Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AVG reports this virus but even Google has never heard of it ! [RE

Started by carbuncle , Jul 28 2008 07:30 AM

  • This topic is locked This topic is locked

#1
carbuncle
Posted 28 July 2008 - 07:30 AM

carbuncle

    Member

  • Member
  • PipPipPip
  • 113 posts
Hi everyone.

Recently i have had a small problem with AVG reporting (sometimes up front but most times simply in the background) a Virus by the name of Trojan Horse Generic 10.AZZR

I found a load of entries in the AVG log file which is why i knew it had found the virus and not reported it on a number of occasions.

I have just burnt a disc with Nero and after burning it came up with the 'Virus Found' message and it was this one.

It says the Generic 10.AZZR is in C:\System Volume Information\_Restore {millionsof numbers}.DLL

I have tried Googling for this and it doesnt even recognise AZZR let alone the first bit.

The computer seems fine and every virus check turns up neg.

I allowed the 'Show all folders' and SVI folder is shown as empty?

I did have a problem with the Virtumonde Virus a while ago but thought i had got rid of all traces.

Any help would be greatly appreciated.

Thanks

Rob
  • 0

Advertisements

#2
carbuncle
Posted 01 August 2008 - 10:48 AM

carbuncle

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
ttt

Anybody??

Just did a quick AVG history log and it was still showing as found numerous times today.
  • 0

#3
Essexboy
Posted 01 August 2008 - 11:01 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see what you have on your system first :)

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#4
carbuncle
Posted 01 August 2008 - 11:35 AM

carbuncle

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Thanks Essexboy


Deckard's System Scanner v20071014.68
Run by Robert Edwards on 2008-08-01 18:31:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
24: 2008-08-01 17:31:38 UTC - RP557 - Deckard's System Scanner Restore Point
23: 2008-08-01 07:31:38 UTC - RP556 - System Checkpoint
22: 2008-07-31 00:59:59 UTC - RP555 - System Checkpoint
21: 2008-07-29 22:43:56 UTC - RP554 - System Checkpoint
20: 2008-07-28 21:48:45 UTC - RP553 - Revo Uninstaller's restore point - Security Task Manager 1.7f


-- First Restore Point --
1: 2008-07-08 00:46:09 UTC - RP534 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Robert Edwards.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33:27, on 01/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Cacheman\Cacheman.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\speakerguard\SpeakerGuard.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Screensaver Control\ScreensaverControl.exe
C:\Program Files\Uniblue\ProcessLibrary\qaccess.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Robert Edwards\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Robert Edwards.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealOne Player\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe /hidden
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\Cacheman\Cacheman.exe
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino....-en/FlashAX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 11071 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070927-172429-789 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20080514-161511-111 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20080514-161511-321 O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
backup-20080514-161511-332 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pics.bleu.ro/
backup-20080514-161511-415 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pics.bleu.ro/
backup-20080514-161511-507 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
backup-20080514-161511-940 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
backup-20080516-001705-509 O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
backup-20080516-001705-993 O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
backup-20080708-012643-842 O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
backup-20080708-012706-291 O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
backup-20080708-140929-306 O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
backup-20080708-140929-428 O20 - Winlogon Notify: efcYPjJy - efcYPjJy.dll (file missing)
backup-20080708-140929-614 O4 - HKLM\..\Run: [BM4f1e5dd8] Rundll32.exe "C:\WINDOWS\system32\nqypfmuh.dll",s
backup-20080708-140929-673 O2 - BHO: (no name) - {7E6B5923-3D2D-46DF-8B07-84F48BFB55EC} - C:\WINDOWS\system32\efcYPjJy.dll (file missing)
backup-20080708-140929-760 O4 - HKLM\..\Run: [4c2d6e44] rundll32.exe "C:\WINDOWS\system32\oissqjcd.dll",b
backup-20080708-140929-980 O2 - BHO: (no name) - {B6A12BD4-2AAE-4984-B784-8CE06A6237C8} - C:\WINDOWS\system32\fccyvSKe.dll (file missing)
backup-20080708-141114-730 O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 Dvd43 - c:\windows\system32\drivers\dvd43.sys <Not Verified; Fengtao Software Inc.; DVD43>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S2 EZWINIT - c:\windows\system32\drivers\ezwinit.sys <Not Verified; USTC; anchor chips ezloader>
S2 EZWRITER - c:\windows\system32\drivers\ezwriter.sys
S3 FreshIO - c:\program files\freshdevices\freshdiagnose\freshio.sys (file missing)
S3 jgameenp - c:\docume~1\robert~1\locals~1\temp\jgameenp.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper - "c:\program files\executive software\diskeeper\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper ™ Disk Defragmenter>
R2 FolderSize (Folder Size) - "c:\program files\foldersize\foldersizesvc.exe" <Not Verified; Brio; Folder Size for Windows>
R2 RioMSC (Rio MSC Manager) - c:\windows\system32\riomsc.exe <Not Verified; Digital Networks North America, Inc.; Rio Mass Storage Class Device Manager>

S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S4 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "c:\program files\tuneup utilities 2006\winstylerthemesvc.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 5200
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 5200
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Files created between 2008-07-01 and 2008-08-01 -----------------------------

2008-08-01 00:33:16 0 dr-h----- C:\Documents and Settings\Robert Edwards\Recent
2008-07-31 01:35:49 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\HouseCall 6.6
2008-07-29 11:41:05 0 d-------- C:\Documents and Settings\Robert Edwards\.housecall6.6
2008-07-27 12:38:21 0 d-------- C:\Program Files\AnVir Task Manager
2008-07-27 11:00:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-07-26 19:34:51 0 d-------- C:\Program Files\Common Files\McAfee
2008-07-26 19:34:08 0 d-------- C:\Program Files\McAfee
2008-07-26 02:32:14 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-07-26 02:32:14 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-07-26 02:32:14 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-07-26 02:32:14 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-07-26 02:32:13 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-07-26 02:32:10 0 d-------- C:\Program Files\VSO
2008-07-10 13:03:50 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\USBSafelyRemove
2008-07-10 13:03:37 0 d-------- C:\Program Files\USB Safely Remove
2008-07-10 12:50:59 0 d-------- C:\Program Files\Sony
2008-07-10 12:50:30 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-07-09 04:04:52 0 d-------- C:\Program Files\TweakNow WinSecret
2008-07-09 04:04:52 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\TweakNow WinSecret
2008-07-09 04:03:13 0 d-------- C:\Program Files\TweakNow RegCleaner Std
2008-07-07 20:38:46 0 d-------- C:\WINDOWS\Icons
2008-07-07 20:36:19 3407872 --a------ C:\Documents and Settings\Administrator\ntuser.dat
2008-07-07 20:36:15 18612224 --a------ C:\Documents and Settings\Robert Edwards\ntuser.dat
2008-07-07 20:35:37 405 --ahs---- C:\WINDOWS\system32\eKSvyccf.ini2
2008-07-07 19:50:24 0 d-------- C:\Program Files\TellyPrompter
2008-07-07 19:36:25 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-07-07 19:35:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-07 19:35:37 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-07 08:40:49 56108 --a------ C:\WINDOWS\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
2008-07-05 23:14:23 0 d-------- C:\Program Files\Blaze Media Pro
2008-07-05 23:14:08 0 d-------- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2008-07-04 21:39:23 0 d-------- C:\Program Files\AVI DivX to DVD SVCD VCD Converter
2008-07-03 20:35:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-03 20:35:09 0 d-------- C:\Program Files\AOL Games
2008-07-02 23:56:35 0 d-------- C:\Program Files\ShrinkTo5Basic


-- Find3M Report ---------------------------------------------------------------

2008-08-01 18:24:35 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-00201102}.dat
2008-08-01 18:24:35 24 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-00000009-00001102-00000002-00201102}.dat
2008-08-01 18:01:49 0 d-------- C:\Program Files\SpeedFan
2008-08-01 09:40:37 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\BitTorrent
2008-07-31 00:24:30 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\Microgaming
2008-07-29 17:27:10 0 d-------- C:\Program Files\Avant Browser
2008-07-28 22:39:39 0 d-------- C:\Program Files\Yahoo!
2008-07-28 14:16:36 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\AVG7
2008-07-28 11:52:48 0 d-------- C:\Program Files\PowerISO
2008-07-28 01:11:41 0 d-------- C:\Program Files\ladbrokesMPP
2008-07-26 19:34:51 0 d-------- C:\Program Files\Common Files
2008-07-26 03:31:56 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\Vso
2008-07-26 03:31:55 668 --a------ C:\Documents and Settings\Robert Edwards\Application Data\vso_ts_preview.xml
2008-07-26 03:13:05 0 d-------- C:\Program Files\SpywareBlaster
2008-07-26 03:11:54 0 d-------- C:\Program Files\a-squared Free
2008-07-09 15:13:48 2320000 --a------ C:\WINDOWS\system32\TUKernel.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-09 15:05:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-09 14:40:10 0 d-------- C:\Program Files\Paint.NET
2008-07-09 03:52:54 0 d-------- C:\Program Files\Full Tilt Poker
2008-07-07 17:05:03 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\VideoReDo-TVSuite
2008-07-04 17:50:16 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\Audacity
2008-07-01 22:32:28 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\Ashampoo
2008-06-30 19:36:10 0 d-------- C:\Program Files\GNU
2008-06-24 11:40:13 0 d-------- C:\Program Files\Recover Keys
2008-06-22 18:59:20 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\Hyperionics
2008-06-22 18:54:31 0 d-------- C:\Program Files\CD Recovery Toolbox Free
2008-06-22 18:16:20 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\DNA
2008-06-22 18:12:09 0 d-------- C:\Program Files\Betfair
2008-06-16 19:08:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-14 15:28:49 3532 --a------ C:\drmHeader.bin
2008-06-13 20:56:06 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\Nokia Multimedia Player
2008-06-12 18:40:52 0 d-------- C:\Program Files\QuickTime Alternative
2008-06-11 17:05:31 0 d-------- C:\Program Files\JetAudio
2008-06-08 23:49:59 0 d-------- C:\Program Files\Java
2008-06-03 23:14:51 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-03 19:54:29 0 d-------- C:\Program Files\BitTorrent
2008-06-03 19:54:23 0 d-------- C:\Program Files\DNA
2008-05-28 00:16:44 61440 --a------ C:\WINDOWS\system32\NormalizeDSP.dll
2008-05-23 14:12:58 323584 --a------ C:\WINDOWS\system32\AudioGenie2.dll <Not Verified; Stefan Toengi; audiogenie Module>
2008-05-18 15:27:49 304 --a------ C:\WINDOWS\[email protected]
2008-05-16 11:49:12 20472 --a------ C:\Documents and Settings\Robert Edwards\Application Data\NMM-MetaData.db


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
23/07/2008 12:21 120608 --a------ c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupDelayer"="C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [16/03/2007 02:16]
"DVD43"="C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe" [03/08/2006 18:38]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [31/08/2007 12:01]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [14/04/2008 18:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cacheman"="C:\PROGRA~1\Cacheman\Cacheman.exe" [31/07/2003 15:13]
"USB Safely Remove"="C:\Program Files\USB Safely Remove\USBSafelyRemove.exe" [14/07/2008 19:07]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"NoAdminPage"=1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDIDL~1\DVDShell.dll [09/10/2004 15:18 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\fccyvSKe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PolicyAgent"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Cacheman"=C:\PROGRA~1\Cacheman\Cacheman.exe
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
"InkSaver"=C:\Program Files\InkSaver\InkSaver.exe hide
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"Disc Detector"=C:\Program Files\Creative\ShareDLL\CtNotify.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- Hosts -----------------------------------------------------------------------

127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com

9198 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-01 18:34:02 ------------
  • 0

#5
Essexboy
Posted 01 August 2008 - 11:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this will be a busy fix - so I would recommend you copy this post to a text file for reference

First your Antivirus is out of date AVG is now on version 8 - available here http://free.avg.com/...ownload?prd=afe

Then to continue securing your system

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.

Now to start cleaning

Download and run ERUNT http://www.larsheder...nline.de/erunt/

Start ERUNT, confirm the Welcome message.

Type in the name of a restore folder where the backed up registry
files should be saved, or click "..." to browse your computer's drives
and select a folder. You can also simply leave the default, which is a
folder named ERDNT inside your Windows folder, the advantage being
that you have access to this folder from the Windows Recovery Console
in case Windows does not boot anymore.


Next, select the backup options:

- System registry:

- Current user registy: .

- Other open user registries:

Click "OK" and wait until the backup process is complete. (Note that
depending on your system configuration this may take some time, and
that the first bar is NOT a progress bar, just an indicator that the
program is still running.) The ERDNT program for later restoration of
the registry is automatically copied to the restore folder.

WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine

REGISTRY FIX

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop Posted Image

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

NEXT

@echo off
sc stop jgameenp
sc delete jgameenp
exit

Next you will need to create the batch fix to do that copy and paste ALL of the above in the quote box to a notepad file.
Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.bat

This will create a batch file Posted Image

Then run fix.bat by double clicking you may see a black box appear this is normal

GETTING THERE

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\Robert Edwards\localsettings\temp\jgameenp.sys 
C:\WINDOWS\system32\eKSvyccf.ini2
C:\WINDOWS\system32\fccyvSKe.dll
C:\WINDOWS\system32\oissqjcd.dll
C:\WINDOWS\system32\efcYPjJy.dll 
C:\WINDOWS\system32\nqypfmuh.dll
Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

AND FINALLY (Honest :) ) AVG may detect this programme as a Trojan - it is not. If necessary disable AVG whilst you run the programme

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • File - Additional Folder Scans
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#6
carbuncle
Posted 01 August 2008 - 01:28 PM

carbuncle

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Attached File  OTScanIt.Txt   318.21KB   126 downloadsHi Essexboy

AVG 8 installed (hate it already compared with 7.5 lol)

New Jarva installed

Erunt run and back up done

Reg fix done

Fix.bat done

OTmoveit scan results are

File/Folder C:\Documents and Settings\Robert Edwards\localsettings\temp\jgameenp.sys not found.
C:\WINDOWS\system32\eKSvyccf.ini2 moved successfully.
File/Folder C:\WINDOWS\system32\fccyvSKe.dll not found.
File/Folder C:\WINDOWS\system32\oissqjcd.dll not found.
File/Folder C:\WINDOWS\system32\efcYPjJy.dll not found.
File/Folder C:\WINDOWS\system32\nqypfmuh.dll not found.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08012008_201752


finally OTscanit txt file attached.


Many thanks for your help mate.Attached File  OTScanIt.Txt   318.21KB   126 downloads
  • 0

#7
Essexboy
Posted 01 August 2008 - 01:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A few smidgeons here and then a sweep for orphans I think

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Files/Folders - Created Within 90 days]
NY -> dcjqssio.ini -> %SystemRoot%\System32\dcjqssio.ini
NY -> eKSvyccf.ini -> %SystemRoot%\System32\eKSvyccf.ini
NY -> BM4f1e5dd8.xml -> %SystemRoot%\BM4f1e5dd8.xml
[Files/Folders - Modified Within 90 days]
NY -> dcjqssio.ini -> %SystemRoot%\System32\dcjqssio.ini
NY -> eKSvyccf.ini -> %SystemRoot%\System32\eKSvyccf.ini
NY -> BM4f1e5dd8.xml -> %SystemRoot%\BM4f1e5dd8.xml
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

THEN

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Logs required : OTScanit report, MBAM log and a new Hijackthis log.. Plus how is your computer running now ?
  • 0

#8
carbuncle
Posted 01 August 2008 - 02:21 PM

carbuncle

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Hi

Scanit log:

[Files/Folders - Created Within 90 days]
C:\WINDOWS\System32\dcjqssio.ini moved successfully.
C:\WINDOWS\System32\eKSvyccf.ini moved successfully.
C:\WINDOWS\BM4f1e5dd8.xml moved successfully.
[Files/Folders - Modified Within 90 days]
File C:\WINDOWS\System32\dcjqssio.ini not found!
File C:\WINDOWS\System32\eKSvyccf.ini not found!
File C:\WINDOWS\BM4f1e5dd8.xml not found!
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_10c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_8i7WmIJWQpSBctP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_IQDIddeCHsu3nek scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_Wa4k8xdRPqm7dos scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
RecycleBin -> emptied.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 08012008_210011

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_10c.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\sqlite_8i7WmIJWQpSBctP scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\sqlite_IQDIddeCHsu3nek scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\sqlite_Wa4k8xdRPqm7dos scheduled to be moved on reboot.



HiJack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:21, on 01/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\speakerguard\SpeakerGuard.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RioMSC.exe
C:\PROGRA~1\Cacheman\Cacheman.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Screensaver Control\ScreensaverControl.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Uniblue\ProcessLibrary\qaccess.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealOne Player\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe /hidden
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\Cacheman\Cacheman.exe
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino....-en/FlashAX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10591 bytes


Malware log:

Malwarebytes' Anti-Malware 1.24
Database version: 1015
Windows 5.1.2600 Service Pack 2

21:12:44 01/08/2008
mbam-log-8-1-2008 (21-12-44).txt

Scan type: Quick Scan
Objects scanned: 42896
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\BM4f1e5dd8.txt (Trojan.Vundo) -> Quarantined and deleted successfully.



The computer is running fine thanks, I did notice in one of the earlier posts a few dodgy entires in the 'Hosts' file, not quite sure what the Host file does so is that ok?

Appreciate your continued time.
  • 0

#9
Essexboy
Posted 01 August 2008 - 02:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
These ones :)

Hosts -----------------------------------------------------------------------

127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com

9198 more entries in hosts file.

Those are entered there by malware protection programmes the 127.0.0.1 means that they are looped back to your computer and never connect, so you are safe ;)

MBAM found the orphans I missed so..................

Now the best part of the day ----- Your log now appears clean :)

Double click OTMoveIt2 once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt2 wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself. Erunt and MBAM are good tools to keep. However, if you wish to remove them it may be done via control panel


Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#10
carbuncle
Posted 01 August 2008 - 03:04 PM

carbuncle

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Cheers mate your a star.

Quick question, with AVG8 is it preferred to have 'Resident Shield' on? because if i try to disable it, Windows seems to go into meltdown with warnings etc with AVG greyed out etc. Is AVG recommended above Avast and others for example?

Also i only have XP firewall (I know, i know)

In your view which is the very best free Firewall?

Once again i really appreciate all the help given tonight.

Thanks

Rob
  • 0

Advertisements

#11
Essexboy
Posted 01 August 2008 - 03:44 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm let me see for Anti-virus I have a very partisan reply as I have been using Avast now for about four years with no problem. Prior to that I tried AVG and various others including Norton but I feel more comfortable with Avast. It has a self protection module, scan web pages on the fly for viruses and some malware. Protects e-mail and P2P downloads, but the best in my opinion is that I can do a boot scan before windows loads. There is generally one update a day sometimes more, and the forum is very good with input from the programmers and analysts. I also find it light on resources.

The forum is here http://forum.avast.com/index.php and there are two flavours the Pro (paid for version) and the home (free version, but requires annual registration). The pro version is more for corporate concerns as it has additional functions which are of no interest to the home user, but the database and updates are the same for both versions.

Firewall, this really depends on your skill and knowledge, the fire and forget version is Zone Alarm free. More complex with a steeper learning curve is comodo.

As for the resident shield it should be kept on at all times otherwise you are not protected

Any further ?? just shout

P.S. Thanks for the donation I have just received - I will have a pint or two on you - cheers :)
  • 0

#12
Essexboy
Posted 02 August 2008 - 04:06 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#13
Essexboy
Posted 02 August 2008 - 09:06 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It could be that AVG is doing this but lets have a quick look see

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#14
carbuncle
Posted 02 August 2008 - 09:17 AM

carbuncle

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Hi Essexboy

dss only opened one notepad entry which i have included.

I don't know if this is relevant or not but Windows Update did an update this morning, and after i was told to reboot the machine, it rebooted with only 3 icons in the taskbar instead of the usual 9, i rebooted and the problems seemed to start then.


Deckard's System Scanner v20071014.68
Run by Robert Edwards on 2008-08-02 16:11:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Robert Edwards.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:17, on 02/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\speakerguard\SpeakerGuard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\Cacheman\Cacheman.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ClocX\ClocX.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Screensaver Control\ScreensaverControl.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Uniblue\ProcessLibrary\qaccess.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\Robert Edwards\Desktop\Security\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ROBERT~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealOne Player\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe /hidden
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\Cacheman\Cacheman.exe
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino....-en/FlashAX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10569 bytes

-- Files created between 2008-07-02 and 2008-08-02 -----------------------------

2008-08-01 22:32:25 0 dr-h----- C:\Documents and Settings\Robert Edwards\Recent
2008-08-01 21:06:04 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\Malwarebytes
2008-08-01 21:06:00 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-01 21:06:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-01 20:08:03 0 d-------- C:\Program Files\Java
2008-08-01 19:29:52 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-01 19:29:33 0 d-------- C:\Program Files\AVG
2008-08-01 19:29:32 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-31 01:35:49 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\HouseCall 6.6
2008-07-29 11:41:05 0 d-------- C:\Documents and Settings\Robert Edwards\.housecall6.6
2008-07-27 12:38:21 0 d-------- C:\Program Files\AnVir Task Manager
2008-07-27 11:00:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-07-26 19:34:51 0 d-------- C:\Program Files\Common Files\McAfee
2008-07-26 19:34:08 0 d-------- C:\Program Files\McAfee
2008-07-26 02:32:14 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-07-26 02:32:14 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-07-26 02:32:14 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-07-26 02:32:14 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-07-26 02:32:13 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-07-26 02:32:10 0 d-------- C:\Program Files\VSO
2008-07-10 13:03:50 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\USBSafelyRemove
2008-07-10 13:03:37 0 d-------- C:\Program Files\USB Safely Remove
2008-07-10 12:50:59 0 d-------- C:\Program Files\Sony
2008-07-10 12:50:30 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-07-09 04:04:52 0 d-------- C:\Program Files\TweakNow WinSecret
2008-07-09 04:04:52 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\TweakNow WinSecret
2008-07-09 04:03:13 0 d-------- C:\Program Files\TweakNow RegCleaner Std
2008-07-07 20:38:46 0 d-------- C:\WINDOWS\Icons
2008-07-07 20:36:19 3407872 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-07 20:36:15 18612224 --a------ C:\Documents and Settings\Robert Edwards\ntuser.dat
2008-07-07 19:50:24 0 d-------- C:\Program Files\TellyPrompter
2008-07-07 19:36:25 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-07-07 19:35:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-07 19:35:37 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-07 08:40:49 56108 --a------ C:\WINDOWS\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
2008-07-05 23:14:23 0 d-------- C:\Program Files\Blaze Media Pro
2008-07-05 23:14:08 0 d-------- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2008-07-04 21:39:23 0 d-------- C:\Program Files\AVI DivX to DVD SVCD VCD Converter
2008-07-03 20:35:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-03 20:35:09 0 d-------- C:\Program Files\AOL Games
2008-07-02 23:56:35 0 d-------- C:\Program Files\ShrinkTo5Basic


-- Find3M Report ---------------------------------------------------------------

2008-08-02 15:49:23 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-00201102}.dat
2008-08-02 15:49:23 24 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-00000009-00001102-00000002-00201102}.dat
2008-08-01 22:35:57 0 d-------- C:\Program Files\SpywareBlaster
2008-08-01 18:01:49 0 d-------- C:\Program Files\SpeedFan
2008-08-01 09:40:37 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\BitTorrent
2008-07-31 00:24:30 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\Microgaming
2008-07-29 17:27:10 0 d-------- C:\Program Files\Avant Browser
2008-07-28 22:39:39 0 d-------- C:\Program Files\Yahoo!
2008-07-28 11:52:48 0 d-------- C:\Program Files\PowerISO
2008-07-28 01:11:41 0 d-------- C:\Program Files\ladbrokesMPP
2008-07-26 19:34:51 0 d-------- C:\Program Files\Common Files
2008-07-26 03:31:56 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\Vso
2008-07-26 03:31:55 668 --a------ C:\Documents and Settings\Robert Edwards\Application Data\vso_ts_preview.xml
2008-07-26 03:11:54 0 d-------- C:\Program Files\a-squared Free
2008-07-09 15:13:48 2320000 --a------ C:\WINDOWS\system32\TUKernel.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-09 15:05:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-09 14:40:10 0 d-------- C:\Program Files\Paint.NET
2008-07-09 03:52:54 0 d-------- C:\Program Files\Full Tilt Poker
2008-07-07 17:05:03 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\VideoReDo-TVSuite
2008-07-04 17:50:16 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\Audacity
2008-07-01 22:32:28 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\Ashampoo
2008-06-30 19:36:10 0 d-------- C:\Program Files\GNU
2008-06-24 11:40:13 0 d-------- C:\Program Files\Recover Keys
2008-06-22 18:59:20 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\Hyperionics
2008-06-22 18:54:31 0 d-------- C:\Program Files\CD Recovery Toolbox Free
2008-06-22 18:16:20 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\DNA
2008-06-22 18:12:09 0 d-------- C:\Program Files\Betfair
2008-06-16 19:08:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-14 15:28:49 3532 --a------ C:\drmHeader.bin
2008-06-13 20:56:06 0 d-------- C:\Documents and Settings\Robert Edwards\Application Data\Nokia Multimedia Player
2008-06-12 18:40:52 0 d-------- C:\Program Files\QuickTime Alternative
2008-06-11 17:05:31 0 d-------- C:\Program Files\JetAudio
2008-06-03 23:14:51 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-03 19:54:29 0 d-------- C:\Program Files\BitTorrent
2008-06-03 19:54:23 0 d-------- C:\Program Files\DNA
2008-05-28 00:16:44 61440 --a------ C:\WINDOWS\system32\NormalizeDSP.dll
2008-05-23 14:12:58 323584 --a------ C:\WINDOWS\system32\AudioGenie2.dll <Not Verified; Stefan Toengi; audiogenie Module>
2008-05-18 15:27:49 304 --a------ C:\WINDOWS\[email protected]
2008-05-16 11:49:12 20472 --a------ C:\Documents and Settings\Robert Edwards\Application Data\NMM-MetaData.db


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
23/07/2008 12:21 120608 --a------ c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupDelayer"="C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [16/03/2007 02:16]
"DVD43"="C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe" [03/08/2006 18:38]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [31/08/2007 12:01]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [01/08/2008 19:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cacheman"="C:\PROGRA~1\Cacheman\Cacheman.exe" [31/07/2003 15:13]
"USB Safely Remove"="C:\Program Files\USB Safely Remove\USBSafelyRemove.exe" [14/07/2008 19:07]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"NoAdminPage"=1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDIDL~1\DVDShell.dll [09/10/2004 15:18 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PolicyAgent"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Cacheman"=C:\PROGRA~1\Cacheman\Cacheman.exe
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
"InkSaver"=C:\Program Files\InkSaver\InkSaver.exe hide
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"Disc Detector"=C:\Program Files\Creative\ShareDLL\CtNotify.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-08-02 16:12:57 ------------
  • 0

#15
Essexboy
Posted 02 August 2008 - 09:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK then first thing to do will be to remove the latest update and see where that leads us..

If you go to add/remove in the control panel and first note down the KB number of the update you installed yesterday and then uninstall the update

If you could then post the KB number and whether or not uninstalling has cured the problem

Any problems with this just shout
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP