Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Buggy Virus [RESOLVED]


  • This topic is locked This topic is locked

#1
Jrt2006

Jrt2006

    Member

  • Member
  • PipPip
  • 42 posts
So I just came to my parents house and my younger brother has a Toshiba laptop that was just full of infections. I ran through the cleaning process had removed everything but now when I do random scans, a trojan is still always present. The problems it causes is a background warning for internet security, Webpage redirection due to a possibly infected computer and sometimes a pop up that scans your computer for viruses and lures you into buying a very expensive virus scanner.

Here are my logs:

Malwarebytes' Anti-Malware 1.19
Database version: 900
Windows 5.1.2600 Service Pack 2

8:52:19 AM 7/5/2008
mbam-log-7-5-2008 (08-52-19).txt

Scan type: Quick Scan
Objects scanned: 41622
Time elapsed: 4 minute(s), 36 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\system32\pphc5glj0egbe.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\pphc5glj0egbe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/05/2008 at 09:50 AM

Application Version : 4.15.1000

Core Rules Database Version : 3497
Trace Rules Database Version: 1488

Scan type : Complete Scan
Total Scan Time : 00:18:02

Memory items scanned : 338
Memory threats detected : 0
Registry items scanned : 3366
Registry threats detected : 0
File items scanned : 31761
File threats detected : 0




;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-05 10:20:18
PROTECTIONS: 0
MALWARE: 4
SUSPECTS: 1
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\no downloading!!!!\Cookies\no_downloading!!!!@mediaplex[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\no downloading!!!!\Cookies\no_downloading!!!!@apmebf[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\no downloading!!!!\Cookies\no_downloading!!!!@statse.webtrendslive[1].txt
03194436 Adware/AntivirusXP2008 Adware No 0 Yes No C:\Program Files\rhc1glj0egbe\Uninstall.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
$
;===============================================================================
=================================================================================
===================
No C:\Program Files\rhc1glj0egbe\rhc1glj0egbe.exe
$
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
$
;===============================================================================
=================================================================================
===================
182048 HIGH MS07-069
$
182043 HIGH MS07-064
$
176382 HIGH MS07-057
$
170907 HIGH MS07-046
$
170906 HIGH MS07-045
$
170904 HIGH MS07-043
$
164913 HIGH MS07-033
$
160623 HIGH MS07-027
$
150253 HIGH MS07-016
$
129976 MEDIUM MS06-052
$
93394 HIGH MS05-050
$
;===============================================================================
=================================================================================
===================




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:08 AM, on 7/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Belkin\F5D8011v2\Belkinwcui.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMrhc1glj0egbe] C:\Program Files\rhc1glj0egbe\rhc1glj0egbe.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F5D8011v2\Belkinwcui.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1214694767619
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1214694762612
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.su...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6807 bytes




Acrobat.com
Acrobat.com
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 9
AntivirXP08
Belkin N1 Wireless Notebook Card Setup
Corel Paint Shop Pro Photo X2
FinePix Studio
FinePixViewer Resource
FinePixViewer Ver.5.4
FUJIFILM USB Driver
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Java™ 6 Update 6
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
MSXML 4.0 SP2 (KB936181)
Panda ActiveScan 2.0
Realtek AC'97 Audio
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Smart Menus (Windows Live Toolbar)
SUPERAntiSpyware Free Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger



Thank you for your help
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Jrt2006

Welcome to G2Go. :)
=====================

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
Jrt2006

Jrt2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Deckard's System Scanner v20071014.68
Run by no downloading!!!! on 2008-07-05 13:55:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-07-05 18:55:11 UTC - RP34 - Deckard's System Scanner Restore Point
5: 2008-07-05 07:32:24 UTC - RP33 - System Checkpoint
4: 2008-07-04 07:10:59 UTC - RP32 - Installed Ad-Aware
3: 2008-07-04 07:01:21 UTC - RP31 - Installed DirectX
2: 2008-07-04 05:46:48 UTC - RP30 - Last known good configuration


-- First Restore Point --
1: 2008-07-04 05:46:43 UTC - RP29 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as no downloading!!!!.exe) ----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:30 PM, on 7/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Belkin\F5D8011v2\Belkinwcui.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\no downloading!!!!\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\no downloading!!!!.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMrhc1glj0egbe] C:\Program Files\rhc1glj0egbe\rhc1glj0egbe.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F5D8011v2\Belkinwcui.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1214694767619
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1214694762612
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.su...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6706 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {72631E54-78A4-11D0-BCF7-00AA00B7B32A}
Description:
Device ID: ACPI\ACPI0003\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\ACPI0003\2&DABA3FF&0
Service:

Class GUID: {72631E54-78A4-11D0-BCF7-00AA00B7B32A}
Description:
Device ID: ACPI\PNP0C0A\1
Manufacturer:
Name:
PNP Device ID: ACPI\PNP0C0A\1
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_2592&SUBSYS_FF101179&REV_03\3&B1BFB68&0&10
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_2592&SUBSYS_FF101179&REV_03\3&B1BFB68&0&10
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller
Device ID: PCI\VEN_8086&DEV_2792&SUBSYS_FF101179&REV_03\3&B1BFB68&0&11
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_8086&DEV_2792&SUBSYS_FF101179&REV_03\3&B1BFB68&0&11
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4351&SUBSYS_FF101179&REV_10\4&16F6A662&0&00E0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4351&SUBSYS_FF101179&REV_10\4&16F6A662&0&00E0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Network Controller
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27418086&REV_05\4&1D3F0FBB&0&20F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27418086&REV_05\4&1D3F0FBB&0&20F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Mass Storage Controller
Device ID: PCI\VEN_104C&DEV_8033&SUBSYS_FF101179&REV_00\4&1D3F0FBB&0&33F0
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_104C&DEV_8033&SUBSYS_FF101179&REV_00\4&1D3F0FBB&0&33F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_00011179&REV_04\3&B1BFB68&0&F3
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_00011179&REV_04\3&B1BFB68&0&F3
Service:

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\COMPOSITE_BATTERY\0000
Manufacturer:
Name:
PNP Device ID: ROOT\COMPOSITE_BATTERY\0000
Service:

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description:
Device ID: ROOT\IMAGE\0000
Manufacturer:
Name:
PNP Device ID: ROOT\IMAGE\0000
Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Audio Codecs
Device ID: ROOT\MEDIA\MS_MMACM
Manufacturer: (Standard system devices)
Name: Audio Codecs
PNP Device ID: ROOT\MEDIA\MS_MMACM
Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Legacy Audio Drivers
Device ID: ROOT\MEDIA\MS_MMDRV
Manufacturer: (Standard system devices)
Name: Legacy Audio Drivers
PNP Device ID: ROOT\MEDIA\MS_MMDRV
Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Media Control Devices
Device ID: ROOT\MEDIA\MS_MMMCI
Manufacturer: (Standard system devices)
Name: Media Control Devices
PNP Device ID: ROOT\MEDIA\MS_MMMCI
Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Legacy Video Capture Devices
Device ID: ROOT\MEDIA\MS_MMVCD
Manufacturer: (Standard system devices)
Name: Legacy Video Capture Devices
PNP Device ID: ROOT\MEDIA\MS_MMVCD
Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Video Codecs
Device ID: ROOT\MEDIA\MS_MMVID
Manufacturer: (Standard system devices)
Name: Video Codecs
PNP Device ID: ROOT\MEDIA\MS_MMVID
Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: SW\{6C1B9F60-C0A9-11D0-96D8-00AA0051E51D}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer:
Name:
PNP Device ID: SW\{6C1B9F60-C0A9-11D0-96D8-00AA0051E51D}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-05 12:58:00 280 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-05 10:22:38 0 d-------- C:\Program Files\Trend Micro
2008-07-04 11:22:43 0 d-------- C:\Program Files\Panda Security
2008-07-04 02:11:01 0 d-------- C:\Program Files\Lavasoft
2008-07-04 02:11:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-04 02:00:01 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-07-04 01:59:55 0 d-------- C:\WINDOWS\Logs
2008-07-04 00:40:33 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\rhc1glj0egbe
2008-07-04 00:40:28 0 d-------- C:\Program Files\rhc1glj0egbe
2008-07-04 00:39:36 0 d-------- C:\WINDOWS\[bleep]'s Kitchen
2008-07-04 00:39:36 0 d-------- C:\Program Files\[bleep]'s Kitchen
2008-07-04 00:24:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-04 00:24:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-04 00:24:14 0 d-------- C:\Program Files\Trymedia
2008-07-02 16:47:05 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-02 16:46:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-02 16:46:01 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-02 16:44:29 0 d-------- C:\Program Files\NOS
2008-07-02 16:44:29 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-02 15:01:29 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\Google
2008-07-02 14:36:43 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\Sun
2008-07-02 14:35:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-07-02 14:35:48 0 d-------- C:\Program Files\Google
2008-07-02 14:35:01 0 d-------- C:\Program Files\Java
2008-07-02 14:34:20 0 d-------- C:\Program Files\Common Files\Java
2008-07-01 10:06:52 0 d-------- C:\Program Files\MSXML 4.0
2008-07-01 08:36:12 274432 --a------ C:\WINDOWS\system32\FFTIFF16.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM TIFF Image Library>
2008-07-01 08:36:12 208896 --a------ C:\WINDOWS\system32\FFRafShellEx.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FFRafShellEx>
2008-07-01 08:36:12 155648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM CCD-RAW LIBRARY>
2008-07-01 08:36:09 0 d-------- C:\Program Files\FinePixViewer
2008-07-01 08:35:55 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\InstallShield
2008-07-01 08:35:36 45056 -----n--- C:\WINDOWS\system32\FINFCOPY.dll <Not Verified; FUJIFILM; FUJIFILM FINFCOPY>
2008-07-01 08:35:36 65536 -----n--- C:\WINDOWS\system32\FINFCHECK.dll <Not Verified; FUJIFILM; FUJIFILM FINFCHECK>
2008-07-01 08:35:36 0 d-------- C:\Program Files\REGSHAVE
2008-07-01 08:35:35 69632 -----n--- C:\WINDOWS\system32\FREGSHEX.DLL <Not Verified; FUJIFILM; FUJIFILM Fregshave>
2008-07-01 08:35:35 45056 -----n--- C:\WINDOWS\system32\FCLKBTN.DLL <Not Verified; FUJIFILM; FUJIFILM FCLKBTN>
2008-07-01 07:47:10 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\FUJIFILM
2008-06-30 14:48:34 0 d-------- C:\Program Files\MFInstall
2008-06-30 14:26:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-06-30 14:26:18 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-30 14:26:01 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\Corel
2008-06-30 14:22:31 0 d-------- C:\Program Files\Corel
2008-06-30 14:22:31 0 d-------- C:\Program Files\Common Files\Corel
2008-06-29 23:51:19 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\acccore
2008-06-29 23:50:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-29 23:50:41 0 d-------- C:\Program Files\Viewpoint
2008-06-29 23:50:40 0 d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-06-29 23:50:35 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-06-29 23:50:34 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-06-29 23:50:20 0 d-------- C:\Program Files\Common Files\AOL
2008-06-29 15:00:37 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-06-29 14:59:29 0 d-------- C:\Program Files\Realtek AC97
2008-06-29 14:59:26 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-06-29 10:27:38 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\Yahoo!
2008-06-29 10:13:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-29 10:13:16 0 d-------- C:\Program Files\Yahoo!
2008-06-29 10:05:44 0 d-------- C:\Documents and Settings\no downloading!!!!\Contacts
2008-06-29 10:04:58 0 d-------- C:\Program Files\Windows Live Toolbar
2008-06-29 10:04:56 0 d-------- C:\Program Files\Windows Live Favorites
2008-06-29 10:04:33 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-29 10:02:27 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-29 10:02:23 0 d-------- C:\Program Files\Windows Live
2008-06-29 10:02:14 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-29 10:00:07 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\Macromedia
2008-06-29 10:00:07 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\Adobe
2008-06-28 18:15:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-28 18:15:19 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-28 18:15:18 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-28 18:12:23 0 d--hs---- C:\Documents and Settings\no downloading!!!!\UserData
2008-06-28 18:10:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-28 18:10:42 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-28 18:10:42 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\SUPERAntiSpyware.com
2008-06-28 18:10:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 18:09:17 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\Malwarebytes
2008-06-28 18:09:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-28 18:09:15 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 18:08:59 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-28 17:57:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-28 17:57:55 0 d-------- C:\Program Files\Belkin
2008-06-28 17:00:56 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-28 16:59:29 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-28 16:58:18 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\Identities
2008-06-28 16:51:17 0 d--h----- C:\Documents and Settings\no downloading!!!!\Templates
2008-06-28 16:51:17 0 dr------- C:\Documents and Settings\no downloading!!!!\Start Menu
2008-06-28 16:51:17 0 dr-h----- C:\Documents and Settings\no downloading!!!!\SendTo
2008-06-28 16:51:17 0 dr-h----- C:\Documents and Settings\no downloading!!!!\Recent
2008-06-28 16:51:17 0 d--h----- C:\Documents and Settings\no downloading!!!!\PrintHood
2008-06-28 16:51:17 1835008 --ah----- C:\Documents and Settings\no downloading!!!!\NTUSER.DAT
2008-06-28 16:51:17 0 d--h----- C:\Documents and Settings\no downloading!!!!\NetHood
2008-06-28 16:51:17 0 dr------- C:\Documents and Settings\no downloading!!!!\My Documents
2008-06-28 16:51:17 0 d--h----- C:\Documents and Settings\no downloading!!!!\Local Settings
2008-06-28 16:51:17 0 dr------- C:\Documents and Settings\no downloading!!!!\Favorites
2008-06-28 16:51:17 0 d-------- C:\Documents and Settings\no downloading!!!!\Desktop
2008-06-28 16:51:17 0 d--hs---- C:\Documents and Settings\no downloading!!!!\Cookies
2008-06-28 16:51:17 0 dr-h----- C:\Documents and Settings\no downloading!!!!\Application Data
2008-06-28 16:50:19 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-28 16:50:18 0 d-------- C:\WINDOWS\Prefetch
2008-06-28 16:50:17 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-06-28 16:50:16 225280 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-28 16:50:16 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-06-28 16:50:16 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-06-28 16:50:16 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-06-28 16:50:16 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-28 16:50:03 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-28 16:50:03 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-06-28 16:50:03 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-06-28 16:50:03 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-06-28 16:50:03 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-28 16:42:33 0 d-------- C:\WINDOWS\system32\xircom
2008-06-28 16:42:33 0 d-------- C:\Program Files\microsoft frontpage
2008-06-28 16:42:21 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-06-28 16:39:31 0 -rahs---- C:\MSDOS.SYS
2008-06-28 16:39:31 0 -rahs---- C:\IO.SYS
2008-06-28 16:39:31 0 --a------ C:\CONFIG.SYS
2008-06-28 16:39:31 0 --a------ C:\AUTOEXEC.BAT
2008-06-28 16:38:25 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-28 16:38:15 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-28 16:38:15 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-06-28 16:38:02 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-28 16:37:42 0 d-------- C:\WINDOWS\system32\DirectX
2008-06-28 16:37:04 0 d---s---- C:\WINDOWS\Tasks
2008-06-28 16:37:03 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-28 16:36:59 0 d-------- C:\WINDOWS\srchasst
2008-06-28 16:36:58 0 d-------- C:\WINDOWS\system32\Macromed
2008-06-28 16:36:48 0 d-------- C:\Program Files\Movie Maker
2008-06-28 16:36:39 0 d-------- C:\WINDOWS\system32\Restore
2008-06-28 16:35:56 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-28 16:35:35 0 d-------- C:\WINDOWS\Registration
2008-06-28 16:35:26 0 d-------- C:\Program Files\Online Services
2008-06-28 16:35:20 0 d-------- C:\Program Files\Messenger
2008-06-28 16:35:16 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-28 16:34:32 0 d-------- C:\Program Files\Windows NT
2008-06-28 16:34:29 0 d-------- C:\WINDOWS\system32\MsDtc
2008-06-28 16:34:27 0 d-------- C:\WINDOWS\system32\Com
2008-06-28 11:12:27 0 d--hs---- C:\WINDOWS\Installer
2008-06-28 11:12:27 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-28 11:12:23 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-28 11:12:22 0 dr------- C:\Program Files
2008-06-28 11:12:22 0 d-------- C:\Program Files\Common Files
2008-06-28 11:11:51 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-06-28 11:11:51 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-28 11:11:51 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-28 11:11:51 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-06-28 11:11:51 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-06-28 11:11:51 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-06-28 11:11:51 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-06-28 11:11:51 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-06-28 11:11:51 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-06-28 11:11:51 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-06-28 11:11:51 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-06-28 11:11:51 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-06-28 11:11:51 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-28 11:11:51 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-06-28 11:11:51 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-28 11:11:51 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-06-28 11:08:53 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-28 11:08:53 0 d-------- C:\WINDOWS\system32\CatRoot
2008-06-28 11:08:47 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-28 11:08:47 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-28 11:08:47 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-28 11:08:47 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-28 11:02:50 0 d--hs---- C:\System Volume Information
2008-06-28 11:02:50 0 d-------- C:\Documents and Settings
2008-06-28 10:50:49 0 d-------- C:\WINDOWS
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\WinSxS
2008-06-28 10:50:49 0 dr------- C:\WINDOWS\Web
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\twain_32
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\wins
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\wbem
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\usmt
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\spool
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\ShellExt
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\Setup
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\ras
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\oobe
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\npp
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\mui
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\inetsrv
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\IME
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\icsxml
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\ias
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\export
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\drivers
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-06-28 10:50:49 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\dhcp
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\config
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\3076
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\2052
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\1054
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\1042
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\1041
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\1037
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\1033
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\1031
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\1028
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\1025
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\security
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\Resources
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\repair
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\Provisioning
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\PeerNet
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\pchealth
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\mui
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\msapps
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\msagent
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\Media
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\java
2008-06-28 10:50:49 0 d--h----- C:\WINDOWS\inf
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\ime
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\Help
2008-06-28 10:50:49 0 dr--s---- C:\WINDOWS\Fonts
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\ehome
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\Driver Cache
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\Debug
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\Cursors
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\Connection Wizard
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\Config
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\AppPatch
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-06-28 11:11:51 62 --ahs---- C:\Documents and Settings\no downloading!!!!\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 10:33 PM 75128 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" []
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 10:32 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM]
"SMrhc1glj0egbe"="C:\Program Files\rhc1glj0egbe\rhc1glj0egbe.exe" [07/03/2008 08:45 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/30/2008 02:17 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [07/02/2008 03:01 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - C:\Program Files\Belkin\F5D8011v2\Belkinwcui.exe [6/28/2008 5:57:58 PM]
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [7/1/2008 8:36:15 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06/30/2008 02:17 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 06/30/2008 02:18 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"




-- End of Deckard's System Scanner: finished at 2008-07-05 13:56:17 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.73GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1015.42 MiB / 607.2 MiB
Pagefile Memory (total/avail): 2446 MiB / 2088.69 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.42 MiB

C: is Fixed (NTFS) - 74.52 GiB total, 68.78 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2080BH - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\no downloading!!!!\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TOSHITBA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\no downloading!!!!
LOGONSERVER=\\TOSHITBA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\NODOWN~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\NODOWN~1\LOCALS~1\Temp
USERDOMAIN=TOSHITBA
USERNAME=no downloading!!!!
USERPROFILE=C:\Documents and Settings\no downloading!!!!
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

no downloading!!!! (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com --> MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AntivirXP08 --> "C:\Program Files\rhc1glj0egbe\uninstall.exe"
Belkin N1 Wireless Notebook Card Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A3F5181-D451-461B-B749-A5C2F91E1261}\setup.exe" -l0x9 -removeonly
Corel Paint Shop Pro Photo X2 --> MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
FinePix Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}\SETUP.EXE" -l0x9
FinePixViewer Resource --> C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FinePixViewer Ver.5.4 --> C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
RadarLab HD --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://www.weatherta...6e646f6c706838"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type466 / Success
Event Submitted/Written: 07/05/2008 08:08:46 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type464 / Error
Event Submitted/Written: 07/05/2008 08:08:23 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rhc1glj0egbe.exe, version 0.0.0.0, faulting module rhc1glj0egbe.exe, version 0.0.0.0, fault address 0x00044019.
Processing media-specific event for [rhc1glj0egbe.exe!ws!]

Event Record #/Type440 / Success
Event Submitted/Written: 07/04/2008 11:45:11 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type436 / Error
Event Submitted/Written: 07/04/2008 11:28:06 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rhc1glj0egbe.exe, version 0.0.0.0, faulting module rhc1glj0egbe.exe, version 0.0.0.0, fault address 0x00044019.
Processing media-specific event for [rhc1glj0egbe.exe!ws!]

Event Record #/Type434 / Error
Event Submitted/Written: 07/04/2008 10:50:39 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 828872422.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1763 / Warning
Event Submitted/Written: 06/28/2008 08:21:05 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00173F39D8D0. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1760 / Warning
Event Submitted/Written: 06/28/2008 08:21:00 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00173F39D8D0. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1759 / Warning
Event Submitted/Written: 06/28/2008 08:21:00 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00173F39D8D0. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1756 / Warning
Event Submitted/Written: 06/28/2008 08:20:51 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00173F39D8D0. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1755 / Warning
Event Submitted/Written: 06/28/2008 08:20:51 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00173F39D8D0. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-07-05 13:56:17 ------------
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Viewpoint Manager Service <delete service>
    C:\Program Files\Viewpoint
    C:\Program Files\rhc1glj0egbe
    C:\Documents and Settings\no downloading!!!!\Application Data\rhc1glj0egbe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SMrhc1glj0egbe
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispBackgroundPage
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispScrSavPage
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=============================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=================
Post the Mbam log and the OTmove it log and a new dss log.
  • 0

#5
Jrt2006

Jrt2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Viewpoint Manager Service service deleted successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell\AOL9 moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\Components moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player moved successfully.
C:\Program Files\Viewpoint\Common moved successfully.
C:\Program Files\Viewpoint moved successfully.
C:\Program Files\rhc1glj0egbe moved successfully.
C:\Documents and Settings\no downloading!!!!\Application Data\rhc1glj0egbe\Quarantine\Packages moved successfully.
C:\Documents and Settings\no downloading!!!!\Application Data\rhc1glj0egbe\Quarantine\BrowserObjects moved successfully.
C:\Documents and Settings\no downloading!!!!\Application Data\rhc1glj0egbe\Quarantine\Autorun\StartMenuCurrentUser moved successfully.
C:\Documents and Settings\no downloading!!!!\Application Data\rhc1glj0egbe\Quarantine\Autorun\StartMenuAllUsers moved successfully.
C:\Documents and Settings\no downloading!!!!\Application Data\rhc1glj0egbe\Quarantine\Autorun\HKLM\RunOnce moved successfully.
C:\Documents and Settings\no downloading!!!!\Application Data\rhc1glj0egbe\Quarantine\Autorun\HKLM moved successfully.
C:\Documents and Settings\no downloading!!!!\Application Data\rhc1glj0egbe\Quarantine\Autorun\HKCU\RunOnce moved successfully.
C:\Documents and Settings\no downloading!!!!\Application Data\rhc1glj0egbe\Quarantine\Autorun\HKCU moved successfully.
C:\Documents and Settings\no downloading!!!!\Application Data\rhc1glj0egbe\Quarantine\Autorun moved successfully.
C:\Documents and Settings\no downloading!!!!\Application Data\rhc1glj0egbe\Quarantine moved successfully.
C:\Documents and Settings\no downloading!!!!\Application Data\rhc1glj0egbe moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SMrhc1glj0egbe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SMrhc1glj0egbe deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispBackgroundPage >
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispBackgroundPage deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispScrSavPage >
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispScrSavPage deleted successfully.
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys >
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys\\ deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07052008_142057




Malwarebytes' Anti-Malware 1.19
Database version: 924
Windows 5.1.2600 Service Pack 2

2:27:22 PM 7/5/2008
mbam-log-7-5-2008 (14-27-22).txt

Scan type: Quick Scan
Objects scanned: 38906
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{50f80667-8f83-4786-a910-3b35353444c2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{08b87db6-5fff-468d-b0f3-c2a91bf159ca} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{49fe8347-f93b-4783-80ca-2ebcb6bcf391} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f5f3e4d6-517a-43bd-b802-5edc64b6266b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nqgpedlr.bwvg (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
OK good can you please run dss again and post the log it produces.
  • 0

#7
Jrt2006

Jrt2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Deckard's System Scanner v20071014.68
Run by no downloading!!!! on 2008-07-05 14:39:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as no downloading!!!!.exe) ----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:10 PM, on 7/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Belkin\F5D8011v2\Belkinwcui.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\no downloading!!!!\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\NODOWN~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F5D8011v2\Belkinwcui.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1214694767619
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1214694762612
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.su...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 6667 bytes

-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-05 10:22:38 0 d-------- C:\Program Files\Trend Micro
2008-07-04 11:22:43 0 d-------- C:\Program Files\Panda Security
2008-07-04 02:11:01 0 d-------- C:\Program Files\Lavasoft
2008-07-04 02:11:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-04 02:00:01 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-07-04 01:59:55 0 d-------- C:\WINDOWS\Logs
2008-07-04 00:39:36 0 d-------- C:\WINDOWS\[bleep]'s Kitchen
2008-07-04 00:39:36 0 d-------- C:\Program Files\[bleep]'s Kitchen
2008-07-04 00:24:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-04 00:24:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-04 00:24:14 0 d-------- C:\Program Files\Trymedia
2008-07-02 16:47:05 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-02 16:46:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-02 16:46:01 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-02 16:44:29 0 d-------- C:\Program Files\NOS
2008-07-02 16:44:29 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-02 15:01:29 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\Google
2008-07-02 14:36:43 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\Sun
2008-07-02 14:35:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-07-02 14:35:48 0 d-------- C:\Program Files\Google
2008-07-02 14:35:01 0 d-------- C:\Program Files\Java
2008-07-02 14:34:20 0 d-------- C:\Program Files\Common Files\Java
2008-07-01 10:06:52 0 d-------- C:\Program Files\MSXML 4.0
2008-07-01 08:36:12 274432 --a------ C:\WINDOWS\system32\FFTIFF16.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM TIFF Image Library>
2008-07-01 08:36:12 208896 --a------ C:\WINDOWS\system32\FFRafShellEx.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FFRafShellEx>
2008-07-01 08:36:12 155648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM CCD-RAW LIBRARY>
2008-07-01 08:36:09 0 d-------- C:\Program Files\FinePixViewer
2008-07-01 08:35:55 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\InstallShield
2008-07-01 08:35:36 45056 -----n--- C:\WINDOWS\system32\FINFCOPY.dll <Not Verified; FUJIFILM; FUJIFILM FINFCOPY>
2008-07-01 08:35:36 65536 -----n--- C:\WINDOWS\system32\FINFCHECK.dll <Not Verified; FUJIFILM; FUJIFILM FINFCHECK>
2008-07-01 08:35:36 0 d-------- C:\Program Files\REGSHAVE
2008-07-01 08:35:35 69632 -----n--- C:\WINDOWS\system32\FREGSHEX.DLL <Not Verified; FUJIFILM; FUJIFILM Fregshave>
2008-07-01 08:35:35 45056 -----n--- C:\WINDOWS\system32\FCLKBTN.DLL <Not Verified; FUJIFILM; FUJIFILM FCLKBTN>
2008-07-01 07:47:10 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\FUJIFILM
2008-06-30 14:48:34 0 d-------- C:\Program Files\MFInstall
2008-06-30 14:26:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-06-30 14:26:18 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-30 14:26:01 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\Corel
2008-06-30 14:22:31 0 d-------- C:\Program Files\Corel
2008-06-30 14:22:31 0 d-------- C:\Program Files\Common Files\Corel
2008-06-29 23:51:19 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\acccore
2008-06-29 23:50:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-29 23:50:40 0 d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-06-29 23:50:35 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-06-29 23:50:34 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-06-29 23:50:20 0 d-------- C:\Program Files\Common Files\AOL
2008-06-29 15:00:37 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-06-29 14:59:29 0 d-------- C:\Program Files\Realtek AC97
2008-06-29 14:59:26 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-06-29 10:27:38 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\Yahoo!
2008-06-29 10:13:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-29 10:13:16 0 d-------- C:\Program Files\Yahoo!
2008-06-29 10:05:44 0 d-------- C:\Documents and Settings\no downloading!!!!\Contacts
2008-06-29 10:04:58 0 d-------- C:\Program Files\Windows Live Toolbar
2008-06-29 10:04:56 0 d-------- C:\Program Files\Windows Live Favorites
2008-06-29 10:04:33 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-29 10:02:27 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-29 10:02:23 0 d-------- C:\Program Files\Windows Live
2008-06-29 10:02:14 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-29 10:00:07 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\Macromedia
2008-06-29 10:00:07 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\Adobe
2008-06-28 18:15:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-28 18:15:19 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-28 18:15:18 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-28 18:12:23 0 d--hs---- C:\Documents and Settings\no downloading!!!!\UserData
2008-06-28 18:10:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-28 18:10:42 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-28 18:10:42 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\SUPERAntiSpyware.com
2008-06-28 18:10:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 18:09:17 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\Malwarebytes
2008-06-28 18:09:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-28 18:09:15 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 18:08:59 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-28 17:57:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-28 17:57:55 0 d-------- C:\Program Files\Belkin
2008-06-28 17:00:56 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-28 16:59:29 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-28 16:58:18 0 d-------- C:\Documents and Settings\no downloading!!!!\Application Data\Identities
2008-06-28 16:51:17 0 d--h----- C:\Documents and Settings\no downloading!!!!\Templates
2008-06-28 16:51:17 0 dr------- C:\Documents and Settings\no downloading!!!!\Start Menu
2008-06-28 16:51:17 0 dr-h----- C:\Documents and Settings\no downloading!!!!\SendTo
2008-06-28 16:51:17 0 dr-h----- C:\Documents and Settings\no downloading!!!!\Recent
2008-06-28 16:51:17 0 d--h----- C:\Documents and Settings\no downloading!!!!\PrintHood
2008-06-28 16:51:17 1835008 --ah----- C:\Documents and Settings\no downloading!!!!\NTUSER.DAT
2008-06-28 16:51:17 0 d--h----- C:\Documents and Settings\no downloading!!!!\NetHood
2008-06-28 16:51:17 0 dr------- C:\Documents and Settings\no downloading!!!!\My Documents
2008-06-28 16:51:17 0 d--h----- C:\Documents and Settings\no downloading!!!!\Local Settings
2008-06-28 16:51:17 0 dr------- C:\Documents and Settings\no downloading!!!!\Favorites
2008-06-28 16:51:17 0 d-------- C:\Documents and Settings\no downloading!!!!\Desktop
2008-06-28 16:51:17 0 d--hs---- C:\Documents and Settings\no downloading!!!!\Cookies
2008-06-28 16:51:17 0 dr-h----- C:\Documents and Settings\no downloading!!!!\Application Data
2008-06-28 16:50:19 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-28 16:50:18 0 d-------- C:\WINDOWS\Prefetch
2008-06-28 16:50:17 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-06-28 16:50:16 225280 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-28 16:50:16 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-06-28 16:50:16 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-06-28 16:50:16 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-06-28 16:50:16 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-28 16:50:03 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-28 16:50:03 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-06-28 16:50:03 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-06-28 16:50:03 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-06-28 16:50:03 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-28 16:42:33 0 d-------- C:\WINDOWS\system32\xircom
2008-06-28 16:42:33 0 d-------- C:\Program Files\microsoft frontpage
2008-06-28 16:42:21 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-06-28 16:39:31 0 -rahs---- C:\MSDOS.SYS
2008-06-28 16:39:31 0 -rahs---- C:\IO.SYS
2008-06-28 16:39:31 0 --a------ C:\CONFIG.SYS
2008-06-28 16:39:31 0 --a------ C:\AUTOEXEC.BAT
2008-06-28 16:38:25 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-28 16:38:15 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-28 16:38:15 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-06-28 16:38:02 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-28 16:37:42 0 d-------- C:\WINDOWS\system32\DirectX
2008-06-28 16:37:04 0 d---s---- C:\WINDOWS\Tasks
2008-06-28 16:37:03 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-28 16:36:59 0 d-------- C:\WINDOWS\srchasst
2008-06-28 16:36:58 0 d-------- C:\WINDOWS\system32\Macromed
2008-06-28 16:36:48 0 d-------- C:\Program Files\Movie Maker
2008-06-28 16:36:39 0 d-------- C:\WINDOWS\system32\Restore
2008-06-28 16:35:56 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-28 16:35:35 0 d-------- C:\WINDOWS\Registration
2008-06-28 16:35:26 0 d-------- C:\Program Files\Online Services
2008-06-28 16:35:20 0 d-------- C:\Program Files\Messenger
2008-06-28 16:35:16 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-28 16:34:32 0 d-------- C:\Program Files\Windows NT
2008-06-28 16:34:29 0 d-------- C:\WINDOWS\system32\MsDtc
2008-06-28 16:34:27 0 d-------- C:\WINDOWS\system32\Com
2008-06-28 11:12:27 0 d--hs---- C:\WINDOWS\Installer
2008-06-28 11:12:27 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-28 11:12:23 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-28 11:12:22 0 dr------- C:\Program Files
2008-06-28 11:12:22 0 d-------- C:\Program Files\Common Files
2008-06-28 11:11:51 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-06-28 11:11:51 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-28 11:11:51 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-28 11:11:51 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-06-28 11:11:51 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-06-28 11:11:51 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-06-28 11:11:51 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-06-28 11:11:51 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-06-28 11:11:51 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-06-28 11:11:51 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-06-28 11:11:51 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-06-28 11:11:51 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-06-28 11:11:51 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-28 11:11:51 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-06-28 11:11:51 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-28 11:11:51 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-06-28 11:08:53 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-28 11:08:53 0 d-------- C:\WINDOWS\system32\CatRoot
2008-06-28 11:08:47 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-28 11:08:47 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-28 11:08:47 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-28 11:08:47 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-28 11:02:50 0 d--hs---- C:\System Volume Information
2008-06-28 11:02:50 0 d-------- C:\Documents and Settings
2008-06-28 10:50:49 0 d-------- C:\WINDOWS
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\WinSxS
2008-06-28 10:50:49 0 dr------- C:\WINDOWS\Web
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\twain_32
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\wins
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\wbem
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\usmt
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\spool
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\ShellExt
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\Setup
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\ras
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\oobe
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\npp
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\mui
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\inetsrv
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\IME
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\icsxml
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\ias
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\export
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\drivers
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-06-28 10:50:49 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\dhcp
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\config
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\3076
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\2052
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\1054
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\1042
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\1041
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\1037
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\1033
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\1031
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\1028
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system32\1025
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\system
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\security
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\Resources
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\repair
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\Provisioning
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\PeerNet
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\pchealth
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\mui
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\msapps
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\msagent
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\Media
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\java
2008-06-28 10:50:49 0 d--h----- C:\WINDOWS\inf
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\ime
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\Help
2008-06-28 10:50:49 0 dr--s---- C:\WINDOWS\Fonts
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\ehome
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\Driver Cache
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\Debug
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\Cursors
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\Connection Wizard
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\Config
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\AppPatch
2008-06-28 10:50:49 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-06-28 11:11:51 62 --ahs---- C:\Documents and Settings\no downloading!!!!\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 10:33 PM 75128 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" []
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 10:32 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/30/2008 02:17 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [07/02/2008 03:01 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - C:\Program Files\Belkin\F5D8011v2\Belkinwcui.exe [6/28/2008 5:57:58 PM]
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [7/1/2008 8:36:15 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06/30/2008 02:17 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 06/30/2008 02:18 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-07-05 14:39:56 ------------
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
How are things running?
  • 0

#9
Jrt2006

Jrt2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
let me reboot
  • 0

#10
Jrt2006

Jrt2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
It work wonderful. You were a great help. Thank you

Is there anything you would reccomend to keeping this computer safe other than the programs listed before poting a hijack this log?
  • 0

#11
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I will need you to do is to Download ONE of these anti-virus programs and install it.
These are free.
Avast
or
AVG free 8.0
Note this is free antispyware protection and Antivirus protection.
or
Antivir

as long as you only install one.
=======================
Please go to Start > Run> then copy\paste this in "%userprofile%\desktop\dss.exe" /daft then hit scan.
Place a check next to everything and click on fix.
Then scan again and it should say all associations ok.
=================================
Cleanup::
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
===============
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us
=====================================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
  • 0

#12
Jrt2006

Jrt2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I really appreciate your help. I'm running lke new now...great job
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP