\Temp\sxrqrwvo.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
rundll32.exe C:\Users\JOHNHA~1\AppData\Local\Temp\wVPiIXNE.dll,c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware15]
"C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{109ea552-0d4a-11dd-9455-001d7dd0db35}]
AutoRun\command- H:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{211a290f-0fcf-11dd-8f55-001d7dd0db35}]
AutoRun\command- .\RECYCLER\INFO
explore\Command- .\RECYCLER\INFO
Open\command- .\RECYCLER\INFO

*Newly Created Service* - AVGCLEAN

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-28 18:12:23 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E8500 @ 3.16GHz
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 3581.58 MiB / 2428.96 MiB
Pagefile Memory (total/avail): 7404.16 MiB / 6194.37 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.87 MiB

C: is Fixed (NTFS) - 78.12 GiB total, 5.86 GiB free.
D: is Fixed (NTFS) - 219.96 GiB total, 191.7 GiB free.
E: is CDROM (No Media)
H: is Fixed (NTFS) - 298.09 GiB total, 131.42 GiB free.
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD3200AAJS-00VWA0 ATA Device - 298.09 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 78.13 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 219.96 GiB - D:

\\.\PHYSICALDRIVE2 - EPSON Stylus Storage USB Device

\\.\PHYSICALDRIVE1 - Seagate External Drive USB Device - 298.09 GiB - 1 partition
\PARTITION0 - Installable File System - 298.09 GiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
AS: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
AS: Spyware Doctor v5.5.0.204 (PC Tools)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\John Harris\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOHNHARRIS-PC
ComSpec=C:\Windows\system32\cmd.exe
DFSTRACINGON=FALSE
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\John Harris
LOCALAPPDATA=C:\Users\John Harris\AppData\Local
LOGONSERVER=\\JOHNHARRIS-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\SYSTEM32;C:\Windows;C:\Windows\SYSTEM32\WBEM;C:\Windows\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1706
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\JOHNHA~1\AppData\Local\Temp
TMP=C:\Users\JOHNHA~1\AppData\Local\Temp
TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
USERDOMAIN=JohnHarris-PC
USERNAME=John Harris
USERPROFILE=C:\Users\John Harris
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

John Harris
Fran


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
3DMark06 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
ACDSee 10 Photo Manager --> MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
BCL easyConverter SDK 1.0.0 Module --> MsiExec.exe /I{A8C3083C-A1C1-4248-B0E2-14A7D9F2E9EF}
Canon ScanGear Starter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x9 anything
CanoScan Toolbox Ver4.9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x9 anything
Corel Paint Shop Pro Photo X2 --> MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9 /remove
Creative WebCam Vista Plus Driver (1.00.05.0906) --> C:\Windows\CtDrvIns.exe -uninstall -script VF0090.uns -unsext NT -plugin V0090Pin.dll -pluginres CtCamPin.crl
Creative WebCam Vista Plus User's Guide (English) --> C:\Windows\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Vista Plus\Creative WebCam Vista Plus User's Guide\English\CTManual.isu"
CyberLink PhotoNow --> "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall
CyberLink PowerDirector --> "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EPSON Printer Software --> C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ESET NOD32 Antivirus --> MsiExec.exe /I{2204AF25-80E5-468E-B46D-795685B35DEB}
ESPR360_390 User's Guide --> C:\Program Files\EPSON\TPMANUAL\ESPR360_390\ENG\USE_G\DOCUNINS.EXE
Express Thumbnail Creator 1.81 --> "C:\Program Files\Express Thumbnail Creator\unins000.exe"
Family Tree Maker 2008 --> C:\Program Files\InstallShield Installation Information\{CECB5CA0-6908-45EA-B18E-64C61B11DA99}\setup.exe -runfromtemp -l0x0409
Firebird SQL Server - MAGIX Edition --> C:\Program Files\MAGIX\Common\Database\unwise.exe
foobar2000 v0.9.4.2 --> "C:\Program Files\foobar2000\uninstall.exe"
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Lame ACM MP3 Codec --> "C:\Windows\IFinst26.exe" -UC:\Program Files\Lame MP3 Codec\IFU498F.inf
LimeWire 4.18.2 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
MAGIX Movie Edit Pro silver 7.5.2.12 (UK) --> C:\Program Files\MAGIX\Movie_Edit_Pro_14_silver\unwise.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Manual CanoScan LiDE 25 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C45EB9E5-7165-4FB0-8C31-77FC4743362F}\setup.exe" -l0x9
MediaMonkey 3.0 --> "C:\Program Files\MediaMonkey\unins000.exe"
Method Master 3.2 --> "C:\MethMast3\unins000.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Primary Interoperability Assemblies 2005 --> MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WSE 3.0 --> MsiExec.exe /I{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}
Mozilla Firefox (3.0) --> C:\P
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. Please do the following...


Please go to Start >> Run and type or copy/paste the following in the run box: "%userprofile%\desktop\dss.exe" /daft . Then press Enter
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.




NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\jlgjmpsv
    C:\VundoFix Backups
    C:\Users\John Harris\AppData\Local\Temp\rqrQIARH.dll
    C:\Users\John Harris\AppData\Local\Temp\nvojduju.dll
    C:\Users\John Harris\AppData\Local\Temp\sxrqrwvo.dll
    C:\Users\John Harris\AppData\Local\Temp\wVPiIXNE.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\cmds
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM516f70f4
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM516f70f4
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{211a290f-0fcf-11dd-8f55-001d7dd0db35}
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Please post the following logs in your next reply..

1. OTMoveIt2
2. a fresh Deckard System Scanner (after OTMoveIt2 step)


Regards
fenzodahl512
  • 0

#5
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. Please do the following...


Please go to Start >> Run and type or copy/paste the following in the run box: "%userprofile%\desktop\dss.exe" /daft . Then press Enter
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.




NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\jlgjmpsv
    C:\VundoFix Backups
    C:\Users\John Harris\AppData\Local\Temp\rqrQIARH.dll
    C:\Users\John Harris\AppData\Local\Temp\nvojduju.dll
    C:\Users\John Harris\AppData\Local\Temp\sxrqrwvo.dll
    C:\Users\John Harris\AppData\Local\Temp\wVPiIXNE.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\cmds
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM516f70f4
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM516f70f4
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{211a290f-0fcf-11dd-8f55-001d7dd0db35}
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Please post the following logs in your next reply..

1. OTMoveIt2
2. a fresh Deckard System Scanner (after OTMoveIt2 step)


Regards
fenzodahl512
  • 0

#6
westonfields

westonfields

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Everything worked as you said it would (including a reboot). Here are the logs

Deckard's System Scanner v20071014.68
Run by John Harris on 2008-06-28 20:17:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 5.76 GiB (less than 15%) free.


-- HijackThis (run as John Harris.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:17:15, on 28/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\SYSTEM32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\notepad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Kalender\Kalender.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\John Harris\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JOHNHA~1.EXE
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.peakhouse54.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe"
O4 - HKLM\..\Run: [ScanSoft OmniPage 15.0-reminder] "C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage15.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_14_silver\TrayServer.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [EPSON Stylus Photo R360 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE /FU "C:\Users\JOHNHA~1\AppData\Local\Temp\E_S8098.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Kalender] C:\Program Files\Kalender\Kalender.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JOHNHA~1\AppData\Local\Temp\rqrQIARH.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus Photo R360 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE /FU "C:\Windows\TEMP\E_S5550.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [EPSON Stylus Photo R360 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE /FU "C:\Windows\TEMP\E_S5550.tmp" /EF "HKCU" (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 10908 bytes

-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-27 21:28:48 0 d-------- C:\Users\All Users\Malwarebytes
2008-06-27 21:28:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 07:26:36 0 d-------- C:\Program Files\Enigma Software Group
2008-06-26 22:24:48 0 d-------- C:\Users\All Users\ACD Systems
2008-06-26 22:24:34 0 d-------- C:\Program Files\Common Files\ACD Systems
2008-06-26 22:24:34 0 d-------- C:\Program Files\ACD Systems
2008-06-26 21:27:24 262144 --a------ C:\ntuser.dat
2008-06-26 07:57:35 0 d-------- C:\Users\All Users\ESET
2008-06-26 07:45:24 0 d-------- C:\Users\All Users\Avg8
2008-06-26 00:00:49 0 d-------- C:\Program Files\Panda Security
2008-06-25 00:07:05 0 d-------- C:\Users\John Harris\.housecall6.6
2008-06-24 08:29:09 0 d-------- C:\Program Files\Trend Micro
2008-06-20 22:25:08 0 d-------- C:\Users\All Users\CyberLink
2008-06-20 22:15:46 0 d-------- C:\Users\All Users\SmartSound Software Inc
2008-06-20 22:15:46 0 d-------- C:\Program Files\SmartSound Software
2008-06-20 22:14:33 0 d-------- C:\Program Files\QuickTime
2008-06-20 22:14:20 0 d-------- C:\Users\All Users\Apple Computer
2008-06-19 23:45:53 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-19 18:21:39 0 d-------- C:\Program Files\Microsoft Works
2008-06-19 18:20:43 0 d-------- C:\Windows\PCHEALTH
2008-06-19 18:04:27 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-19 18:01:02 0 dr-h----- C:\MSOCache
2008-06-15 23:33:26 0 d-------- C:\Windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-06-15 23:24:17 0 d-------- C:\Program Files\Lavasoft
2008-06-15 23:24:16 0 d-------- C:\Users\All Users\Lavasoft
2008-06-15 23:23:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 16:26:19 24576 --a------ C:\Windows\system32\TTIC32.dll <Not Verified; PoINT Software & Systems GmbH; TTIC32>
2008-06-15 16:26:19 24576 --a------ C:\Windows\system32\TTI32.dll <Not Verified; PoINT Software & Systems GmbH; TTI32>
2008-06-15 16:26:19 32768 --a------ C:\Windows\system32\STRING32.dll <Not Verified; PoINT Software & Systems GmbH; STRING32>
2008-06-15 16:26:19 430080 --a------ C:\Windows\system32\MXRestore.exe <Not Verified; MAGIX AG; MAGIX Restore>
2008-06-15 16:26:19 57344 --a------ C:\Windows\system32\DLLTPO32.dll <Not Verified; PoINT Software & Systems GmbH; DLLTPO32>
2008-06-15 16:26:19 192512 --a------ C:\Windows\system32\DLLRES32.dll <Not Verified; PoINT Software & Systems GmbH; DLLRES32>
2008-06-15 16:26:19 40960 --a------ C:\Windows\system32\DLLRD32.dll <Not Verified; PoINT Software & Systems GmbH; DLLRD32>
2008-06-15 16:26:19 65536 --a------ C:\Windows\system32\DLLPTL32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPTL32>
2008-06-15 16:26:19 53248 --a------ C:\Windows\system32\DLLPRJ32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPRJ32>
2008-06-15 16:26:19 49152 --a------ C:\Windows\system32\DLLPRF32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPRF32>
2008-06-15 16:26:19 36864 --a------ C:\Windows\system32\DLLPNT32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPNT32>
2008-06-15 16:26:19 32768 --a------ C:\Windows\system32\DLLMSC32.dll <Not Verified; PoINT Software & Systems GmbH; DLLMSC32>
2008-06-15 16:26:19 24576 --a------ C:\Windows\system32\DLLIX.dll <Not Verified; PoINT Software & Systems GmbH; DLLIX>
2008-06-15 16:26:19 32768 --a------ C:\Windows\system32\DLLISO32.dll <Not Verified; PoINT Software & Systems GmbH; DLLISO32>
2008-06-15 16:26:19 53248 --a------ C:\Windows\system32\DLLIO32.dll <Not Verified; PoINT Software & Systems GmbH; DLLIO32>
2008-06-15 16:26:19 45056 --a------ C:\Windows\system32\DLLIMG32.dll <Not Verified; PoINT Software & Systems GmbH; DLLIMG32>
2008-06-15 16:26:19 0 d-------- C:\Program Files\Common Files\MAGIX Shared
2008-06-15 16:26:18 151552 --a------ C:\Windows\system32\DLLDRV32.dll <Not Verified; PoINT Software & Systems GmbH; DLLDRV32>
2008-06-15 16:26:18 32768 --a------ C:\Windows\system32\DLLDIR32.dll <Not Verified; PoINT Software & Systems GmbH; DLLDIR32>
2008-06-15 16:26:18 167936 --a------ C:\Windows\system32\DLLDEV32.dll <Not Verified; PoINT Software & Systems GmbH; DLLDEV32>
2008-06-15 16:26:18 98304 --a------ C:\Windows\system32\DLLCPY32.dll <Not Verified; PoINT Software & Systems GmbH; DLLCPY32>
2008-06-15 16:26:18 61440 --a------ C:\Windows\system32\DLLCDF32.dll <Not Verified; PoINT Software & Systems GmbH; DLLCDF32>
2008-06-15 16:26:18 114688 --a------ C:\Windows\system32\DLLCDA32.dll <Not Verified; PoINT Software & Systems GmbH; PoINT CDarchive for Windows>
2008-06-15 16:26:18 618496 --a------ C:\Windows\system32\DLLAV32.dll <Not Verified; PoINT Software & Systems GmbH; PoINT CD/DVD Audio/Video SDK for Windows>
2008-06-15 16:25:26 0 d-------- C:\Users\All Users\MAGIX
2008-06-15 16:25:06 120200 --a------ C:\Windows\system32\DLLDEV32i.dll <Not Verified; ; DLLDEV32i>
2008-06-15 16:25:06 0 d-------- C:\Program Files\MAGIX
2008-06-15 16:23:38 700416 --a------ C:\Windows\system32\mgxoschk.dll <Not Verified; MAGIX AG; mgxoschk>
2008-06-15 16:23:38 0 d-------- C:\Windows\system32\MAGIX
2008-06-09 15:23:23 0 d-------- C:\Users\John Harris\EurekaLog
2008-06-08 17:45:15 0 d-------- C:\Program Files\Reasonable NoClone 2007 Home
2008-06-05 22:14:40 0 d-------- C:\Users\All Users\WindowsSearch
2008-06-03 16:37:07 0 d-------- C:\Program Files\Pure Motion
2008-06-03 08:10:25 163840 --a------ C:\Windows\system32\stamin32.dll <Not Verified; MicroDexterity, Inc.; Stamina>
2008-06-01 15:02:08 0 --a------ C:\MSDOS.SYS
2008-06-01 15:02:08 0 --a------ C:\IO.SYS
2008-06-01 14:34:12 0 d-------- C:\Users\All Users\ashampoo
2008-05-31 11:54:50 0 d-------- C:\Program Files\FileMonk


-- Find3M Report ---------------------------------------------------------------

2008-06-28 18:28:30 4184 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-06-28 13:45:48 0 d-------- C:\Users\John Harris\AppData\Roaming\Mozilla
2008-06-27 21:28:51 0 d-------- C:\Users\John Harris\AppData\Roaming\Malwarebytes
2008-06-27 21:28:27 0 d-------- C:\Users\John Harris\AppData\Roaming\Download Manager
2008-06-26 23:20:48 0 d-------- C:\Users\John Harris\AppData\Roaming\ACD Systems
2008-06-26 22:24:34 0 d-------- C:\Program Files\Common Files
2008-06-26 13:22:03 0 d-------- C:\Users\John Harris\AppData\Roaming\uTorrent
2008-06-26 08:08:32 0 d-------- C:\Program Files\Spyware Doctor
2008-06-25 15:52:09 0 d-------- C:\Users\John Harris\AppData\Roaming\Skype
2008-06-22 12:14:05 0 d-------- C:\Users\John Harris\AppData\Roaming\LimeWire
2008-06-22 11:52:32 0 d-------- C:\Users\John Harris\AppData\Roaming\Vso
2008-06-22 11:52:32 33 --a------ C:\Users\John Harris\AppData\Roaming\pcouffin.log
2008-06-22 11:52:32 7887 --a------ C:\Users\John Harris\AppData\Roaming\pcouffin.cat
2008-06-22 10:26:40 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-20 22:24:33 0 d-------- C:\Users\John Harris\AppData\Roaming\CyberLink
2008-06-20 22:17:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-20 22:16:48 0 d-------- C:\Program Files\CyberLink
2008-06-19 19:15:06 0 d-------- C:\Program Files\Google
2008-06-19 18:21:23 0 d-------- C:\Program Files\MSBuild
2008-06-18 21:32:46 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-15 20:55:20 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-15 20:51:49 0 d-------- C:\Program Files\Creative
2008-06-15 20:51:33 0 d-------- C:\Users\John Harris\AppData\Roaming\Corel
2008-06-15 20:51:33 0 d-------- C:\Program Files\Common Files\Corel
2008-06-15 16:26:45 0 d-------- C:\Users\John Harris\AppData\Roaming\MAGIX
2008-06-13 09:52:48 0 d-------- C:\Users\John Harris\AppData\Roaming\Adobe
2008-06-13 09:52:33 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-13 09:12:11 0 d-------- C:\Program Files\LimeWire
2008-06-12 09:03:44 0 d-------- C:\Program Files\Windows Mail
2008-06-08 08:51:29 0 d-------- C:\Users\John Harris\AppData\Roaming\.wyzo
2008-06-04 08:41:28 0 d-------- C:\Users\John Harris\AppData\Roaming\UseNeXT
2008-06-02 20:50:13 0 d-------- C:\Program Files\TagRename
2008-06-02 10:39:40 0 d-------- C:\Users\John Harris\AppData\Roaming\Ahead
2008-06-01 14:34:37 0 d-------- C:\Users\John Harris\AppData\Roaming\Ashampoo Photo Commander 5
2008-06-01 10:30:30 0 d-------- C:\Users\John Harris\AppData\Roaming\NCH Swift Sound
2008-05-31 12:03:14 0 d-------- C:\Users\John Harris\AppData\Roaming\Reasonable Software House Ltd
2008-05-27 17:37:30 0 d-------- C:\Program Files\Futuremark
2008-05-27 16:44:34 0 d-------- C:\Program Files\NCH Software
2008-05-27 08:53:51 0 d-------- C:\Program Files\Siber Systems
2008-05-27 08:52:56 0 d-------- C:\Users\John Harris\AppData\Roaming\GoodSync
2008-05-27 08:44:29 0 d-------- C:\Program Files\East-Tec Backup 2007
2008-05-25 18:51:10 98488 --a------ C:\Users\John Harris\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-05-25 14:58:56 0 d-------- C:\Users\John Harris\AppData\Roaming\Softland
2008-05-25 13:07:47 0 d-------- C:\Users\John Harris\AppData\Roaming\Google
2008-05-25 11:56:14 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-05-25 11:51:39 0 d-------- C:\Program Files\ScanSoft
2008-05-24 17:30:59 0 d-------- C:\Program Files\MusicBrainz Tagger
2008-05-24 12:28:11 0 d-------- C:\Program Files\MediaMonkey
2008-05-15 16:38:37 0 d-------- C:\Users\John Harris\AppData\Roaming\UK's Kalender
2008-05-14 08:52:45 0 d-------- C:\Users\John Harris\AppData\Roaming\PC Tools
2008-05-09 11:39:23 0 d-------- C:\Program Files\BCL Technologies
2008-05-09 11:39:22 0 d-------- C:\Program Files\Family Tree Maker 2008
2008-05-09 11:32:40 0 d-------- C:\Program Files\Microsoft.NET
2008-05-09 11:32:33 0 d-------- C:\Program Files\Microsoft WSE
2008-05-07 21:27:57 0 d-------- C:\Program Files\Corel
2008-05-03 20:59:00 0 d-------- C:\Users\John Harris\AppData\Roaming\foobar2000
2008-05-02 20:47:49 88 -r-hs---- C:\Windows\system32\2A23671938.sys
2008-05-02 17:26:05 0 d-------- C:\Program Files\Macromedia
2008-05-02 17:09:53 0 d-------- C:\Program Files\Common Files\Macromedia
2008-05-02 17:08:44 0 d-------- C:\Users\John Harris\AppData\Roaming\Macromedia
2008-05-02 17:01:20 0 d-------- C:\Program Files\Express Thumbnail Creator
2008-05-01 19:01:16 0 d-------- C:\Program Files\Lame MP3 Codec
2008-05-01 19:00:54 65024 --a------ C:\Windows\IFinst26.exe
2008-05-01 19:00:48 0 d-------- C:\Program Files\XviD
2008-05-01 18:59:32 0 d-------- C:\Users\John Harris\AppData\Roaming\DataCast
2008-05-01 18:59:21 0 d-------- C:\Program Files\MarkAny
2008-05-01 18:59:06 0 d-------- C:\Program Files\Samsung
2008-05-01 18:58:41 0 d-------- C:\Users\John Harris\AppData\Roaming\InstallShield
2008-05-01 12:08:58 0 d-------- C:\Users\John Harris\AppData\Roaming\ScanSoft
2008-04-21 16:41:43 21316 --a------ C:\Windows\system32\emptyregdb.dat
2008-04-18 13:41:51 0 --a------ C:\Windows\nsreg.dat
2008-03-29 19:10:19 152576 --a------ C:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-29 19:00:30 262144 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-03-29 19:00:30 86016 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/01/2008 03:23]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [11/12/2007 17:06]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [11/12/2007 17:06]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [11/12/2007 17:06]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 10:44]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55]
"OpScheduler"="C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe" []
"ScanSoft OmniPage 15.0-reminder"="C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe" [03/06/2005 15:29]
"TrayServer"="C:\Program Files\MAGIX\Movie_Edit_Pro_14_silver\TrayServer.exe" [04/12/2007 12:34]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [20/06/2008 22:14]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [10/06/2008 18:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R360 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOE.exe" [29/05/2006 04:00]
"Kalender"="C:\Program Files\Kalender\Kalender.exe" [12/10/2007 15:37]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [14/05/2008 08:52]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [21/01/2008 03:25]
"Device Detector"="DevDetect.exe" []
"cmds"="C:\Users\JOHNHA~1\AppData\Local\Temp\rqrQIARH.dll,c" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"EPSON Stylus Photo R360 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE /FU "C:\Windows\TEMP\E_S5550.tmp" /EF "HKCU"

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [5/14/2008 8:52:18 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [23/11/2004 16:51 192512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware15]
"C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{109ea552-0d4a-11dd-9455-001d7dd0db35}]
AutoRun\command- H:\InstallTomTomHOME.exe

*Newly Created Service* - AVGCLEAN

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-28 20:17:39 ------------

Explorer killed successfully
C:\jlgjmpsv moved successfully.
C:\VundoFix Backups moved successfully.
File/Folder C:\Users\John Harris\AppData\Local\Temp\rqrQIARH.dll not found.
File/Folder C:\Users\John Harris\AppData\Local\Temp\nvojduju.dll not found.
File/Folder C:\Users\John Harris\AppData\Local\Temp\sxrqrwvo.dll not found.
File/Folder C:\Users\John Harris\AppData\Local\Temp\wVPiIXNE.dll not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\cmds >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\cmds deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM516f70f4 >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM516f70f4 deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM516f70f4 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM516f70f4\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{211a290f-0fcf-11dd-8f55-001d7dd0db35} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{211a290f-0fcf-11dd-8f55-001d7dd0db35}\\ deleted successfully.
< EmptyTemp >
File delete failed. C:\Windows\temp\TMP0000005D1BF97ECB9420BE3D scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 06282008_190622

Files moved on Reboot...
File C:\Windows\temp\TMP0000005D1BF97ECB9420BE3D not found!
  • 0

#7
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Unfortunately, some of those baddies returned.. So we will need to do this..

Please disable these programs prior to our fix.. Please re-enable them back after you complete all steps given..

1. Spyware Doctor
2. Lavasoft Ad-Aware
3. ESET NOD32 Antivirus
4. Windows Defender

Please visit HERE if you do not know how..




NEXT


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JOHNHA~1\AppData\Local\Temp\rqrQIARH.dll,c

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


I noticed that you already have Malwarebytes' Anti-Malware. Please run and update it..
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Please post the following logs in your next reply..

1. Malwarebytes' Anti-Malware
2. A fresh Deckard System Scanner (after Malwarebytes' step)
3. Tell me about your computer condition..


Regards
fenzodahl512
  • 0

#8
westonfields

westonfields

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I had a power failure in the middle of the malwarebytes scan which has delayed this answer but here are the logs.

I have had a quick surf on the internet and the computer seems to be ok again!

Malwarebytes' Anti-Malware 1.19
Database version: 901
Windows 6.0.6001 Service Pack 1

07:13:28 29/06/2008
mbam-log-6-29-2008 (07-13-28).txt

Scan type: Full Scan (C:\|D:\|H:\|)
Objects scanned: 280329
Time elapsed: 56 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 28

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c5e84927-cff0-4ca3-a068-02e7c01c1e7c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\cbXpnKET.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\efcDUNfe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\fccBrOIC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\geBsRHWq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\jkkkKbbB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\khfFwvtU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\pmnOifCv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\qoMCuVoo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\rqRIcyVl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\rqRKAtqP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\tmp00009a89 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\tmp00009e8f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\tmp0000b4cd (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\tmp0000b7f8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\tmp0000c254 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\tmp0001d9da (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\tmp0002dcb7 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\tmp000365e3 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\tmp00037d3a (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\tmp000425c8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\tmp0006b48f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\tmp000ad3a3 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\tmp00113504 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\tmp001c65b5 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\tmp0026698c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\tmp002919c7 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\tmp0036cdca (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080628190219\backup\Users\JOHNHA~1\AppData\Local\Temp\vtUopPhg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Deckard's System Scanner v20071014.68
Run by John Harris on 2008-06-29 07:15:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as John Harris.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:15:14, on 29/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\SYSTEM32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Kalender\Kalender.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\John Harris\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JOHNHA~1.EXE
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.peakhouse54.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe"
O4 - HKLM\..\Run: [ScanSoft OmniPage 15.0-reminder] "C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage15.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_14_silver\TrayServer.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [EPSON Stylus Photo R360 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE /FU "C:\Users\JOHNHA~1\AppData\Local\Temp\E_S8098.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Kalender] C:\Program Files\Kalender\Kalender.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus Photo R360 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE /FU "C:\Windows\TEMP\E_S5550.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [EPSON Stylus Photo R360 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE /FU "C:\Windows\TEMP\E_S5550.tmp" /EF "HKCU" (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 10546 bytes

-- Files created between 2008-05-29 and 2008-06-29 -----------------------------

2008-06-27 21:28:48 0 d-------- C:\Users\All Users\Malwarebytes
2008-06-27 21:28:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 07:26:36 0 d-------- C:\Program Files\Enigma Software Group
2008-06-26 22:24:48 0 d-------- C:\Users\All Users\ACD Systems
2008-06-26 22:24:34 0 d-------- C:\Program Files\Common Files\ACD Systems
2008-06-26 22:24:34 0 d-------- C:\Program Files\ACD Systems
2008-06-26 21:27:24 262144 --a------ C:\ntuser.dat
2008-06-26 07:57:35 0 d-------- C:\Users\All Users\ESET
2008-06-26 07:45:24 0 d-------- C:\Users\All Users\Avg8
2008-06-26 00:00:49 0 d-------- C:\Program Files\Panda Security
2008-06-25 00:07:05 0 d-------- C:\Users\John Harris\.housecall6.6
2008-06-24 08:29:09 0 d-------- C:\Program Files\Trend Micro
2008-06-20 22:25:08 0 d-------- C:\Users\All Users\CyberLink
2008-06-20 22:15:46 0 d-------- C:\Users\All Users\SmartSound Software Inc
2008-06-20 22:15:46 0 d-------- C:\Program Files\SmartSound Software
2008-06-20 22:14:33 0 d-------- C:\Program Files\QuickTime
2008-06-20 22:14:20 0 d-------- C:\Users\All Users\Apple Computer
2008-06-19 23:45:53 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-19 18:21:39 0 d-------- C:\Program Files\Microsoft Works
2008-06-19 18:20:43 0 d-------- C:\Windows\PCHEALTH
2008-06-19 18:04:27 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-19 18:01:02 0 dr-h----- C:\MSOCache
2008-06-15 23:24:16 0 d-------- C:\Users\All Users\Lavasoft
2008-06-15 16:26:19 24576 --a------ C:\Windows\system32\TTIC32.dll <Not Verified; PoINT Software & Systems GmbH; TTIC32>
2008-06-15 16:26:19 24576 --a------ C:\Windows\system32\TTI32.dll <Not Verified; PoINT Software & Systems GmbH; TTI32>
2008-06-15 16:26:19 32768 --a------ C:\Windows\system32\STRING32.dll <Not Verified; PoINT Software & Systems GmbH; STRING32>
2008-06-15 16:26:19 430080 --a------ C:\Windows\system32\MXRestore.exe <Not Verified; MAGIX AG; MAGIX Restore>
2008-06-15 16:26:19 57344 --a------ C:\Windows\system32\DLLTPO32.dll <Not Verified; PoINT Software & Systems GmbH; DLLTPO32>
2008-06-15 16:26:19 192512 --a------ C:\Windows\system32\DLLRES32.dll <Not Verified; PoINT Software & Systems GmbH; DLLRES32>
2008-06-15 16:26:19 40960 --a------ C:\Windows\system32\DLLRD32.dll <Not Verified; PoINT Software & Systems GmbH; DLLRD32>
2008-06-15 16:26:19 65536 --a------ C:\Windows\system32\DLLPTL32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPTL32>
2008-06-15 16:26:19 53248 --a------ C:\Windows\system32\DLLPRJ32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPRJ32>
2008-06-15 16:26:19 49152 --a------ C:\Windows\system32\DLLPRF32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPRF32>
2008-06-15 16:26:19 36864 --a------ C:\Windows\system32\DLLPNT32.dll <Not Verified; PoINT Software & Systems GmbH; DLLPNT32>
2008-06-15 16:26:19 32768 --a------ C:\Windows\system32\DLLMSC32.dll <Not Verified; PoINT Software & Systems GmbH; DLLMSC32>
2008-06-15 16:26:19 24576 --a------ C:\Windows\system32\DLLIX.dll <Not Verified; PoINT Software & Systems GmbH; DLLIX>
2008-06-15 16:26:19 32768 --a------ C:\Windows\system32\DLLISO32.dll <Not Verified; PoINT Software & Systems GmbH; DLLISO32>
2008-06-15 16:26:19 53248 --a------ C:\Windows\system32\DLLIO32.dll <Not Verified; PoINT Software & Systems GmbH; DLLIO32>
2008-06-15 16:26:19 45056 --a------ C:\Windows\system32\DLLIMG32.dll <Not Verified; PoINT Software & Systems GmbH; DLLIMG32>
2008-06-15 16:26:19 0 d-------- C:\Program Files\Common Files\MAGIX Shared
2008-06-15 16:26:18 151552 --a------ C:\Windows\system32\DLLDRV32.dll <Not Verified; PoINT Software & Systems GmbH; DLLDRV32>
2008-06-15 16:26:18 32768 --a------ C:\Windows\system32\DLLDIR32.dll <Not Verified; PoINT Software & Systems GmbH; DLLDIR32>
2008-06-15 16:26:18 167936 --a------ C:\Windows\system32\DLLDEV32.dll <Not Verified; PoINT Software & Systems GmbH; DLLDEV32>
2008-06-15 16:26:18 98304 --a------ C:\Windows\system32\DLLCPY32.dll <Not Verified; PoINT Software & Systems GmbH; DLLCPY32>
2008-06-15 16:26:18 61440 --a------ C:\Windows\system32\DLLCDF32.dll <Not Verified; PoINT Software & Systems GmbH; DLLCDF32>
2008-06-15 16:26:18 114688 --a------ C:\Windows\system32\DLLCDA32.dll <Not Verified; PoINT Software & Systems GmbH; PoINT CDarchive for Windows>
2008-06-15 16:26:18 618496 --a------ C:\Windows\system32\DLLAV32.dll <Not Verified; PoINT Software & Systems GmbH; PoINT CD/DVD Audio/Video SDK for Windows>
2008-06-15 16:25:26 0 d-------- C:\Users\All Users\MAGIX
2008-06-15 16:25:06 120200 --a------ C:\Windows\system32\DLLDEV32i.dll <Not Verified; ; DLLDEV32i>
2008-06-15 16:25:06 0 d-------- C:\Program Files\MAGIX
2008-06-15 16:23:38 700416 --a------ C:\Windows\system32\mgxoschk.dll <Not Verified; MAGIX AG; mgxoschk>
2008-06-15 16:23:38 0 d-------- C:\Windows\system32\MAGIX
2008-06-09 15:23:23 0 d-------- C:\Users\John Harris\EurekaLog
2008-06-08 17:45:15 0 d-------- C:\Program Files\Reasonable NoClone 2007 Home
2008-06-05 22:14:40 0 d-------- C:\Users\All Users\WindowsSearch
2008-06-03 16:37:07 0 d-------- C:\Program Files\Pure Motion
2008-06-03 08:10:25 163840 --a------ C:\Windows\system32\stamin32.dll <Not Verified; MicroDexterity, Inc.; Stamina>
2008-06-01 15:02:08 0 --a------ C:\MSDOS.SYS
2008-06-01 15:02:08 0 --a------ C:\IO.SYS
2008-06-01 14:34:12 0 d-------- C:\Users\All Users\ashampoo
2008-05-31 11:54:50 0 d-------- C:\Program Files\FileMonk


-- Find3M Report ---------------------------------------------------------------

2008-06-29 05:55:13 0 d-------- C:\Program Files\Common Files
2008-06-28 18:28:30 4184 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-06-28 13:45:48 0 d-------- C:\Users\John Harris\AppData\Roaming\Mozilla
2008-06-27 21:28:51 0 d-------- C:\Users\John Harris\AppData\Roaming\Malwarebytes
2008-06-27 21:28:27 0 d-------- C:\Users\John Harris\AppData\Roaming\Download Manager
2008-06-26 23:20:48 0 d-------- C:\Users\John Harris\AppData\Roaming\ACD Systems
2008-06-26 13:22:03 0 d-------- C:\Users\John Harris\AppData\Roaming\uTorrent
2008-06-26 08:08:32 0 d-------- C:\Program Files\Spyware Doctor
2008-06-25 15:52:09 0 d-------- C:\Users\John Harris\AppData\Roaming\Skype
2008-06-22 12:14:05 0 d-------- C:\Users\John Harris\AppData\Roaming\LimeWire
2008-06-22 11:52:32 0 d-------- C:\Users\John Harris\AppData\Roaming\Vso
2008-06-22 11:52:32 33 --a------ C:\Users\John Harris\AppData\Roaming\pcouffin.log
2008-06-22 11:52:32 7887 --a------ C:\Users\John Harris\AppData\Roaming\pcouffin.cat
2008-06-20 22:24:33 0 d-------- C:\Users\John Harris\AppData\Roaming\CyberLink
2008-06-20 22:17:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-20 22:16:48 0 d-------- C:\Program Files\CyberLink
2008-06-19 19:15:06 0 d-------- C:\Program Files\Google
2008-06-19 18:21:23 0 d-------- C:\Program Files\MSBuild
2008-06-18 21:32:46 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-15 20:55:20 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-15 20:51:49 0 d-------- C:\Program Files\Creative
2008-06-15 20:51:33 0 d-------- C:\Users\John Harris\AppData\Roaming\Corel
2008-06-15 20:51:33 0 d-------- C:\Program Files\Common Files\Corel
2008-06-15 16:26:45 0 d-------- C:\Users\John Harris\AppData\Roaming\MAGIX
2008-06-13 09:52:48 0 d-------- C:\Users\John Harris\AppData\Roaming\Adobe
2008-06-13 09:52:33 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-13 09:12:11 0 d-------- C:\Program Files\LimeWire
2008-06-12 09:03:44 0 d-------- C:\Program Files\Windows Mail
2008-06-08 08:51:29 0 d-------- C:\Users\John Harris\AppData\Roaming\.wyzo
2008-06-04 08:41:28 0 d-------- C:\Users\John Harris\AppData\Roaming\UseNeXT
2008-06-02 20:50:13 0 d-------- C:\Program Files\TagRename
2008-06-02 10:39:40 0 d-------- C:\Users\John Harris\AppData\Roaming\Ahead
2008-06-01 14:34:37 0 d-------- C:\Users\John Harris\AppData\Roaming\Ashampoo Photo Commander 5
2008-06-01 10:30:30 0 d-------- C:\Users\John Harris\AppData\Roaming\NCH Swift Sound
2008-05-31 12:03:14 0 d-------- C:\Users\John Harris\AppData\Roaming\Reasonable Software House Ltd
2008-05-27 17:37:30 0 d-------- C:\Program Files\Futuremark
2008-05-27 16:44:34 0 d-------- C:\Program Files\NCH Software
2008-05-27 08:53:51 0 d-------- C:\Program Files\Siber Systems
2008-05-27 08:52:56 0 d-------- C:\Users\John Harris\AppData\Roaming\GoodSync
2008-05-27 08:44:29 0 d-------- C:\Program Files\East-Tec Backup 2007
2008-05-25 18:51:10 98488 --a------ C:\Users\John Harris\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-05-25 14:58:56 0 d-------- C:\Users\John Harris\AppData\Roaming\Softland
2008-05-25 13:07:47 0 d-------- C:\Users\John Harris\AppData\Roaming\Google
2008-05-25 11:56:14 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-05-25 11:51:39 0 d-------- C:\Program Files\ScanSoft
2008-05-24 17:30:59 0 d-------- C:\Program Files\MusicBrainz Tagger
2008-05-24 12:28:11 0 d-------- C:\Program Files\MediaMonkey
2008-05-15 16:38:37 0 d-------- C:\Users\John Harris\AppData\Roaming\UK's Kalender
2008-05-14 08:52:45 0 d-------- C:\Users\John Harris\AppData\Roaming\PC Tools
2008-05-09 11:39:23 0 d-------- C:\Program Files\BCL Technologies
2008-05-09 11:39:22 0 d-------- C:\Program Files\Family Tree Maker 2008
2008-05-09 11:32:40 0 d-------- C:\Program Files\Microsoft.NET
2008-05-09 11:32:33 0 d-------- C:\Program Files\Microsoft WSE
2008-05-07 21:27:57 0 d-------- C:\Program Files\Corel
2008-05-03 20:59:00 0 d-------- C:\Users\John Harris\AppData\Roaming\foobar2000
2008-05-02 20:47:49 88 -r-hs---- C:\Windows\system32\2A23671938.sys
2008-05-02 17:26:05 0 d-------- C:\Program Files\Macromedia
2008-05-02 17:09:53 0 d-------- C:\Program Files\Common Files\Macromedia
2008-05-02 17:08:44 0 d-------- C:\Users\John Harris\AppData\Roaming\Macromedia
2008-05-02 17:01:20 0 d-------- C:\Program Files\Express Thumbnail Creator
2008-05-01 19:01:16 0 d-------- C:\Program Files\Lame MP3 Codec
2008-05-01 19:00:54 65024 --a------ C:\Windows\IFinst26.exe
2008-05-01 19:00:48 0 d-------- C:\Program Files\XviD
2008-05-01 18:59:32 0 d-------- C:\Users\John Harris\AppData\Roaming\DataCast
2008-05-01 18:59:21 0 d-------- C:\Program Files\MarkAny
2008-05-01 18:59:06 0 d-------- C:\Program Files\Samsung
2008-05-01 18:58:41 0 d-------- C:\Users\John Harris\AppData\Roaming\InstallShield
2008-05-01 12:08:58 0 d-------- C:\Users\John Harris\AppData\Roaming\ScanSoft
2008-04-21 16:41:43 21316 --a------ C:\Windows\system32\emptyregdb.dat
2008-04-18 13:41:51 0 --a------ C:\Windows\nsreg.dat
2008-03-29 19:10:19 152576 --a------ C:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-29 19:00:30 262144 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-03-29 19:00:30 86016 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/01/2008 03:23]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [11/12/2007 17:06]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [11/12/2007 17:06]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [11/12/2007 17:06]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 10:44]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55]
"OpScheduler"="C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe" []
"ScanSoft OmniPage 15.0-reminder"="C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe" [03/06/2005 15:29]
"TrayServer"="C:\Program Files\MAGIX\Movie_Edit_Pro_14_silver\TrayServer.exe" [04/12/2007 12:34]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [20/06/2008 22:14]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [10/06/2008 18:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R360 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOE.exe" [29/05/2006 04:00]
"Kalender"="C:\Program Files\Kalender\Kalender.exe" [12/10/2007 15:37]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [14/05/2008 08:52]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [21/01/2008 03:25]
"Device Detector"="DevDetect.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"EPSON Stylus Photo R360 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE /FU "C:\Windows\TEMP\E_S5550.tmp" /EF "HKCU"

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [5/14/2008 8:52:18 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [23/11/2004 16:51 192512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware15]
"C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{109ea552-0d4a-11dd-9455-001d7dd0db35}]
AutoRun\command- H:\InstallTomTomHOME.exe

*Newly Created Service* - AVGCLEAN

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-29 07:15:40 ------------
  • 0

#9
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Its great to hear that.. Your logs look clean to my eyes..


Now for some cleanup..
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.




NEXT


Please Install/Update Sun Java

Updating Java:
  • Go to Start --> Control Panel --> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  • It should have next icon next to it: Posted Image
  • Select it and click Remove. This will uninstall the previous (outdated) version of Java.
  • Then Download and install the newest version from here: Java Runtime Environment (JRE) 6 Update 6




NEXT


Let's clean your Restore Points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous Restore Points which are likely to be infected)
To create a new Restore Point.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK. This will flush your old System Restore.
  • Then please UNCHECK the Turn off System Restore.
  • Click again on Apply, and then click OK. This will create a new Restore Point
System Restore will now be active again

If you are using Windows Vista, please go HERE for tutorial on how to use, disable and enable System Restore




NEXT



I noticed that you already have:

1. ESET NOD32 Antivirus as your antivirus
2. Malwarebytes' Anti-Malware as your antispyware..



However, I haven't seen any third-party firewall in your logs.. Do you have any? If you don't, please install ONLY ONE of these free and excellent firewall below:
After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.




Lastly, to keep your operating system up to date please visit the link below monthly

To learn more about how to protect yourself while on the internet read this excellent article by Tony Klein: So how did I get infected in the first place?

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#10
westonfields

westonfields

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
All done! I have surfed and updated antivirus etc including the firewall although I thought I would not need one as I am behind a router. Computer is performing as fast as it was before.

I hate to say this but I think I am clear!

Thank you very very much.

Westonfields
  • 0

#11
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP