Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help With Malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 boltactionbob

boltactionbob

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 09 April 2008 - 11:59 AM

Hi

A few days ago i downloaded a program which infected my computer. i was using avast anti virus and windows defender. avast caught a virus and i thought nothing more of this until it started affecting my pc. every so often popups (which are obviously fake) keep appearing saying i need to download new updates for something. my internet explorer occasionally just opens loads of tabs which are advertisments and ie is also running very slowly (firefox isnt though). i have run avast and avg antivirus, and windows defender and ad-aware scans which have found some other problems but not stopped the problem described. Also i cannot access the task manager as when i right-click on the taskbar it is greyed out.

Below are the extra.txt and main.txt logs.



main.txt

Deckard's System Scanner v20071014.68
Run by Robbie on 2008-04-09 16:09:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
7: 2008-04-09 12:55:11 UTC - RP357 - Installed Ad-Aware 2007
6: 2008-04-08 13:09:27 UTC - RP356 - Scheduled Checkpoint
5: 2008-04-07 10:52:46 UTC - RP355 - Removed Tom Clancy's Rainbow Six Vegas
4: 2008-04-06 22:42:34 UTC - RP353 - Windows Defender Checkpoint
3: 2008-04-06 18:43:42 UTC - RP351 - Scheduled Checkpoint


-- First Restore Point --
1: 2008-04-04 18:58:43 UTC - RP349 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 1022 MiB (1024 MiB recommended).


-- HijackThis (run as Robbie.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:35:32, on 09/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\japqlkzm\hixonkjs.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Windows\System32\vmxypqjs.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Robbie\Desktop\dss.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\vmxypqjs.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msfeedssync.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Robbie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bebo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: vnbptxlf - {9620B51A-BAB2-4FF5-8BB7-45C2C5510777} - C:\Windows\vnbptxlf.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\pmnoNgHX.dll,#1
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [rhcyusfg] C:\Windows\system32\vmxypqjs.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Robbie\AppData\Local\Temp\vtUlMdeB.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Robbie\AppData\Local\Temp\geBstrol.dll,#1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [54decdd7] rundll32.exe "C:\Users\Robbie\AppData\Local\Temp\vtqifctp.dll",b
O4 - HKLM\..\Policies\Explorer\Run: [2dWY2wICLM] C:\ProgramData\japqlkzm\hixonkjs.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.lyricsplugin.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15035/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8889 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:

Class GUID:
Description:
Device ID: ACPI\PNPB006\3&2411E6FE&0
Manufacturer:
Name:
PNP Device ID: ACPI\PNPB006\3&2411E6FE&0
Service:

Class GUID: {b66d4226-0ec7-0971-2cad-320759cd5748}
Description: tessezby device ...
Device ID: ROOT\TESSEZBY\0000
Manufacturer:
Name: tessezby device ...
PNP Device ID: ROOT\TESSEZBY\0000
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-04-09 16:35:32 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{8C55FA2F-3C98-49A0-8FB7-6788250266BF}.job


-- Files created between 2008-03-09 and 2008-04-09 -----------------------------

2008-04-09 13:56:17 0 d-------- C:\Program Files\Lavasoft
2008-04-09 13:35:46 0 d-------- C:\Program Files\Trend Micro
2008-04-06 18:03:56 188416 --a------ C:\Windows\qdnkewfa.dll
2008-04-06 18:03:43 4096 --a------ C:\Windows\userconfig9x.dll
2008-04-06 18:03:43 4096 --a------ C:\Windows\system32winlogonpc.exe
2008-04-06 18:03:43 4096 --a------ C:\Windows\system32taack.exe
2008-04-06 18:03:43 4096 --a------ C:\Windows\system32taack.dat
2008-04-06 18:03:43 4096 --a------ C:\Windows\system32ssurf022.dll
2008-04-06 18:03:43 4096 --a------ C:\Windows\system32sncntr.exe
2008-04-06 18:03:43 0 d-------- C:\Windows\system32smp
2008-04-06 18:03:43 4096 --a------ C:\Windows\system32psoft1.exe
2008-04-06 18:03:43 4096 --a------ C:\Windows\system32psof1.exe
2008-04-06 18:03:43 4096 --a------ C:\Windows\system32ps1.exe
2008-04-06 18:03:43 4096 --a------ C:\Windows\system32mwin32.exe
2008-04-06 18:03:43 4096 --a------ C:\Windows\system32msnbho.dll
2008-04-06 18:03:43 4096 --a------ C:\Windows\system32medup020.dll
2008-04-06 18:03:43 4096 --a------ C:\Windows\system32medup012.dll
2008-04-06 18:03:43 4096 --a------ C:\Windows\system32hxiwlgpm.exe
2008-04-06 18:03:43 4096 --a------ C:\Windows\system32hxiwlgpm.dat
2008-04-06 18:03:43 4096 --a------ C:\Windows\system32hoproxy.dll
2008-04-06 18:03:43 4096 --a------ C:\Windows\system32bsva-egihsg52.exe
2008-04-06 18:03:43 4096 --a------ C:\Windows\iTunesMusic.exe
2008-04-06 18:03:43 4096 --a------ C:\Windows\FVProtect.exe
2008-04-06 18:03:43 4096 --a------ C:\Windows\a.bat
2008-04-06 18:03:43 0 d-------- C:\Users\Robbie\Desktopvirii
2008-04-06 18:03:42 4096 --a------ C:\Windows\system32temp#01.exe
2008-04-06 18:03:42 4096 --a------ C:\Windows\system32ssvchost.exe
2008-04-06 18:03:42 4096 --a------ C:\Windows\system32ssvchost.com
2008-04-06 18:03:42 4096 --a------ C:\Windows\system32regm64.dll
2008-04-06 18:03:42 4096 --a------ C:\Windows\system32regc64.dll
2008-04-06 18:03:42 4096 --a------ C:\Windows\system32netode.exe
2008-04-06 18:03:42 4096 --a------ C:\Windows\system32mtr2.exe
2008-04-06 18:03:42 4096 --a------ C:\Windows\system32msvchost.exe
2008-04-06 18:03:42 4096 --a------ C:\Windows\system32msgp.exe
2008-04-06 18:03:42 4096 --a------ C:\Windows\system32h@tkeysh@@k.dll
2008-04-06 18:03:42 4096 --a------ C:\Windows\system32dpcproxy.exe
2008-04-06 18:03:41 4096 --a------ C:\Windows\winsystem.exe
2008-04-06 18:03:41 4096 --a------ C:\Windows\system32WINWGPX.EXE
2008-04-06 18:03:41 4096 --a------ C:\Windows\system32winsystem.exe
2008-04-06 18:03:41 4096 --a------ C:\Windows\system32vcatchpi.dll
2008-04-06 18:03:41 4096 --a------ C:\Windows\system32vbsys2.dll
2008-04-06 18:03:41 4096 --a------ C:\Windows\system32thun32.dll
2008-04-06 18:03:41 4096 --a------ C:\Windows\system32thun.dll
2008-04-06 18:03:41 4096 --a------ C:\Windows\system32sysreq.exe
2008-04-06 18:03:41 4096 --a------ C:\Windows\system32Rundl1.exe
2008-04-06 18:03:41 4096 --a------ C:\Windows\system32newsd32.exe
2008-04-06 18:03:41 4096 --a------ C:\Windows\system32mssecu.exe
2008-04-06 18:03:41 4096 --a------ C:\Windows\system32emesx.dll
2008-04-06 18:03:41 4096 --a------ C:\Windows\system32bdn.com
2008-04-06 18:03:41 4096 --a------ C:\Windows\system32awtoolb.dll
2008-04-06 18:03:41 4096 --a------ C:\Windows\system32anticipator.dll
2008-04-06 18:03:41 4096 --a------ C:\Windows\system32akttzn.exe
2008-04-06 18:03:41 4096 --a------ C:\Windows\mssecu.exe
2008-04-06 18:03:41 0 d-------- C:\Windows\mslagent
2008-04-06 18:03:41 4096 --a------ C:\Windows\bdn.com
2008-04-06 18:03:41 4096 --a------ C:\Users\Robbie\DesktopFWebdEditor.exe
2008-04-06 18:03:41 4096 --a------ C:\Users\Robbie\Desktopfwebd.exe
2008-04-06 18:03:41 4096 --a------ C:\Users\Robbie\Desktopfilemanagerclient.exe
2008-04-06 18:03:34 110592 --a------ C:\Windows\system32\vmxypqjs.exe
2008-04-06 18:03:15 37376 --a------ C:\Windows\system32\pmnoNgHX.dll
2008-04-06 17:41:15 0 d-------- C:\Program Files\Penguins Arena
2008-03-17 23:00:34 0 d-------- C:\Windows\system32\AGEIA
2008-03-17 23:00:31 0 d-------- C:\Program Files\AGEIA Technologies
2008-03-17 22:57:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-16 14:45:56 0 d-------- C:\Program Files\DSA Theory Test


-- Find3M Report ---------------------------------------------------------------

2008-04-08 16:42:36 0 d-------- C:\Users\Robbie\AppData\Roaming\WinRAR
2008-04-08 16:39:55 0 d-------- C:\Users\Robbie\AppData\Roaming\uTorrent
2008-04-08 14:36:50 0 d-------- C:\Users\Robbie\AppData\Roaming\Grisoft
2008-04-08 12:15:33 0 d-------- C:\Program Files\Alwil Software
2008-04-07 11:55:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-02 15:54:50 0 d-------- C:\Users\Robbie\AppData\Roaming\Vso
2008-03-24 18:47:01 128 --a------ C:\Users\Robbie\AppData\Roaming\ezplay.ini
2008-03-24 18:29:05 0 d-------- C:\Program Files\Ubisoft
2008-03-24 18:24:27 0 d-------- C:\Program Files\Sierra
2008-03-17 22:57:45 0 d-------- C:\Program Files\Common Files
2008-03-16 14:57:57 0 d-------- C:\Users\Robbie\AppData\Roaming\TSO
2008-03-07 21:10:21 0 d-------- C:\Program Files\uTorrent
2008-03-07 21:07:59 0 d-------- C:\Program Files\Java
2008-02-27 21:55:38 0 d-------- C:\Program Files\Microsoft Expression
2008-02-27 21:31:02 0 d-------- C:\Program Files\Microsoft Works
2008-02-27 21:30:23 0 d-------- C:\Program Files\MSBuild
2008-02-27 21:24:43 0 d-------- C:\Program Files\Microsoft.NET
2008-02-27 21:20:59 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-19 16:41:14 1 --a------ C:\Windows\system32\SI.bin
2008-02-17 00:04:48 0 d-------- C:\Users\Robbie\AppData\Roaming\Adobe
2008-02-17 00:01:40 0 --a------ C:\Windows\nsreg.dat
2008-02-17 00:01:36 0 d-------- C:\Users\Robbie\AppData\Roaming\Mozilla
2008-02-15 15:28:45 0 dr-h----- C:\Users\Robbie\AppData\Roaming\SecuROM
2008-01-17 16:52:54 772 --a------ C:\Windows\eReg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [02/11/2006 13:32]
"SoundMan"="SOUNDMAN.EXE" [09/03/2007 16:28 C:\Windows\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 06:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [22/05/2006 13:26]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 20:51]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [11/12/2007 18:06]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [11/12/2007 18:06]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [11/12/2007 18:06]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 01:47]
"MSServer"="C:\Windows\system32\pmnoNgHX.dll" [06/04/2008 18:03]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 18:37]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:34]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [17/07/2007 11:03]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [17/11/2006 10:42]
"rhcyusfg"="C:\Windows\system32\vmxypqjs.exe" [06/04/2008 18:03]
"cmds"="C:\Users\Robbie\AppData\Local\Temp\vtUlMdeB.dll,c" []
"MSServer"="C:\Users\Robbie\AppData\Local\Temp\geBstrol.dll,#1" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 13:33]
"54decdd7"="C:\Users\Robbie\AppData\Local\Temp\vtqifctp.dll,b" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [02/09/2007 15:01:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"ConsentPromptBehaviorUser"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"2dWY2wICLM"=C:\ProgramData\japqlkzm\hixonkjs.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8E1BFC0E-8AD2-424D-AC8A-06038481516E}"= C:\Windows\system32\pmnoNgHX.dll [06/04/2008 18:03 37376]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef9b0c4c-1db1-11dc-b1de-806e6f6e6963}]
AutoRun\command- D:\autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-09 16:37:33 ------------




extra.txt


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6000)
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 1021.53 MiB / 474.67 MiB
Pagefile Memory (total/avail): 2296.74 MiB / 1385.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1903.65 MiB

C: is Fixed (NTFS) - 152.66 GiB total, 93.75 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L160P0 ATA Device - 152.66 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 152.66 GiB - C:

\\.\PHYSICALDRIVE1 - Brother DCP-115C USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1169 [VPS 080409-0] v4.8.1169 (ALWIL Software)
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Outdated
AS: avast! antivirus 4.8.1169 [VPS 080409-0] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Robbie\AppData\Roaming
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ROBBIE-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Robbie
LOCALAPPDATA=C:\Users\Robbie\AppData\Local
LOGONSERVER=\\ROBBIE-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 43 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2b01
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Robbie\AppData\Local\Temp
TMP=C:\Users\Robbie\AppData\Local\Temp
USERDOMAIN=Robbie-PC
USERNAME=Robbie
USERPROFILE=C:\Users\Robbie
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Robbie
Dad


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /l0x0009
--> MsiExec /X{82D8304F-73D7-4EE6-8472-D0684BAA2865}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v7.05.06 --> MsiExec.exe /X{82D8304F-73D7-4EE6-8472-D0684BAA2865}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Auto Gordian Knot 2.45 --> C:\Program Files\AutoGK\uninst.exe
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
BlindWrite 6 --> "C:\Program Files\VSO\BlindWrite6\unins000.exe"
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D24DDB61-8868-46CF-BC36-BECC1674F0C1}\SETUP.EXE" -l0x9 /remove
DSA Theory Test --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{79D1BA4A-BEB4-4357-A431-C3EF58E72E6C}
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD43 v3.9.0 --> "C:\Program Files\dvd43\unins000.exe"
EAX4 Unified Redist --> MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
Football Manager 2007 --> C:\Program Files\Sports Interactive\Football Manager 2007\uninstall\Uninstall FM 2007.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Expression Web --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL
Microsoft Expression Web --> MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}
Microsoft Expression Web MUI (English) --> MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2007 --> MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007 --> MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Penguins Arena 1.5 --> "C:\Program Files\Penguins Arena\unins000.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
SimCity 4 Deluxe --> C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
VideoEgg Publisher --> C:\Users\Robbie\AppData\Roaming\VideoEgg\Uninstall.exe
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XviD MPEG4 Video Codec (remove only) --> "C:\Windows\system32\xvid-uninstall.exe"
ZENcast Organizer --> "C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /l0x0009


-- Application Event Log -------------------------------------------------------

Event Record #/Type11029 / Warning
Event Submitted/Written: 04/09/2008 04:35:12 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90120000-0051-0000-0000-0000000FF1CE}', feature 'VisioCore' failed during request for component '{45263A41-952C-4331-A44D-420BAB4E5C46}'

Event Record #/Type11028 / Warning
Event Submitted/Written: 04/09/2008 04:35:12 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90120000-0051-0000-0000-0000000FF1CE}', feature 'ProductFiles', component '{6252B847-BADA-43D4-9252-E39767FA40A1}' failed. The resource 'HKEY_CLASSES_ROOT\.pip\' does not exist.

Event Record #/Type11017 / Success
Event Submitted/Written: 04/09/2008 03:31:46 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type11016 / Success
Event Submitted/Written: 04/09/2008 03:31:45 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type11015 / Success
Event Submitted/Written: 04/09/2008 03:31:35 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type23717 / Error
Event Submitted/Written: 04/09/2008 03:31:11 PM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 13, function 0.
Please contact your system vendor for technical assistance.

Event Record #/Type23716 / Error
Event Submitted/Written: 04/09/2008 03:31:11 PM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 12, function 0.
Please contact your system vendor for technical assistance.

Event Record #/Type23715 / Error
Event Submitted/Written: 04/09/2008 03:31:11 PM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 11, function 0.
Please contact your system vendor for technical assistance.

Event Record #/Type23714 / Error
Event Submitted/Written: 04/09/2008 03:31:11 PM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 14, function 0.
Please contact your system vendor for technical assistance.

Event Record #/Type23697 / Warning
Event Submitted/Written: 04/09/2008 02:18:30 PM
Event ID/Source: 1002 / WinDefend
Event Description:
%NT AUTHORITY27 scan has been stopped before completion.

Scan ID: {68FE0085-B9A7-4386-91BD-7D1FEE319CB1}

Scan Type: %NT AUTHORITY01

Scan Parameters: %NT AUTHORITY09

User: NT AUTHORITY\NETWORK SERVICE



-- End of Deckard's System Scanner: finished at 2008-04-09 16:37:33 ------------




EDIT:

I have given using wireshark a go to see if my internet connection is being taken for a ride and it apparently isnt.

Edited by boltactionbob, 09 April 2008 - 01:09 PM.


BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:22 PM

Posted 14 April 2008 - 07:20 AM

Hello boltactionbob and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:22 PM

Posted 28 April 2008 - 02:50 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users