Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow Keyboard Response--HijackThis Log Included [RESOLVED]


  • This topic is locked This topic is locked

#1
geek08

geek08

    Member

  • Member
  • PipPip
  • 13 posts
Hello Everyone

Iam having this strange problem of slow keyboard response,it takes 3 seconds for the first letter I type to appear on screen , then next characters are seen soon & then there is a timelap of 3-4 seconds..this problem started couple of days back & it took me so long to even post this topic.

My Laptop specs are AMD Turion 64x2 processor 1.5GB RAM & its a Dell Inspiron 1501.

I have done all the things as listed on the 'Hijackthis Log-Malware Cleaning Guide' & still no look.

Not sure whats causing this problem, suspecting some malware though couldn't find any in any scans..please go through the hijackthis log file & lemme know if everything is fine or whats causing this, as its too annoying.

Also, searched for viruses using AVG,Zone Alarm, & now BitDefender (Used only one anti-virus at a time) & everything is fine.
Filter Keys or Sticky Keys features are not turned on & are fine.
No computer overheating.
Checked for Spyware using SPybot Search & Destroy & also using Malwarbytes Anti-Malware & here's the log for it.

Malwarebytes' Anti-Malware 1.24
Database version: 1030
Windows 5.1.2600 Service Pack 2

10:30:36 06/08/2008
mbam-log-8-6-2008 (22-30-29).txt

Scan type: Quick Scan
Objects scanned: 43386
Time elapsed: 7 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I REMOVED THE INFECTED REGISTRY KEY & HERE'S THE NEW LOG:

Malwarebytes' Anti-Malware 1.24
Database version: 1030
Windows 5.1.2600 Service Pack 2

11:59:05 06/08/2008
mbam-log-8-6-2008 (23-59-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 105938
Time elapsed: 1 hour(s), 9 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HERE'S MY HIJACK THIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:45:54, on 07/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=2061126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=2061126
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - http://ie.pixaco.com...codndupload.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://193.120.94.25...activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB1AAA0A-693F-4794-B392-F13C8A9B0261}: NameServer = 203.145.184.13,202.56.250.5
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9291 bytes

Here's the Uninstall list:

926plc32
ABBYY FineReader 5.0 Sprint Plus
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
ADSL USB Driver 2.0.1
AMD Processor Driver
Apple Software Update
ArcSoft Software Suite
ATI Catalyst Control Center
ATI Display Driver
ATT 1.4 Engine Only (no voices)
ATT Natural Voices version 1_4 Mike16
BitDefender Total Security 2008
Broadcom Management Programs
CCleaner (remove only)
Conexant HDA D110 MDC V.92 Modem
Dell Photo AIO Printer 922
Dell Support 3.2.1
Dell Wireless WLAN Card
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Dual-Core Optimizer
FLV Player 1.3.3
FreeAgent Pro Tools
Google Earth
HijackThis 2.0.2
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
JustVoip
Labtec WebCam Software
Labtec® Camera Driver
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Accounting 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Connectivity Components
Microsoft Office Small Business Edition 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Helper
Mozilla Firefox (2.0.0.16)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NetWaiting
NextUp.com-NeoSpeech Paul16 Voice
Norton Ghost 9.0
Notepad++
PowerDVD 5.7
QuickTime
ReadPlease 2003/ReadPlease PLUS 2003
RealPlayer
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950762)
Synaptics Pointing Device Driver
URL Assistant
VeohTV BETA
VideoLAN VLC media player 0.8.6c
WebCyberCoach 3.2 Dell
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger

HOPEFULLY U CAN SORT THIS OUT FOR ME, APPRECIATE ANY HELP & THANKS IN ADVANCE..

CHEERS..
  • 0

Advertisements


#2
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Hi geek :)

Sorry about your wait time :) things are a little busy around here. I'm in training right now so I am posting under supervision, there may be a lag between my replies as they have to be checked before I say them to you. I have gone through your log and will be posting help for you shortly :)

If you have already resolved this problem or are receiving help elsewhere please let us know so this topic can be closed ;)
  • 0

#3
geek08

geek08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi MichWasHere

Glad to see a response, I have only posted my topic in Waiting Room & still waiting on someone to resolve the problem, so would definitely need ur help. Pls take ur time & try to suggest me as soon as u can as I want to use my laptop & haven't used it since it's been acting up.

Thanks again for responding...and looking forward for a fix. :)
  • 0

#4
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Hi again :) a few things need to be done.

First of all...
Re-open HiJackThis and scan. Check the boxes next to all the entries listed below:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

next...
You have old java installations still that need to be removed as well. Please go to Start > Control Panel > Add/Remove Programs and remove the following:
- J2SE Runtime Environment 5.0 Update 9
- Java™ 6 Update 2
- Java™ 6 Update 3
- Java™ 6 Update 5
- Java™ SE Runtime Environment 6 Update 1

and last but not least...
Can't see anything that could be causing your problem in the log you posted so we're going to get a more detailed one. Please download Deckard's System Scanner (DSS) and save it to your Desktop.
- Close all other windows before proceeding.
- Double-click on dss.exe and follow the prompts.
- If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
- When the scan has finished, two notepad files will open named main.txt and extra.txt. Please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt in one reply and extra.txt in a separate reply.
  • 0

#5
geek08

geek08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi MichWasHere :)

I have done all the things like u said & here's the MAIN.TXT CONTENT:

Deckard's System Scanner v20071014.68
Run by Sapu on 2008-08-13 00:20:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
91: 2008-08-12 23:20:33 UTC - RP434 - Deckard's System Scanner Restore Point
90: 2008-08-12 23:09:47 UTC - RP433 - Software Distribution Service 3.0
89: 2008-08-12 23:06:06 UTC - RP432 - Removed Apple Software Update
88: 2008-08-12 23:03:38 UTC - RP431 - Removed Java™ 6 Update 5
87: 2008-08-12 23:02:08 UTC - RP430 - Removed Java™ 6 Update 3


-- First Restore Point --
1: 2008-06-14 14:08:21 UTC - RP344 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Sapu.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:36, on 13/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Sapu\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Sapu.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=2061126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=2061126
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - http://ie.pixaco.com...codndupload.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1218237825406
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://193.120.94.25...activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB1AAA0A-693F-4794-B392-F13C8A9B0261}: NameServer = 203.145.184.13,202.56.250.5
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9159 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080812-234928-213 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080812-234928-433 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20080812-234928-699 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
backup-20080812-234928-714 O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - (no file)
backup-20080812-234928-892 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PQV2i - c:\windows\system32\drivers\pqv2i.sys <Not Verified; StorageCraft; V2i Protector>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 PQIMount - c:\windows\system32\drivers\pqimount.sys <Not Verified; PowerQuest Corporation; V2i Protector>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing)
S2 BDRSDRV - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
S3 BDFSDRV - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
S3 hwdatacard (Huawei DataCard USB Modem and USB Serial) - c:\windows\system32\drivers\ewusbmdm.sys (file missing)
S3 MEMSWEEP2 - c:\windows\system32\59.tmp (file missing)
S3 SBRE - c:\windows\system32\drivers\sbredrv.sys (file missing)
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)
S3 VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - c:\windows\system32\drivers\vmnetadapter.sys (file missing)
S3 w810bus (Sony Ericsson W810 Driver driver (WDM)) - c:\windows\system32\drivers\w810bus.sys (file missing)
S3 w810mdfl (Sony Ericsson W810 USB WMC Modem Filter) - c:\windows\system32\drivers\w810mdfl.sys (file missing)
S3 w810mdm (Sony Ericsson W810 USB WMC Modem Driver) - c:\windows\system32\drivers\w810mdm.sys (file missing)
S3 w810mgmt (Sony Ericsson W810 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\w810mgmt.sys (file missing)
S3 w810obex (Sony Ericsson W810 USB WMC OBEX Interface) - c:\windows\system32\drivers\w810obex.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BMUService (AutoBackup) - "c:\program files\memeo\autobackup\memeoservice.exe" <Not Verified; Memeo; AutoBackup>
R2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-07-13 and 2008-08-13 -----------------------------

2008-08-10 03:03:39 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-09 00:18:05 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-08-09 00:18:05 0 d-------- C:\Program Files\Belarc
2008-08-08 01:28:02 0 d-------- C:\Documents and Settings\Sapu\Application Data\Comodo
2008-08-08 01:28:00 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-08 01:27:47 0 d-------- C:\Program Files\COMODO
2008-08-08 00:57:12 0 d-------- C:\Program Files\Sophos
2008-08-08 00:54:56 0 d-------- C:\fsaua.data
2008-08-07 01:32:36 0 d-------- C:\WINDOWS\Prefetch
2008-08-07 00:49:32 0 d-------- C:\WINDOWS\system32\scripting
2008-08-07 00:49:31 0 d-------- C:\WINDOWS\l2schemas
2008-08-07 00:49:30 0 d-------- C:\WINDOWS\system32\en
2008-08-07 00:49:30 0 d-------- C:\WINDOWS\system32\bits
2008-08-07 00:46:39 0 d-------- C:\WINDOWS\ServicePackFiles
2008-08-07 00:35:45 0 d-------- C:\WINDOWS\EHome
2008-08-06 22:19:40 0 d-------- C:\Documents and Settings\Sapu\Application Data\Malwarebytes
2008-08-06 22:19:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-06 22:19:36 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-06 22:19:04 0 d-------- C:\Program Files\Common Files\Download Manager
2008-08-06 21:31:22 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-08-06 21:31:22 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-08-06 21:31:22 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-08-06 21:31:22 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-08-06 21:31:22 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-08-06 21:31:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-08-06 21:31:22 0 d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-08-06 21:31:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-08-06 21:31:21 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-08-06 21:31:21 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-08-06 21:31:21 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-08-06 21:31:21 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-08-06 21:31:21 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-08-06 21:31:21 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-08-06 21:31:21 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-08-06 21:31:21 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-08-06 21:31:20 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-08-06 20:57:44 0 d-------- C:\Program Files\Trend Micro
2008-08-06 20:46:13 0 d-------- C:\Program Files\XoftSpySE
2008-08-06 20:34:45 0 d-------- C:\Documents and Settings\Sapu\DoctorWeb
2008-08-06 14:14:40 0 d-------- C:\Program Files\Seagate
2008-08-06 02:09:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-05 15:02:46 0 d-------- C:\Documents and Settings\Sapu\Application Data\BitDefender
2008-08-05 15:01:41 0 d-------- C:\Program Files\BitDefender
2008-08-05 15:01:41 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-08-05 15:00:30 0 d-------- C:\Program Files\Common Files\BitDefender
2008-08-05 00:07:20 0 d-------- C:\Program Files\Common Files\xing shared
2008-08-04 18:08:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt
2008-08-04 18:07:37 0 d-------- C:\Documents and Settings\Sapu\Application Data\Sunbelt
2008-08-04 18:03:50 0 d-------- C:\Program Files\Sunbelt Software
2008-08-04 12:58:52 0 dr-h----- C:\Documents and Settings\Sapu\Recent
2008-08-04 02:31:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-03 17:22:09 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-08-03 17:21:58 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-08-03 17:19:52 0 d-------- C:\WINDOWS\Internet Logs
2008-08-01 23:17:11 0 d-------- C:\Documents and Settings\Sapu\Application Data\TVU Networks
2008-08-01 23:17:11 0 d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-08-01 23:16:55 0 d-------- C:\Documents and Settings\Sapu\LocalLow


-- Find3M Report ---------------------------------------------------------------

2008-08-13 00:23:18 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-08-13 00:06:14 0 d-------- C:\Program Files\Apple Software Update
2008-08-12 23:58:30 0 d-------- C:\Program Files\Java
2008-08-07 00:50:00 0 d-------- C:\Program Files\Messenger
2008-08-07 00:49:29 0 d-------- C:\Program Files\Movie Maker
2008-08-07 00:46:15 0 d-------- C:\Program Files\Windows NT
2008-08-06 22:19:04 0 d-------- C:\Program Files\Common Files
2008-08-06 14:16:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-05 23:40:58 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-05 00:07:37 0 d-------- C:\Documents and Settings\Sapu\Application Data\Real
2008-08-05 00:07:16 0 d-------- C:\Program Files\Common Files\Real
2008-08-05 00:06:52 0 d-------- C:\Program Files\Real
2008-08-05 00:05:59 0 d-------- C:\Program Files\Google
2008-07-26 23:21:50 0 d-------- C:\Documents and Settings\Sapu\Application Data\U3
2008-07-12 18:46:37 0 d-------- C:\Documents and Settings\Sapu\Application Data\Panasonic
2008-07-12 18:39:15 0 d-------- C:\Documents and Settings\Sapu\Application Data\ArcSoft
2008-07-10 13:25:11 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-07-10 13:23:10 0 d-------- C:\Program Files\ArcSoft
2008-06-17 14:57:26 0 d-------- C:\Program Files\AVG
2008-06-17 03:40:21 322 --a------ C:\Documents and Settings\Sapu\Application Data\wklnhst.dat
2008-05-31 00:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-31 00:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 23:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 23:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 23:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 23:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [22/09/2006 12:06 C:\WINDOWS\stsystra.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [10/05/2006 12:12]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [22/09/2006 12:47]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [19/12/2005 04:08]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19/01/2005 12:05]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [17/11/2006 05:49]
"BluetoothAuthenticationAgent"="bthprops.cpl" [14/04/2008 01:12 C:\WINDOWS\system32\bthprops.cpl]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [09/11/2004 10:41]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/08/2008 12:06]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09/10/2007 04:46]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [23/05/2008 07:16]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [18/01/2007 01:20]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/01/2008 04:27]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 11:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [17/12/2007 06:13]
"JustVoip"="C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" [03/01/2008 03:09]

C:\Documents and Settings\Sapu\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe [08/02/2007 05:38:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [26/11/2006 10:29:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
bdx scan
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21df7e33-ebc2-11dc-8a17-0015c5c3822f}]
Auto\command- E:\Cn911.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b5888aa-d435-11dc-89fe-0015c5c3822f}]
Auto\command- Cn911.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b875995-21b5-11dd-8a5f-0015c5c3822f}]
AutoRun\command- "F:\Install FreeAgent Tools.exe" /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb98cf98-2496-11dd-8a64-0015c5c3822f}]
Auto\command- E:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dffaa1e6-1ced-11dc-894c-0015c5c3822f}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e643b9cb-f5a8-11dc-8a21-0015c5c3822f}]
AutoRun\command- F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e643b9ce-f5a8-11dc-8a21-0015c5c3822f}]
AutoRun\command- F:\AutoRun.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8940 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-13 00:27:01 ------------
  • 0

#6
geek08

geek08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
And here's the EXTRA.TXT CONTENT:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 X2 Mobile Technology TL-50
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 1406.04 MiB / 844.95 MiB
Pagefile Memory (total/avail): 2601.34 MiB / 1988.51 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1910.33 MiB

C: is Fixed (NTFS) - 71.44 GiB total, 11.31 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541680J9SA00 - 74.53 GiB - 3 partitions
\PARTITION0 - Unknown - 86.26 MiB
\PARTITION1 (bootable) - Installable File System - 71.44 GiB - C:
\PARTITION2 - Unknown - 3 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Sapu\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DESKTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Sapu
LOGONSERVER=\\DESKTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Sapu\LOCALS~1\Temp
TMP=C:\DOCUME~1\Sapu\LOCALS~1\Temp
USERDOMAIN=DESKTOP
USERNAME=Sapu
USERPROFILE=C:\Documents and Settings\Sapu
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Sapu (admin)
pradeep (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
926plc32 --> MsiExec.exe /I{B33E4C22-23EA-465F-BDFF-F9AE0FF364E0}
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ADSL USB Driver 2.0.1 --> "C:\Program Files\ADSL Router\unins000.exe"
AMD Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}\setup.exe" -l0x9
ATI Catalyst Control Center --> MsiExec.exe /I{AC6AE077-1566-4655-BE73-38A869C150DC}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATT 1.4 Engine Only (no voices) --> MsiExec.exe /I{30DC2AF9-7E3F-4172-B0E6-7D9B0676CFFA}
ATT Natural Voices version 1_4 Mike16 --> MsiExec.exe /I{1ED1683C-A2FD-40B4-8B06-360F7AA1F91B}
AutoBackup --> C:\Program Files\InstallShield Installation Information\{D6209782-BDE3-461A-81BC-D6BF0965E5F0}\setup.exe -runfromtemp -l0x0409
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BitDefender Total Security 2008 --> MsiExec.exe /I{E404EFD4-6110-413C-AD1A-D6D0F261960E}
Broadcom Management Programs --> MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
COMODO SafeSurf --> C:\Program Files\COMODO\SafeSurf\cssconfg.exe -u
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Dell Photo AIO Printer 922 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTUNST.EXE -NOLICENSE
Dell Support 3.2.1 --> MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dual-Core Optimizer --> MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
FreeAgent Pro Tools --> C:\Program Files\InstallShield Installation Information\{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}\setup.exe -runfromtemp -l0x0409
Google Earth --> MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JustVoip --> "C:\Program Files\JustVoip.com\JustVoip\unins000.exe"
Labtec WebCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF45F502-D3F2-4E7C-91D8-9AA5A8141D08}\setup.exe" -l0x9
Labtec® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Accounting 2007 --> "C:\Program Files\Microsoft Small Business\Small Business Accounting 2007\SetupBootstrap\Setup.exe" /remove {B0717D5A-1976-482B-9ADF-F19631A541A4}
Microsoft Office Accounting 2007 --> MsiExec.exe /X{B0717D5A-1976-482B-9ADF-F19631A541A4}
Microsoft Office Accounting ADP Payroll Addin --> MsiExec.exe /I{5FA793A6-0071-42C1-9355-8F69A428C44F}
Microsoft Office Accounting Equifax Addin --> MsiExec.exe /X{8C711818-076E-475C-B95B-DF11CD9D8DBE}
Microsoft Office Accounting Fixed Asset Manager --> MsiExec.exe /X{46614A49-222A-48EF-87A9-BFD603E608E1}
Microsoft Office Accounting PayPal Addin --> MsiExec.exe /X{353D20CC-719B-4A60-AD33-D03F88C10330}
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office OneNote 2003 --> MsiExec.exe /I{90A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{90CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NextUp.com-NeoSpeech Paul16 Voice --> MsiExec.exe /X{6A09FF5F-C19B-445A-98E5-23AD860493C3}
Norton Ghost 9.0 --> MsiExec.exe /X{3C759736-8347-4031-BB9C-D75ADFE6B101}
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
ReadPlease 2003/ReadPlease PLUS 2003 --> "C:\Program Files\ReadPlease 2003\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type31664 / Error
Event Submitted/Written: 08/13/2008 00:25:16 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type31663 / Error
Event Submitted/Written: 08/13/2008 00:23:57 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type31662 / Error
Event Submitted/Written: 08/13/2008 00:23:57 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type31661 / Error
Event Submitted/Written: 08/13/2008 00:23:39 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type31660 / Error
Event Submitted/Written: 08/13/2008 00:23:39 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type256709 / Error
Event Submitted/Written: 08/13/2008 00:14:32 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
szkg

Event Record #/Type256707 / Error
Event Submitted/Written: 08/13/2008 00:14:32 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The BDRSDRV service failed to start due to the following error:
%%3

Event Record #/Type256696 / Error
Event Submitted/Written: 08/13/2008 00:11:10 AM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: OneNote 2003 Service Pack 3 (SP3).

Event Record #/Type256689 / Error
Event Submitted/Written: 08/13/2008 00:06:33 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type256686 / Error
Event Submitted/Written: 08/13/2008 00:06:33 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2008-08-13 00:27:01 ------------

Thanks a lot for ur help & hoping to see some progress :)
  • 0

#7
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Hi geek :)

You had a usb thumb drive attached to your pc at one point that had a virus on it designed to steal passwords and record keystrokes. It would be a very good idea to change your passwords for email accounts, online banking, etc. since there is a chance they *might* have been stolen.

Please plug in your usb drive before following these directions.

We need to fix your file associations
- Click "start"
- Select "Run"
- Enter this text into the run box: "%userprofile%\desktop\dss.exe" /daft
- Click ok

DSS will start
- Click ok in the disclaimer window
- Click the "Scan" button.
- Select everything displayed in the results window
- Click the "Fix" button
- Rescan with DAFT again (start>run>"%userprofile%\desktop\dss.exe" /daft) it should say "All associations are OK"
- Close DAFT if you receive that message. This means that it is fixed now.

Next,
Download OTMoveIt2 by OldTimer
- Save it on your desktop.
- Double-click "OTMoveIt2.exe" to run it. (Vista users, please right click on "OTMoveit2.exe" and select "Run as an Administrator")
- Copy the text in the code box below to the clipboard by highlighting all of it and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
[kill explorer]
c:\windows\adober.exe
E:\Cn911.exe
E:\AdobeR.exe
F:\AutoRun.exe
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{21df7e33-ebc2-11dc-8a17-0015c5c3822f}
HKCR\CLSID\{21df7e33-ebc2-11dc-8a17-0015c5c3822f}
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b5888aa-d435-11dc-89fe-0015c5c3822f}
HKCR\CLSID\{5b5888aa-d435-11dc-89fe-0015c5c3822f}
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b875995-21b5-11dd-8a5f-0015c5c3822f}
HKCR\CLSID\{6b875995-21b5-11dd-8a5f-0015c5c3822f}
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb98cf98-2496-11dd-8a64-0015c5c3822f}
HKCR\CLSID\{bb98cf98-2496-11dd-8a64-0015c5c3822f}
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{dffaa1e6-1ced-11dc-894c-0015c5c3822f}
HKCR\CLSID\{dffaa1e6-1ced-11dc-894c-0015c5c3822f}
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{e643b9cb-f5a8-11dc-8a21-0015c5c3822f}
HKCR\CLSID\{e643b9cb-f5a8-11dc-8a21-0015c5c3822f}
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{e643b9ce-f5a8-11dc-8a21-0015c5c3822f}
HKCR\CLSID\{e643b9ce-f5a8-11dc-8a21-0015c5c3822f}
purity
[start explorer]
- Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose "Paste".
- Click the red "Moveit!" button.
- A log of files and folders moved will be created in the "c:\_OTMoveIt\MovedFiles" folder in the form of Date and Time ("mmddyyyy_hhmmss.log"). Please open this log in Notepad and post its contents in your next reply.
- Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes"
  • 0

#8
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Once you have followed the directions above please post another DSS log:
- Double-click on dss.exe and follow the prompts.
- If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
- When the scan has finished, a notepad file will open named main.txt. Please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt in your reply.
  • 0

#9
geek08

geek08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi MichWasHere ..you are a star

My slow keyboard response seem to be fixed now & I can type fast. :) Have noticed one thing though, all the files come up with an extension for some reason, like I had all the songs in one folder, after every song name the file extension appears like 'Rihanna-Umbrella.mp3', it's the same with all the doc files or for that matter all the file extensions are being shown, also my Internet Explorer isn't working, could only access Net using Mozilla Firefox.

Appreciate all the help you guys are doing, here's the log of OTMoveIt2. The DSS log file will follow shortly..

Explorer killed successfully
File/Folder c:\windows\adober.exe not found.
File/Folder E:\Cn911.exe not found.
File/Folder E:\AdobeR.exe not found.
File/Folder F:\AutoRun.exe not found.
< HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{21df7e33-ebc2-11dc-8a17-0015c5c3822f} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21df7e33-ebc2-11dc-8a17-0015c5c3822f}\\ deleted successfully.
< HKCR\CLSID\{21df7e33-ebc2-11dc-8a17-0015c5c3822f} >
Registry key HKEY_CLASSES_ROOT\CLSID\{21df7e33-ebc2-11dc-8a17-0015c5c3822f}\\ not found.
< HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b5888aa-d435-11dc-89fe-0015c5c3822f} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b5888aa-d435-11dc-89fe-0015c5c3822f}\\ deleted successfully.
< HKCR\CLSID\{5b5888aa-d435-11dc-89fe-0015c5c3822f} >
Registry key HKEY_CLASSES_ROOT\CLSID\{5b5888aa-d435-11dc-89fe-0015c5c3822f}\\ not found.
< HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b875995-21b5-11dd-8a5f-0015c5c3822f} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b875995-21b5-11dd-8a5f-0015c5c3822f}\\ deleted successfully.
< HKCR\CLSID\{6b875995-21b5-11dd-8a5f-0015c5c3822f} >
Registry key HKEY_CLASSES_ROOT\CLSID\{6b875995-21b5-11dd-8a5f-0015c5c3822f}\\ not found.
< HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb98cf98-2496-11dd-8a64-0015c5c3822f} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb98cf98-2496-11dd-8a64-0015c5c3822f}\\ deleted successfully.
< HKCR\CLSID\{bb98cf98-2496-11dd-8a64-0015c5c3822f} >
Registry key HKEY_CLASSES_ROOT\CLSID\{bb98cf98-2496-11dd-8a64-0015c5c3822f}\\ not found.
< HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{dffaa1e6-1ced-11dc-894c-0015c5c3822f} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dffaa1e6-1ced-11dc-894c-0015c5c3822f}\\ deleted successfully.
< HKCR\CLSID\{dffaa1e6-1ced-11dc-894c-0015c5c3822f} >
Registry key HKEY_CLASSES_ROOT\CLSID\{dffaa1e6-1ced-11dc-894c-0015c5c3822f}\\ not found.
< HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{e643b9cb-f5a8-11dc-8a21-0015c5c3822f} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e643b9cb-f5a8-11dc-8a21-0015c5c3822f}\\ deleted successfully.
< HKCR\CLSID\{e643b9cb-f5a8-11dc-8a21-0015c5c3822f} >
Registry key HKEY_CLASSES_ROOT\CLSID\{e643b9cb-f5a8-11dc-8a21-0015c5c3822f}\\ not found.
< HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{e643b9ce-f5a8-11dc-8a21-0015c5c3822f} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e643b9ce-f5a8-11dc-8a21-0015c5c3822f}\\ deleted successfully.
< HKCR\CLSID\{e643b9ce-f5a8-11dc-8a21-0015c5c3822f} >
Registry key HKEY_CLASSES_ROOT\CLSID\{e643b9ce-f5a8-11dc-8a21-0015c5c3822f}\\ not found.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08132008_211521
  • 0

#10
geek08

geek08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
And here's the DSS scan's MAIN.TXT Log file:

Deckard's System Scanner v20071014.68
Run by Sapu on 2008-08-13 21:26:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Sapu.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:26:49, on 13/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Sapu\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Sapu.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=2061126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=2061126
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - http://ie.pixaco.com...codndupload.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1218237825406
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://193.120.94.25...activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB1AAA0A-693F-4794-B392-F13C8A9B0261}: NameServer = 203.145.184.13,202.56.250.5
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9159 bytes

-- Files created between 2008-07-13 and 2008-08-13 -----------------------------

2008-08-10 03:03:39 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-09 00:18:05 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-08-09 00:18:05 0 d-------- C:\Program Files\Belarc
2008-08-08 01:28:02 0 d-------- C:\Documents and Settings\Sapu\Application Data\Comodo
2008-08-08 01:28:00 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-08 01:27:47 0 d-------- C:\Program Files\COMODO
2008-08-08 00:57:12 0 d-------- C:\Program Files\Sophos
2008-08-08 00:54:56 0 d-------- C:\fsaua.data
2008-08-07 01:32:36 0 d-------- C:\WINDOWS\Prefetch
2008-08-07 00:49:32 0 d-------- C:\WINDOWS\system32\scripting
2008-08-07 00:49:31 0 d-------- C:\WINDOWS\l2schemas
2008-08-07 00:49:30 0 d-------- C:\WINDOWS\system32\en
2008-08-07 00:49:30 0 d-------- C:\WINDOWS\system32\bits
2008-08-07 00:46:39 0 d-------- C:\WINDOWS\ServicePackFiles
2008-08-07 00:35:45 0 d-------- C:\WINDOWS\EHome
2008-08-06 22:19:40 0 d-------- C:\Documents and Settings\Sapu\Application Data\Malwarebytes
2008-08-06 22:19:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-06 22:19:36 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-06 22:19:04 0 d-------- C:\Program Files\Common Files\Download Manager
2008-08-06 21:31:22 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-08-06 21:31:22 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-08-06 21:31:22 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-08-06 21:31:22 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-08-06 21:31:22 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-08-06 21:31:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-08-06 21:31:22 0 d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-08-06 21:31:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-08-06 21:31:21 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-08-06 21:31:21 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-08-06 21:31:21 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-08-06 21:31:21 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-08-06 21:31:21 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-08-06 21:31:21 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-08-06 21:31:21 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-08-06 21:31:21 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-08-06 21:31:20 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-08-06 20:57:44 0 d-------- C:\Program Files\Trend Micro
2008-08-06 20:46:13 0 d-------- C:\Program Files\XoftSpySE
2008-08-06 20:34:45 0 d-------- C:\Documents and Settings\Sapu\DoctorWeb
2008-08-06 14:14:40 0 d-------- C:\Program Files\Seagate
2008-08-06 02:09:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-05 15:02:46 0 d-------- C:\Documents and Settings\Sapu\Application Data\BitDefender
2008-08-05 15:01:41 0 d-------- C:\Program Files\BitDefender
2008-08-05 15:01:41 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-08-05 15:00:30 0 d-------- C:\Program Files\Common Files\BitDefender
2008-08-05 00:07:20 0 d-------- C:\Program Files\Common Files\xing shared
2008-08-04 18:08:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt
2008-08-04 18:07:37 0 d-------- C:\Documents and Settings\Sapu\Application Data\Sunbelt
2008-08-04 18:03:50 0 d-------- C:\Program Files\Sunbelt Software
2008-08-04 12:58:52 0 dr-h----- C:\Documents and Settings\Sapu\Recent
2008-08-04 02:31:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-03 17:22:09 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-08-03 17:21:58 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-08-03 17:19:52 0 d-------- C:\WINDOWS\Internet Logs
2008-08-01 23:17:11 0 d-------- C:\Documents and Settings\Sapu\Application Data\TVU Networks
2008-08-01 23:17:11 0 d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-08-01 23:16:55 0 d-------- C:\Documents and Settings\Sapu\LocalLow


-- Find3M Report ---------------------------------------------------------------

2008-08-13 21:26:27 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-08-13 17:42:20 0 d-------- C:\Program Files\Messenger
2008-08-13 00:06:14 0 d-------- C:\Program Files\Apple Software Update
2008-08-12 23:58:30 0 d-------- C:\Program Files\Java
2008-08-07 00:49:29 0 d-------- C:\Program Files\Movie Maker
2008-08-07 00:46:15 0 d-------- C:\Program Files\Windows NT
2008-08-06 22:19:04 0 d-------- C:\Program Files\Common Files
2008-08-06 14:16:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-05 23:40:58 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-05 00:07:37 0 d-------- C:\Documents and Settings\Sapu\Application Data\Real
2008-08-05 00:07:16 0 d-------- C:\Program Files\Common Files\Real
2008-08-05 00:06:52 0 d-------- C:\Program Files\Real
2008-08-05 00:05:59 0 d-------- C:\Program Files\Google
2008-07-26 23:21:50 0 d-------- C:\Documents and Settings\Sapu\Application Data\U3
2008-07-12 18:46:37 0 d-------- C:\Documents and Settings\Sapu\Application Data\Panasonic
2008-07-12 18:39:15 0 d-------- C:\Documents and Settings\Sapu\Application Data\ArcSoft
2008-07-10 13:25:11 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-07-10 13:23:10 0 d-------- C:\Program Files\ArcSoft
2008-06-17 14:57:26 0 d-------- C:\Program Files\AVG
2008-06-17 03:40:21 322 --a------ C:\Documents and Settings\Sapu\Application Data\wklnhst.dat
2008-05-31 00:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-31 00:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 23:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 23:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 23:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 23:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [22/09/2006 12:06 C:\WINDOWS\stsystra.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [10/05/2006 12:12]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [22/09/2006 12:47]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [19/12/2005 04:08]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19/01/2005 12:05]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [17/11/2006 05:49]
"BluetoothAuthenticationAgent"="bthprops.cpl" [14/04/2008 01:12 C:\WINDOWS\system32\bthprops.cpl]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [09/11/2004 10:41]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/08/2008 12:06]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09/10/2007 04:46]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [23/05/2008 07:16]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [18/01/2007 01:20]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/01/2008 04:27]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 11:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [17/12/2007 06:13]
"JustVoip"="C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" [03/01/2008 03:09]

C:\Documents and Settings\Sapu\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe [08/02/2007 05:38:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [26/11/2006 10:29:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
bdx scan
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - 112DEE41
*Newly Created Service* - B71860EB



-- End of Deckard's System Scanner: finished at 2008-08-13 21:30:20 ------------


I still have problem with accessing Net using Internet Explorer & it's taking 3 minutes to even open Mozilla , hopefully you have a fix for this too..:-)
  • 0

Advertisements


#11
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Hi there :)
A question about your hijackthis log... are you in Ireland or in India physically? Your home pages for your internet are Irish, but there is an internet setting on your computer for India.

Next: Run an Online Virus Scan
Please do an online scan with Kaspersky WebScanner

- Click on "Kaspersky Online Scanner" and click "Accept"

You will be prompted to install an ActiveX component from Kaspersky, Click "Yes".
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on "NEXT"
- Next click on "Scan Settings"
- In the scan settings make that the following are selected:
"Scan using the following Anti-Virus database:"
"Extended" (if available otherwise "Standard")

- Scan Options:
"Scan Archives"
"Scan Mail Bases"

- Click "OK"

- Now under "select a target to scan" select "My Computer"
- The program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.

Next click on the "Save as Text" button:
- Save the file to your desktop.
- Copy and paste that information in your next post.

More DSS Logs!
- Click "start">select "run"
- Copy and paste the following:
"%userprofile%\desktop\dss.exe" /config
- This will open up DSS configuration
- click on Check All
- click Scan

DSS will now run again. When its finished please post back both logs in separate replies that open in notepad Main txt and extra txt.
  • 0

#12
geek08

geek08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi MichWasHere

I am physically located in Ireland, used Internet when in India too, not sure if this has anything to do with the Internet setting in India though.

Performed Kaspersky Online Scanner & here's the report for it:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, August 14, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, August 13, 2008 22:07:25
Records in database: 1090592
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 79755
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 03:14:29


File name / Threat name / Threats count
C:\Program Files\RealVNC\VNC4\vncclipboard.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.427 1

The selected area was scanned.


THERE WAS NO WAY OF DELETING THE ABOVE, DON'T REALLY USE VNC,THIS WAS DETECTED USING BITDEFENDER TOO, IGNORED IT, BUT NOW WILL PROBABLY UNINSTALL IT.

HERE'S THE MAIN.TXT LOG FROM DSS

Deckard's System Scanner v20071014.68
Run by Sapu on 2008-08-14 02:50:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
94: 2008-08-14 01:50:29 UTC - RP437 - Deckard's System Scanner Restore Point
93: 2008-08-13 16:38:52 UTC - RP436 - Software Distribution Service 3.0
92: 2008-08-13 01:15:59 UTC - RP435 - Software Distribution Service 3.0
91: 2008-08-12 23:20:33 UTC - RP434 - Deckard's System Scanner Restore Point
90: 2008-08-12 23:09:47 UTC - RP433 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-06-14 14:08:21 UTC - RP344 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Sapu.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:51:03, on 14/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Sapu\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Sapu.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=2061126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=2061126
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - http://ie.pixaco.com...codndupload.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1218237825406
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://193.120.94.25...activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB1AAA0A-693F-4794-B392-F13C8A9B0261}: NameServer = 203.145.184.13,202.56.250.5
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9159 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080812-234928-213 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080812-234928-433 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20080812-234928-699 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
backup-20080812-234928-714 O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - (no file)
backup-20080812-234928-892 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PQV2i - c:\windows\system32\drivers\pqv2i.sys <Not Verified; StorageCraft; V2i Protector>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 PQIMount - c:\windows\system32\drivers\pqimount.sys <Not Verified; PowerQuest Corporation; V2i Protector>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing)
S2 BDRSDRV - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
S3 BDFSDRV - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
S3 hwdatacard (Huawei DataCard USB Modem and USB Serial) - c:\windows\system32\drivers\ewusbmdm.sys (file missing)
S3 MEMSWEEP2 - c:\windows\system32\59.tmp (file missing)
S3 SBRE - c:\windows\system32\drivers\sbredrv.sys (file missing)
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)
S3 VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - c:\windows\system32\drivers\vmnetadapter.sys (file missing)
S3 w810bus (Sony Ericsson W810 Driver driver (WDM)) - c:\windows\system32\drivers\w810bus.sys (file missing)
S3 w810mdfl (Sony Ericsson W810 USB WMC Modem Filter) - c:\windows\system32\drivers\w810mdfl.sys (file missing)
S3 w810mdm (Sony Ericsson W810 USB WMC Modem Driver) - c:\windows\system32\drivers\w810mdm.sys (file missing)
S3 w810mgmt (Sony Ericsson W810 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\w810mgmt.sys (file missing)
S3 w810obex (Sony Ericsson W810 USB WMC OBEX Interface) - c:\windows\system32\drivers\w810obex.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BMUService (AutoBackup) - "c:\program files\memeo\autobackup\memeoservice.exe" <Not Verified; Memeo; AutoBackup>
R2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\svchost.exe (pid 3784)
2008-04-25 10:13:52 139264 --a------ C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll <Not Verified; S.C. BitDefender S.R.L; BitDefender 11>
2008-04-14 17:20:22 90112 --a------ C:\Program Files\BitDefender\BitDefender 2008\quarcore.dll <Not Verified; BitDefender S.R.L.; BitDefender 11>
2008-01-24 15:22:00 36864 --a------ C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\smartscn.dll <Not Verified; BitDefender; BitDefender>
2008-03-07 17:40:58 102400 --a------ C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_7363\bdcore.dll <Not Verified; BitDefender; >
2008-06-06 02:59:58 53248 --a------ C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_7363\avxdisk.dll

C:\WINDOWS\explorer.exe (pid 3480)
2002-07-04 09:38:00 53248 --a------ C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll
2006-09-14 01:20:24 126464 --a------ C:\Program Files\WinRAR\RarExt.dll
2007-12-14 16:46:48 155648 --a------ C:\Program Files\BitDefender\BitDefender 2008\bdshelxt.dll <Not Verified; BitDefender S.R.L; BDShellExt Module>
2007-11-23 14:25:34 77824 --a------ C:\Program Files\BitDefender\BitDefender 2008\BDUtils.dll <Not Verified; SOFTWIN S.R.L.; BitDefender 11>
2007-04-17 16:30:02 90112 --a------ C:\Program Files\BitDefender\BitDefender 2008\txmlx.dll <Not Verified; SOFTWIN S.R.L.; >
2006-01-02 07:58:38 14848 --a------ C:\Program Files\Notepad++\nppshellext.dll <Not Verified; Notepad++ team; Notepad++ Shell Extension>


-- Files created between 2008-07-14 and 2008-08-14 -----------------------------

2008-08-10 03:03:39 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-09 00:18:05 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-08-09 00:18:05 0 d-------- C:\Program Files\Belarc
2008-08-08 01:28:02 0 d-------- C:\Documents and Settings\Sapu\Application Data\Comodo
2008-08-08 01:28:00 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-08 01:27:47 0 d-------- C:\Program Files\COMODO
2008-08-08 00:57:12 0 d-------- C:\Program Files\Sophos
2008-08-08 00:54:56 0 d-------- C:\fsaua.data
2008-08-07 01:32:36 0 d-------- C:\WINDOWS\Prefetch
2008-08-07 00:49:32 0 d-------- C:\WINDOWS\system32\scripting
2008-08-07 00:49:31 0 d-------- C:\WINDOWS\l2schemas
2008-08-07 00:49:30 0 d-------- C:\WINDOWS\system32\en
2008-08-07 00:49:30 0 d-------- C:\WINDOWS\system32\bits
2008-08-07 00:46:39 0 d-------- C:\WINDOWS\ServicePackFiles
2008-08-07 00:35:45 0 d-------- C:\WINDOWS\EHome
2008-08-06 22:19:40 0 d-------- C:\Documents and Settings\Sapu\Application Data\Malwarebytes
2008-08-06 22:19:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-06 22:19:36 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-06 22:19:04 0 d-------- C:\Program Files\Common Files\Download Manager
2008-08-06 21:31:22 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-08-06 21:31:22 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-08-06 21:31:22 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-08-06 21:31:22 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-08-06 21:31:22 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-08-06 21:31:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-08-06 21:31:22 0 d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-08-06 21:31:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-08-06 21:31:21 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-08-06 21:31:21 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-08-06 21:31:21 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-08-06 21:31:21 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-08-06 21:31:21 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-08-06 21:31:21 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-08-06 21:31:21 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-08-06 21:31:21 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-08-06 21:31:20 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-08-06 20:57:44 0 d-------- C:\Program Files\Trend Micro
2008-08-06 20:46:13 0 d-------- C:\Program Files\XoftSpySE
2008-08-06 20:34:45 0 d-------- C:\Documents and Settings\Sapu\DoctorWeb
2008-08-06 14:14:40 0 d-------- C:\Program Files\Seagate
2008-08-06 02:09:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-05 15:02:46 0 d-------- C:\Documents and Settings\Sapu\Application Data\BitDefender
2008-08-05 15:01:41 0 d-------- C:\Program Files\BitDefender
2008-08-05 15:01:41 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-08-05 15:00:30 0 d-------- C:\Program Files\Common Files\BitDefender
2008-08-05 00:07:20 0 d-------- C:\Program Files\Common Files\xing shared
2008-08-04 18:08:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt
2008-08-04 18:07:37 0 d-------- C:\Documents and Settings\Sapu\Application Data\Sunbelt
2008-08-04 18:03:50 0 d-------- C:\Program Files\Sunbelt Software
2008-08-04 12:58:52 0 dr-h----- C:\Documents and Settings\Sapu\Recent
2008-08-04 02:31:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-03 17:22:09 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-08-03 17:21:58 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-08-03 17:19:52 0 d-------- C:\WINDOWS\Internet Logs
2008-08-01 23:17:11 0 d-------- C:\Documents and Settings\Sapu\Application Data\TVU Networks
2008-08-01 23:17:11 0 d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-08-01 23:16:55 0 d-------- C:\Documents and Settings\Sapu\LocalLow


-- Find3M Report ---------------------------------------------------------------

2008-08-14 02:50:37 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-08-13 17:42:20 0 d-------- C:\Program Files\Messenger
2008-08-13 00:06:14 0 d-------- C:\Program Files\Apple Software Update
2008-08-12 23:58:30 0 d-------- C:\Program Files\Java
2008-08-07 00:49:29 0 d-------- C:\Program Files\Movie Maker
2008-08-07 00:46:15 0 d-------- C:\Program Files\Windows NT
2008-08-06 22:19:04 0 d-------- C:\Program Files\Common Files
2008-08-06 14:16:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-05 23:40:58 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-05 00:07:37 0 d-------- C:\Documents and Settings\Sapu\Application Data\Real
2008-08-05 00:07:16 0 d-------- C:\Program Files\Common Files\Real
2008-08-05 00:06:52 0 d-------- C:\Program Files\Real
2008-08-05 00:05:59 0 d-------- C:\Program Files\Google
2008-07-26 23:21:50 0 d-------- C:\Documents and Settings\Sapu\Application Data\U3
2008-07-12 18:46:37 0 d-------- C:\Documents and Settings\Sapu\Application Data\Panasonic
2008-07-12 18:39:15 0 d-------- C:\Documents and Settings\Sapu\Application Data\ArcSoft
2008-07-10 13:25:11 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-07-10 13:23:10 0 d-------- C:\Program Files\ArcSoft
2008-06-17 14:57:26 0 d-------- C:\Program Files\AVG
2008-06-17 03:40:21 322 --a------ C:\Documents and Settings\Sapu\Application Data\wklnhst.dat
2008-05-31 00:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-31 00:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 23:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 23:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 23:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 23:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [22/09/2006 12:06 C:\WINDOWS\stsystra.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [10/05/2006 12:12]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [22/09/2006 12:47]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [19/12/2005 04:08]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19/01/2005 12:05]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [17/11/2006 05:49]
"BluetoothAuthenticationAgent"="bthprops.cpl" [14/04/2008 01:12 C:\WINDOWS\system32\bthprops.cpl]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [09/11/2004 10:41]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/08/2008 12:06]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09/10/2007 04:46]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [23/05/2008 07:16]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [18/01/2007 01:20]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/01/2008 04:27]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 11:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [17/12/2007 06:13]
"JustVoip"="C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" [03/01/2008 03:09]

C:\Documents and Settings\Sapu\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe [08/02/2007 05:38:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [26/11/2006 10:29:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
bdx scan
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - 112DEE41
*Newly Created Service* - B71860EB



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8940 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-14 02:58:31 ------------
  • 0

#13
geek08

geek08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi again

Here's the EXTRA.TXT LOG:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 X2 Mobile Technology TL-50
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 1406.04 MiB / 753.04 MiB
Pagefile Memory (total/avail): 2601.34 MiB / 1900.26 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1886.33 MiB

C: is Fixed (NTFS) - 71.44 GiB total, 11.06 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541680J9SA00 - 74.53 GiB - 3 partitions
\PARTITION0 - Unknown - 86.26 MiB
\PARTITION1 (bootable) - Installable File System - 71.44 GiB - C:
\PARTITION2 - Unknown - 3 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Sapu\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DESKTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Sapu
LOGONSERVER=\\DESKTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Sapu\LOCALS~1\Temp
TMP=C:\DOCUME~1\Sapu\LOCALS~1\Temp
USERDOMAIN=DESKTOP
USERNAME=Sapu
USERPROFILE=C:\Documents and Settings\Sapu
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Sapu (admin)
pradeep (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
926plc32 --> MsiExec.exe /I{B33E4C22-23EA-465F-BDFF-F9AE0FF364E0}
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ADSL USB Driver 2.0.1 --> "C:\Program Files\ADSL Router\unins000.exe"
AMD Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}\setup.exe" -l0x9
ATI Catalyst Control Center --> MsiExec.exe /I{AC6AE077-1566-4655-BE73-38A869C150DC}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATT 1.4 Engine Only (no voices) --> MsiExec.exe /I{30DC2AF9-7E3F-4172-B0E6-7D9B0676CFFA}
ATT Natural Voices version 1_4 Mike16 --> MsiExec.exe /I{1ED1683C-A2FD-40B4-8B06-360F7AA1F91B}
AutoBackup --> C:\Program Files\InstallShield Installation Information\{D6209782-BDE3-461A-81BC-D6BF0965E5F0}\setup.exe -runfromtemp -l0x0409
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BitDefender Total Security 2008 --> MsiExec.exe /I{E404EFD4-6110-413C-AD1A-D6D0F261960E}
Broadcom Management Programs --> MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
COMODO SafeSurf --> C:\Program Files\COMODO\SafeSurf\cssconfg.exe -u
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Dell Photo AIO Printer 922 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTUNST.EXE -NOLICENSE
Dell Support 3.2.1 --> MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dual-Core Optimizer --> MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
FreeAgent Pro Tools --> C:\Program Files\InstallShield Installation Information\{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}\setup.exe -runfromtemp -l0x0409
Google Earth --> MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JustVoip --> "C:\Program Files\JustVoip.com\JustVoip\unins000.exe"
Labtec WebCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF45F502-D3F2-4E7C-91D8-9AA5A8141D08}\setup.exe" -l0x9
Labtec® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Accounting 2007 --> "C:\Program Files\Microsoft Small Business\Small Business Accounting 2007\SetupBootstrap\Setup.exe" /remove {B0717D5A-1976-482B-9ADF-F19631A541A4}
Microsoft Office Accounting 2007 --> MsiExec.exe /X{B0717D5A-1976-482B-9ADF-F19631A541A4}
Microsoft Office Accounting ADP Payroll Addin --> MsiExec.exe /I{5FA793A6-0071-42C1-9355-8F69A428C44F}
Microsoft Office Accounting Equifax Addin --> MsiExec.exe /X{8C711818-076E-475C-B95B-DF11CD9D8DBE}
Microsoft Office Accounting Fixed Asset Manager --> MsiExec.exe /X{46614A49-222A-48EF-87A9-BFD603E608E1}
Microsoft Office Accounting PayPal Addin --> MsiExec.exe /X{353D20CC-719B-4A60-AD33-D03F88C10330}
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office OneNote 2003 --> MsiExec.exe /I{90A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{90CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NextUp.com-NeoSpeech Paul16 Voice --> MsiExec.exe /X{6A09FF5F-C19B-445A-98E5-23AD860493C3}
Norton Ghost 9.0 --> MsiExec.exe /X{3C759736-8347-4031-BB9C-D75ADFE6B101}
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
ReadPlease 2003/ReadPlease PLUS 2003 --> "C:\Program Files\ReadPlease 2003\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type31843 / Error
Event Submitted/Written: 08/14/2008 02:56:54 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type31842 / Error
Event Submitted/Written: 08/14/2008 02:52:28 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type31841 / Error
Event Submitted/Written: 08/14/2008 02:51:58 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Event Record #/Type31840 / Error
Event Submitted/Written: 08/14/2008 02:51:41 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type31839 / Error
Event Submitted/Written: 08/14/2008 02:51:25 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type256907 / Error
Event Submitted/Written: 08/13/2008 09:07:18 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
szkg

Event Record #/Type256905 / Error
Event Submitted/Written: 08/13/2008 09:07:10 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The BDRSDRV service failed to start due to the following error:
%%3

Event Record #/Type256870 / Error
Event Submitted/Written: 08/13/2008 08:45:24 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
szkg

Event Record #/Type256869 / Error
Event Submitted/Written: 08/13/2008 08:45:09 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The BDRSDRV service failed to start due to the following error:
%%3

Event Record #/Type256856 / Error
Event Submitted/Written: 08/13/2008 05:40:30 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: OneNote 2003 Service Pack 3 (SP3).



-- End of Deckard's System Scanner: finished at 2008-08-14 02:58:31 ------------

MY INTERNET EXPLORER IS STILL NOT WORKING & MOZILLA TAKES A MINUTE OR TWO TO OPEN UP, HOPEFULLY EVERYTHING WILL BE SORTED..APPRECIATE ALL UR HELP & THANKS AGAIN.... :)
  • 0

#14
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Hi again :)

Don't worry about VNC. The program isn't a virus.

India/Ireland thing
You have a setting that was left over from using the internet in India. It can slow down your browsing.

Re-open HiJackThis and scan. Check the boxes next to all the entries listed below:
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB1AAA0A-693F-4794-B392-F13C8A9B0261}: NameServer = 203.145.184.13,202.56.250.5

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

That should be it, let me know how things are running for you and we can finish up :)
  • 0

#15
geek08

geek08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi there

Thanks a lot for all your time & help in resolving my problem but, as mentioned in my earlier responses still have couple of problems even after fixing the recent Hijackthis u asked me to do, they are: Internet Explorer still not working & about the file extensions..it doesn't really matter but it's a bit confusing & annoying to see all the file extensions beside every file on my laptop(which only happened while doing one of the processes to fix slow keyboard response problem).

Now that I know for sure that there is no virus/malware/rootkit problem I will probably format it & start fresh again & also planning to buy a Antivirus program, would be great if you can suggest me the best antivirus & anti-spyware/malware programs...(Have gone though the antivirus/anti spyware programs in the forum of this website but they don't look like latest ones with upto-date software.)

If you can get back to me with the above minor issues, hopefully won't bother u & we can finish up like u said.. :)

Thanks a Million.. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP