Computer shutting down after SP3 [RESOLVED]

Removed double post

Edited by ColtsFan18, 23 May 2008 - 08:11 PM.

Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Kaspersky Log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 22, 2008 8:40:06 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/05/2008
Kaspersky Anti-Virus database records: 796077
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 67114
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 01:27:40

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Acid\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Microsoft\Speech\Files\UserLexicons\SP_B8CD2F3F57524C48B7D0B1C2334B7DBD.dat Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\pluginreg.dat Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\bookmarkbackups\bookmarks-2007-08-12.html Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\bookmarkbackups\bookmarks-2007-08-13.html Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\bookmarks.bak Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\bookmarks.html Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\cert8.db Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\chrome\userChrome-example.css Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\chrome\userContent-example.css Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\compatibility.ini Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\compreg.dat Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\cookies.txt Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\downloads.rdf Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}\chrome\fasterfox.jar Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}\chrome.manifest Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}\defaults\preferences\fasterfox.js Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}\install.rdf Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}\readme.txt Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\extensions.cache Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\extensions.ini Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\extensions.rdf Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\history.dat Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\hostperm.1 Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\key3.db Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\localstore.rdf Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\mimeTypes.rdf Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\prefs.js Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\search.rdf Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\secmod.db Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\xpti.dat Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Mozilla\Firefox\profiles.ini Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Roxio\PlayList\$CD D Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Roxio\PlayList\$CD E Object is locked skipped
C:\Documents and Settings\Acid\Application Data\Roxio\PlayList\$CD F Object is locked skipped
C:\Documents and Settings\Acid\Cookies\acid@microsoft[1].txt Object is locked skipped
C:\Documents and Settings\Acid\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Acid\Cookies\acid@yahoo[2].txt Object is locked skipped
C:\Documents and Settings\Acid\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Acid\Desktop\cursorus.exe Object is locked skipped
C:\Documents and Settings\Acid\Desktop\setupeng.exe Object is locked skipped
C:\Documents and Settings\Acid\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Acid\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Acid\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Acid\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Acid\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Acid\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Microsoft\Speech\Files\MSASR\SP_03FA82D357544772851BA39A566F57C2.dat Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Microsoft\Speech\Files\MSASR\SP_2B514A245F8F43608E493E551A044309.dat Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Microsoft\Speech\Files\MSASR\SP_3D638A7EB1B7429C83E6A42B4458C8CD.dat Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Microsoft\Speech\Files\MSASR\SP_C6E1E8A073A04316BD1C9ABF11437E37.dat Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\05D201C9d01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\1B19F039d01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\2E7EF399d01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\498821F9d01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\4E47EF4Ad01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\55D0CD94d01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\5CDEB9B4d01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\623AF792d01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\69771193d01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\80439DF7d01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\95E77A8Ad01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\9C646330d01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\9E59B9F3d01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\A20E39EBd01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\A20E39ECd01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\B9B5091Fd01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\C2BF9C13d01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\C3290CDCd01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\D0F693FDd01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\D194405Ad01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\D85E5A9Fd01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\D981D603d01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\E0DC7D74d01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\F9847BACd01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\FC0A5DCAd01 Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\XPC.mfl Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Mozilla\Firefox\Profiles\nm5n8sdg.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Roxio\D2DCmdLog_D.log Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Application Data\Roxio\D2DCmdLog_F.log Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temp\jusched.log Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\arrowsquare[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\arrow[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\au_bg_leftbottom[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\au_button_middle[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\banner-bg[1].jpg Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\content[1].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\content[2].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\CSC3-2004[1].crl Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\failed-lg[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\hdr_finish_left[1].jpg Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\icon.plus[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\mu_getstarted-part1top_ltr[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\mu_getstarted-part2bottom_ltr[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\mu_getstarted-part2middle_ltr[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\news_bg_leftbottom[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\news_bg_rightmiddle[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\news_info[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\redirect[1].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\resultslist[1].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\tgar[1].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\toc[1].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\update_webtrends[1].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\wsus3setup[1].cab Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\wuapi_en[1].cab Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\wuaueng[1].cab Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\H4VLADMO\wups[1].cab Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\au_bg_lefttop[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\au_button_right[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\au_shieldyellow[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\content[1].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\content[2].css Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\content[2].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\info_icon[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\mu_getstarted-center[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\news[1].aspx Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\news_bg_bottommiddle[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\news_bg_lefttop[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\news_bg_righttop[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\pca3[1].crl Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\remaining-sm[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\spupdateids[1].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\success-sm[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\tgar[1].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\tgar[2].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\welcome-bg[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\windows_masthead_ltr[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\wuapi[1].cab Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\wuaucpl_en[1].cab Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\wucltui_en[1].cab Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\wuident[1].cab Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\SXNAZGHP\wuweb_site[1].cab Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\au_bg_bottommiddle[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\au_bg_leftmiddle[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\au_bg_rightmiddle[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\au_shieldred[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\banner-right[1].jpg Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\commontop[1].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\content[1].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\hdr_welcome[1].jpg Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\InstallStatus[1].aspx Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\mu_getstarted-part1middle_ltr[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\mu_getstarted-part2top_ltr[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\news_bg_leftmiddle[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\news_bg_rightbottom[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\success-lg[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\tgar[1].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\tgar[2].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\tgar[3].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\tgar[4].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\toc[2].css Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\windowsupdate.microsoft[1] Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\WinIntPCA[1].crl Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\wuauclt[1].cab Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\wuaueng_en[1].cab Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\UOKSWNAF\wups2[1].cab Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\au_bg_rightbottom[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\au_bg_righttop[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\au_button_left[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\au_shieldgreen[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\blank[1].aspx Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\broker[1].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\cdm[1].cab Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\content[1].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\content[2].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\failed-sm[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\favicon[1].ico Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\hcp[2].css Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\mu_getstarted-part1bottom_ltr[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\news_bg_topmiddle[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\redirect[1].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\remaining-lg[1].gif Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\SiteRecruit_PageConfiguration_2944mt-WU[1].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\tgar[1].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\tgar[2].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\webcomtop[1].js Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\welcome-right[1].jpg Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\wuaucpl[1].cab Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\wucltui[1].cab Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\Content.IE5\XV20729D\wuredir[1].cab Object is locked skipped
C:\Documents and Settings\Acid\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\My Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\Acid\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Acid\ntuser.dat Object is locked skipped
C:\Documents and Settings\Acid\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Acid\ntuser.ini Object is locked skipped
C:\Documents and Settings\Acid\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Acid\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Acid\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Acid\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Acid\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Acid\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Acid\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Acid\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Acid\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Acid\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Acid\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Acid\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Acid\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Acid\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Acid\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Acid\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Acid\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\Acid\UserData\E9E7GP85\oWindowsUpdate[1].xml Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prism\64240ff1 Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mrs. Way\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mrs. Way\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mrs. Way\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mrs. Way\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mrs. Way\Local Settings\Temp\~DFEBB1.tmp Object is locked skipped
C:\Documents and Settings\Mrs. Way\Local Settings\Temp\~DFEC37.tmp Object is locked skipped
C:\Documents and Settings\Mrs. Way\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mrs. Way\My Documents\My Music\Balzac - Graveyard Instrumental.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Documents and Settings\Mrs. Way\My Documents\My Music\Cavalry Kids - Milkshake.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Documents and Settings\Mrs. Way\My Documents\My Music\crazy angel kill hannah.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Documents and Settings\Mrs. Way\ntuser.dat Object is locked skipped
C:\Documents and Settings\Mrs. Way\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{033731A8-3000-4E98-A79D-D87208C4D313}\RP205\A0275717.exe Infected: not-a-virus:PSWTool.Win32.FirePass.a skipped
C:\System Volume Information\_restore{033731A8-3000-4E98-A79D-D87208C4D313}\RP244\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7DCA4E1C-E773-4A8B-8C0F-DBAE0F1553EF}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

DSS Scan log:

Deckard's System Scanner v20071014.68
Run by Mrs. Way on 2008-05-24 11:26:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
80: 2008-05-24 16:26:54 UTC - RP246 - Deckard's System Scanner Restore Point
79: 2008-05-24 01:21:01 UTC - RP245 - Software Distribution Service 3.0
78: 2008-05-21 21:46:07 UTC - RP244 - Software Distribution Service 3.0
77: 2008-05-21 02:04:51 UTC - RP243 - Software Distribution Service 3.0
76: 2008-05-21 01:57:50 UTC - RP242 - Installed Driver Detective


-- First Restore Point --
1: 2008-02-26 15:51:22 UTC - RP167 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Mrs. Way.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:01 AM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\essspk.exe
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE
C:\WINDOWS\system32\PRISMS~1.EXE
C:\Program Files\KatMouse\KatMouse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mrs. Way\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Mrs. Way.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myspace....fuseaction=user
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myspace....fuseaction=user
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {19513DF3-F2B0-40DD-92F1-75E4E99615EA} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53ecbf88-d11d-4acb-8cfa-61c4d9ab64e6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - Startup: Epson all-in-one Registration.lnk = E:\Titles\Ereg\EPSONREG.EXE
O4 - Startup: KatMouse.lnk = C:\Program Files\KatMouse\KatMouse.exe
O4 - Global Startup: 2Wire Wireless Client.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1186985320856
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 5316 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080518-172129-934 R3 - Default URLSearchHook is missing

-- File Associations -----------------------------------------------------------

.js - unable to read key
.js - unable to read key
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 CDRPDACC (Arrowkey Device Access) - c:\program files\321studios\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S2 aswFsBlk - c:\windows\system32\drivers\aswfsblk.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: RADEON 9200 SE Family (Microsoft Corporation)
Device ID: PCI\VEN_1002&DEV_5964&SUBSYS_7C26174B&REV_01\4&2FCD0AE0&0&0008
Manufacturer: ATI Technologies Inc.
Name: RADEON 9200 SE Family (Microsoft Corporation)
PNP Device ID: PCI\VEN_1002&DEV_5964&SUBSYS_7C26174B&REV_01\4&2FCD0AE0&0&0008
Service: ati2mtag

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: RADEON 9200 SE SEC Family (Microsoft Corporation)
Device ID: PCI\VEN_1002&DEV_5D44&SUBSYS_7C27174B&REV_01\4&2FCD0AE0&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON 9200 SE SEC Family (Microsoft Corporation)
PNP Device ID: PCI\VEN_1002&DEV_5D44&SUBSYS_7C27174B&REV_01\4&2FCD0AE0&0&0108
Service: ati2mtag

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_01E2A0A0&REV_10\3&18D45AA6&0&28
Manufacturer: Realtek
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_01E2A0A0&REV_10\3&18D45AA6&0&28
Service: rtl8139

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_31041106&REV_82\3&18D45AA6&0&83
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_31041106&REV_82\3&18D45AA6&0&83
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP


-- Scheduled Tasks -------------------------------------------------------------

2008-05-24 10:25:24 454 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-04-13 03:30:00 408 --a------ C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
2008-02-18 17:12:27 368 --a------ C:\WINDOWS\Tasks\XoftSpySE.job


-- Files created between 2008-04-24 and 2008-05-24 -----------------------------

2008-05-23 20:21:17 0 d-------- C:\Program Files\KatMouse
2008-05-22 18:46:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-22 18:46:00 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-20 20:58:09 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-05-20 20:58:09 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-05-20 19:15:20 0 d-------- C:\Program Files\Avira
2008-05-20 19:15:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-20 17:28:12 0 d-------- C:\Program Files\Panda Security
2008-05-20 17:26:31 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-20 17:26:21 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-20 17:26:21 0 d-------- C:\Documents and Settings\Mrs. Way\Application Data\SUPERAntiSpyware

Hello

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [kill explorer]
  C:\Documents and Settings\Mrs. Way\My Documents\My Music\Balzac - Graveyard Instrumental.mp3
  C:\Documents and Settings\Mrs. Way\My Documents\My Music\Cavalry Kids - Milkshake.mp3 
  C:\Documents and Settings\Mrs. Way\My Documents\My Music\crazy angel kill hannah.mp3
  purity 
  [start explorer]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {19513DF3-F2B0-40DD-92F1-75E4E99615EA} - (no file)
O2 - BHO: (no name) - {53ecbf88-d11d-4acb-8cfa-61c4d9ab64e6} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Reboot and post a new DSS log

OT Log

Explorer killed successfully
C:\Documents and Settings\Mrs. Way\My Documents\My Music\Balzac - Graveyard Instrumental.mp3 moved successfully.
C:\Documents and Settings\Mrs. Way\My Documents\My Music\Cavalry Kids - Milkshake.mp3 moved successfully.
C:\Documents and Settings\Mrs. Way\My Documents\My Music\crazy angel kill hannah.mp3 moved successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05242008_151015

OK, new DSS log forthcoming. When I went to reboot I got the BSOD, here is what it said:

Page_fault_in_nonpaged_area

Technical Info:

***Stop: 0x00000050 (0VF66CB4BC, 0X00000000, 0X8056E2EA, 0X00000002)
Here is the DSS Log:

Deckard's System Scanner v20071014.68
Run by Mrs. Way on 2008-05-24 15:19:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Mrs. Way.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:30 PM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\KatMouse\KatMouse.exe
C:\WINDOWS\system32\PRISMS~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mrs. Way\My Documents\Protection and scanners\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MRSWAY~1.EXE
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myspace....fuseaction=user
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myspace....fuseaction=user
O2 - BHO: (no name) - {53ecbf88-d11d-4acb-8cfa-61c4d9ab64e6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Startup: Epson all-in-one Registration.lnk = E:\Titles\Ereg\EPSONREG.EXE
O4 - Startup: KatMouse.lnk = C:\Program Files\KatMouse\KatMouse.exe
O4 - Global Startup: 2Wire Wireless Client.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1186985320856
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 5143 bytes

-- Files created between 2008-04-24 and 2008-05-24 -----------------------------

2008-05-23 20:21:17 0 d-------- C:\Program Files\KatMouse
2008-05-22 18:46:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-22 18:46:00 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-20 20:58:09 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-05-20 20:58:09 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-05-20 19:15:20 0 d-------- C:\Program Files\Avira
2008-05-20 19:15:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-20 17:28:12 0 d-------- C:\Program Files\Panda Security
2008-05-20 17:26:31 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-20 17:26:21 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-20 17:26:21 0 d-------- C:\Documents and Settings\Mrs. Way\Application Data\SUPERAntiSpyware.com
2008-05-20 17:22:34 0 d-------- C:\Documents and Settings\Mrs. Way\Application Data\Malwarebytes
2008-05-20 17:22:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-20 17:22:27 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-20 17:22:10 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-18 17:46:25 0 d--hs---- C:\WINDOWS\CSC
2008-05-18 17:02:23 0 dr-h----- C:\Documents and Settings\Administrator\Application Data\yahoo!
2008-05-18 13:33:51 0 d-------- C:\Documents and Settings\Mrs. Way\Application Data\Uniblue
2008-05-17 15:19:16 0 d-------- C:\Documents and Settings\Mrs. Way\.housecall6.6
2008-05-17 13:05:30 0 d-------- C:\Program Files\Trend Micro
2008-05-17 12:42:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-17 12:28:15 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-17 12:28:15 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-17 12:28:15 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-17 12:28:15 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-17 12:28:15 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-17 12:28:15 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-17 12:28:15 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-17 12:28:15 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-17 12:28:15 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-17 12:28:15 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-17 12:28:15 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-17 12:28:15 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-05-17 12:28:15 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-17 12:28:15 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-16 15:59:17 0 d-------- C:\fcb81ac830e2c82af5ea46d7f2
2008-05-11 21:24:42 0 d-------- C:\WINDOWS\Prefetch
2008-05-11 19:33:53 0 d-------- C:\WINDOWS\system32\scripting
2008-05-11 19:33:52 0 d-------- C:\WINDOWS\l2schemas
2008-05-11 19:33:51 0 d-------- C:\WINDOWS\system32\en
2008-05-11 19:27:52 0 d-------- C:\WINDOWS\network diagnostic


-- Find3M Report ---------------------------------------------------------------

2008-05-21 16:49:10 0 d-------- C:\Program Files\Messenger
2008-05-20 17:28:13 2570 --a------ C:\WINDOWS\mozver.dat
2008-05-20 17:25:40 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-20 17:22:10 0 d-------- C:\Program Files\Common Files
2008-05-18 17:56:46 0 d-------- C:\Program Files\EA GAMES
2008-05-18 17:27:28 76920 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-05-18 17:04:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-16 18:41:18 0 d-------- C:\Program Files\XoftSpySE
2008-05-15 19:44:31 0 d-------- C:\Program Files\LimeWire
2008-05-11 21:13:19 0 d-------- C:\Program Files\Movie Maker
2008-05-11 21:05:41 4096 --a------ C:\WINDOWS\system32\crash
2008-04-20 13:24:39 0 d-------- C:\Documents and Settings\Mrs. Way\Application Data\MySpace
2008-04-20 13:24:34 0 d-------- C:\Program Files\MySpace
2008-04-19 13:46:41 0 d-------- C:\Program Files\Disney
2008-04-15 21:40:52 0 d-------- C:\Documents and Settings\Mrs. Way\Application Data\LimeWire
2008-04-13 19:12:36 7680 --a------ C:\WINDOWS\system32\spdwnwxp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 21:55:13 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-04-07 21:55:05 0 d-------- C:\Program Files\Sonic
2008-04-06 13:56:46 0 d-------- C:\Documents and Settings\Mrs. Way\Application Data\Sonic
2008-04-06 13:56:42 56 --ahs---- C:\redir.sys
2008-04-06 13:56:35 0 d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2008-04-06 13:51:49 0 d-------- C:\Program Files\Common Files\Sonic
2008-03-28 03:01:58 0 d-------- C:\Program Files\Windows Live
2008-03-26 19:02:05 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-26 18:49:18 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-26 00:03:49 599 --a------ C:\WINDOWS\eReg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53ecbf88-d11d-4acb-8cfa-61c4d9ab64e6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [01/04/2008 03:54 AM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 01:01 AM]
"SoundMan"="SOUNDMAN.EXE" [08/15/2003 02:34 AM C:\WINDOWS\SOUNDMAN.EXE]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [05/20/2008 07:22 PM]
"EssSpkPhone"="essspk.exe" [05/31/2002 10:34 AM C:\WINDOWS\essspk.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc




-- End of Deckard's System Scanner: finished at 2008-05-24 15:20:51 ------------

Your logs are clean

• Make sure you have an Internet Connection.
• Double-click OTMoveIt2.exe to run it.
• Click on the CleanUp! button
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
• Click Yes to beging the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here




Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html




Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

OK, I have done all of this, but I'm now back to the same problem. Once I reboot the system suddenly shuts down after the Display Drivers reinstall. Here is the original thread where the issue is described in detail:

http://www.geekstogo...ns-t198629.html

Also, why would I now be getting the BSOD when I reboot. The machine starts the shut down process, then the blue screen pops up and I have to turn it off at the back of the tower. This is a new development.

It's not malware related so the tech guys in Windows XP forum are going to have to help you with it

More than likely it is hardware/software related

Anything else ?

Nope, that'll do it, thanks again for all your help

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.