Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:tratbhd


  • Please log in to reply
9 replies to this topic

#1 bamadeb

bamadeb

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 29 April 2008 - 09:54 PM

Win32:TratBHO (sorry couldn't read my writing when I typed in the topic)

I have Malware that will not go away. I've restored once and wouldn't you know within a day or two I am back to the same issues. One scan found Vondu I believe but it seemed to remove it but I'm not sure. The latest this evening was the Win32:TratBHO and it threw my Avast program into overdrive. Everytime I tried to move it or delete it the Avast screen just kept popping up saying it was being used by another program. When I rebooted it I got a couple of dll error messages which seemed to be related to the dll files mentioned by Avast. I am no expert but fairly computer literate. This is the first virus I've had in many years and it is making me crazy. It has been two weeks and I can not get this junk off my computer.

I ran the scan and have the log. HELP GREATLY APPREICATED ;)

BTW I had to disable my Avast in order to run the DSS scan because I kept getting the win32:tratbho error message while the scan was going on. I wasn't sure if turning off Avast was a good idea or not but I couldn't tell if the scan was running properly because the Avast alert message was blocking the view of the scan bar and again I couldn't get it to go away.

Edited by bamadeb, 29 April 2008 - 10:16 PM.

You can't control the wind, but you can adjust your sails.

BC AdBot (Login to Remove)

 


#2 bamadeb

bamadeb
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 29 April 2008 - 10:01 PM

both logs the main then the extra

Deckard's System Scanner v20071014.68
Run by Deb on 2008-04-29 21:19:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
11: 2008-04-30 02:10:19 UTC - RP85 - Windows Update
10: 2008-04-29 02:20:31 UTC - RP84 - Windows Update
9: 2008-04-28 04:48:03 UTC - RP83 - Removed Vista Codec Package.
8: 2008-04-27 00:11:34 UTC - RP82 - Scheduled Checkpoint
7: 2008-04-25 20:58:34 UTC - RP81 - Scheduled Checkpoint


-- First Restore Point --
1: 2008-04-24 02:25:32 UTC - RP72 - Removed Ad-Aware 2007


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 1014 MiB (1024 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-29 21:24:14
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Deb\Desktop\dss.exe
C:\Windows\System32\SearchFilterHost.exe
C:\Windows\System32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Deb\AppData\Local\Temp\mlJAtUOI.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Deb\AppData\Local\Temp\yayYRLBu.dll,c
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [7c43ad86] rundll32.exe "C:\Users\Deb\AppData\Local\Temp\ofkxkiyb.dll",b
O4 - HKCU\..\Run: [BM7f709e1a] Rundll32.exe "C:\Users\Deb\AppData\Local\Temp\pgnnckks.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


--
End of file - 9654 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>

S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys <Not Verified; Conexant Systems, Inc; UIU HW Access x86 Driver (SYS)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-29 and 2008-04-29 -----------------------------

2008-04-27 23:35:24 0 d-------- C:\Program Files\Enigma Software Group
2008-04-23 22:14:28 0 d-------- C:\Program Files\Alwil Software
2008-04-21 23:52:50 0 d-------- C:\Program Files\NeroInstall.bak
2008-04-21 15:06:36 0 d-------- C:\Users\All Users\Nero
2008-04-21 15:06:36 0 d-------- C:\Program Files\Nero
2008-04-21 15:06:35 0 d-------- C:\Program Files\Common Files\Nero
2008-04-21 14:53:42 0 d-------- C:\Users\All Users\TEMP
2008-04-21 14:13:18 0 d-------- C:\Users\All Users\vsosdk
2008-04-21 12:42:02 217127 --a------ C:\Windows\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-04-21 12:42:02 208935 --a------ C:\Windows\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-04-21 12:42:01 626688 --a------ C:\Windows\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-04-21 12:42:01 176165 --a------ C:\Windows\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-04-21 12:42:01 65602 --a------ C:\Windows\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-04-21 12:41:59 0 d-------- C:\Program Files\VSO
2008-04-20 10:57:52 0 d-------- C:\Users\All Users\HP
2008-04-19 23:07:26 26 --a------ C:\Windows\winstart.bat
2008-04-19 23:07:26 122 --a------ C:\Windows\tmpdelis.bat
2008-04-19 23:07:26 139 --a------ C:\Windows\tmpcpyis.bat
2008-04-19 23:06:19 0 d-------- C:\Program Files\HASBRO Interactive
2008-04-19 22:58:55 299520 --a------ C:\Windows\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-04-19 22:49:59 0 d-------- C:\PROGRAMFILES
2008-04-19 22:40:22 0 -rahs---- C:\MSDOS.SYS
2008-04-19 22:40:22 0 -rahs---- C:\IO.SYS
2008-04-19 20:24:12 0 d-------- C:\Users\All Users\MumboJumbo
2008-04-19 20:23:54 0 d-------- C:\Program Files\Elf Bowling The Last Insult
2008-04-19 20:23:38 17408 --a------ C:\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-18 23:38:14 0 d-------- C:\Users\All Users\Trymedia
2008-04-18 23:16:37 0 d-------- C:\Windows\SpongeBob SquarePants Bubble Rush
2008-04-18 23:14:29 0 d-------- C:\Program Files\BFG
2008-04-18 23:12:07 0 d-------- C:\Program Files\SpongeBob's Obstacle Odyssey
2008-04-18 22:40:45 0 d-------- C:\Program Files\PowerISO
2008-04-18 00:35:36 6909 -ra------ C:\Windows\system32\drivers\UIUSYS.SYS <Not Verified; Conexant Systems, Inc; UIU HW Access x86 Driver (SYS)>
2008-04-17 21:14:37 0 d-------- C:\Users\All Users\Ludia
2008-04-17 20:49:18 0 d-------- C:\Windows\system32\x64
2008-04-17 14:28:03 0 d-------- C:\Program Files\VistaCodecPack
2008-04-17 14:04:37 0 d-------- C:\Windows\WinRAR
2008-04-17 13:46:37 0 d-------- C:\Users\Deb\Utorrent
2008-04-17 13:43:17 0 d-------- C:\Program Files\uTorrent
2008-04-17 09:30:26 0 d-------- C:\Users\All Users\Adobe
2008-04-17 09:29:55 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-17 00:05:20 0 d-------- C:\Users\All Users\Hewlett-Packard
2008-04-16 23:54:09 0 d-------- C:\Program Files\Symantec
2008-04-16 23:54:07 0 d-------- C:\Users\All Users\Symantec
2008-04-16 23:53:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-16 23:53:37 0 d-------- C:\Program Files\HPQ
2008-04-16 23:53:33 0 d-------- C:\Program Files\Common Files\LightScribe
2008-04-16 23:53:08 0 d-------- C:\Users\All Users\WildTangent
2008-04-16 23:50:31 0 d-------- C:\Windows\Panther
2008-04-16 23:50:15 0 d--hs---- C:\Boot
2008-04-16 23:48:47 0 d-------- C:\Program Files\HP Games
2008-04-16 23:48:32 0 d-------- C:\Users\All Users\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2008-04-16 23:48:26 0 d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-04-16 23:46:58 0 d-------- C:\Program Files\Microsoft Works
2008-04-16 23:46:23 0 d-------- C:\Windows\PCHEALTH
2008-04-16 23:46:23 0 d-------- C:\Program Files\Microsoft.NET
2008-04-16 23:44:49 0 d-------- C:\Users\All Users\Microsoft Help
2008-04-16 23:41:28 0 d-------- C:\Windows\HPCPCUninstall-6811507
2008-04-16 23:41:11 0 d-------- C:\Program Files\HP Connections
2008-04-16 23:40:25 0 d-------- C:\Program Files\DivX
2008-04-16 23:39:54 0 d-------- C:\Program Files\muvee Technologies
2008-04-16 23:39:54 0 d-------- C:\Program Files\Common Files\muvee Technologies
2008-04-16 23:38:46 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-04-16 23:34:21 0 d-------- C:\Users\All Users\Sonic
2008-04-16 23:33:21 0 d-------- C:\Users\All Users\Roxio
2008-04-16 23:33:21 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-04-16 23:33:16 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-04-16 23:29:47 0 d-------- C:\Program Files\Roxio
2008-04-16 23:29:28 0 d-------- C:\Windows\system32\Macromed
2008-04-16 23:27:38 0 d-------- C:\Users\All Users\InstallShield
2008-04-16 23:25:34 0 d-------- C:\Users\All Users\CyberLink
2008-04-16 23:24:55 82432 --a------ C:\Windows\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-04-16 23:24:55 44544 --a------ C:\Windows\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-04-16 23:24:29 0 d-------- C:\Program Files\HP
2008-04-16 23:22:18 0 d-------- C:\Program Files\Java
2008-04-16 23:22:18 0 d-------- C:\Program Files\Common Files\Java
2008-04-16 23:19:21 0 d-------- C:\Program Files\Broadcom
2008-04-16 23:17:48 0 d-------- C:\Windows\system32\Lang
2008-04-16 23:17:47 385024 -ra------ C:\Windows\system32\igxpun.exe <Not Verified; Intel® Corporation; Intel® Graphics Media Accelerator Driver>
2008-04-16 23:17:45 0 d-------- C:\Intel
2008-04-16 23:17:00 0 d-------- C:\Program Files\Synaptics
2008-04-16 23:15:20 1560576 --a------ C:\Windows\system32\BttnCmns_64.dll <Not Verified; Hewlett-Packard Company; Q Menu>
2008-04-16 23:15:20 1560576 --a------ C:\Windows\system32\BttnCmns.dll <Not Verified; Hewlett-Packard Company; Q Menu>
2008-04-16 23:15:20 987136 --a------ C:\Windows\system32\BttnCmn.dll <Not Verified; Hewlett-Packard Company; Q Menu>
2008-04-16 23:15:19 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-16 23:14:48 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-04-16 23:14:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-16 23:14:28 0 d-------- C:\Program Files\NetWaiting
2008-04-16 23:14:24 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-16 23:14:08 0 d-------- C:\Program Files\CONEXANT
2008-04-16 23:13:23 0 d-------- C:\Program Files\MSXML 4.0
2008-04-16 23:10:24 229376 --a------ C:\Windows\system32\BtwRSupport.dll <Not Verified; Broadcom Corporation.; Bluetooth Software 6.0.1.3100>
2008-04-16 23:09:47 0 d-------- C:\Windows\system32\es-MX
2008-04-16 23:09:47 0 d-------- C:\Windows\system32\es-AR
2008-04-16 23:09:45 0 d-------- C:\Program Files\WIDCOMM
2008-04-16 23:09:37 0 d--hs---- C:\Windows\Installer
2008-04-16 23:06:58 0 dr------- C:\Users\Deb\Searches
2008-04-16 23:06:45 0 dr------- C:\Users\Deb\Contacts
2008-04-16 23:06:36 0 dr------- C:\Users\Deb\Videos
2008-04-16 23:06:36 0 d--hs---- C:\Users\Deb\Templates
2008-04-16 23:06:36 0 d--hs---- C:\Users\Deb\Start Menu
2008-04-16 23:06:36 0 d--hs---- C:\Users\Deb\SendTo
2008-04-16 23:06:36 0 dr------- C:\Users\Deb\Saved Games
2008-04-16 23:06:36 0 d--hs---- C:\Users\Deb\Recent
2008-04-16 23:06:36 0 d--hs---- C:\Users\Deb\PrintHood
2008-04-16 23:06:36 0 dr------- C:\Users\Deb\Pictures
2008-04-16 23:06:36 1835008 --ahs---- C:\Users\Deb\NTUSER.DAT
2008-04-16 23:06:36 0 d--hs---- C:\Users\Deb\NetHood
2008-04-16 23:06:36 0 d--hs---- C:\Users\Deb\My Documents
2008-04-16 23:06:36 0 dr------- C:\Users\Deb\Music
2008-04-16 23:06:36 0 d--hs---- C:\Users\Deb\Local Settings
2008-04-16 23:06:36 0 dr------- C:\Users\Deb\Links
2008-04-16 23:06:36 0 dr------- C:\Users\Deb\Favorites
2008-04-16 23:06:36 0 dr------- C:\Users\Deb\Downloads
2008-04-16 23:06:36 0 dr------- C:\Users\Deb\Documents
2008-04-16 23:06:36 0 dr------- C:\Users\Deb\Desktop
2008-04-16 23:06:36 0 d--hs---- C:\Users\Deb\Cookies
2008-04-16 23:06:36 0 d--hs---- C:\Users\Deb\Application Data
2008-04-16 23:06:36 0 d--h----- C:\Users\Deb\AppData
2008-04-16 22:57:06 0 d-------- C:\Windows\SoftwareDistribution
2008-04-16 22:54:52 0 d-------- C:\Windows\Debug
2008-04-16 22:51:27 0 d-------- C:\Windows\Prefetch
2008-04-16 20:46:46 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2008-04-28 23:22:00 0 d-------- C:\Users\Deb\AppData\Roaming\uTorrent
2008-04-27 19:40:07 0 d-------- C:\Users\Deb\AppData\Roaming\Vso
2008-04-27 19:40:06 668 --a------ C:\Users\Deb\AppData\Roaming\vso_ts_preview.xml
2008-04-26 21:57:07 0 d-------- C:\Users\Deb\AppData\Roaming\Adobe
2008-04-23 23:16:47 0 d-------- C:\Program Files\Common Files
2008-04-21 20:01:49 0 d-------- C:\Users\Deb\AppData\Roaming\CyberLink
2008-04-21 15:35:12 0 d-------- C:\Users\Deb\AppData\Roaming\Real
2008-04-21 15:15:19 0 d-------- C:\Users\Deb\AppData\Roaming\Nero
2008-04-21 12:43:58 34 --a------ C:\Users\Deb\AppData\Roaming\pcouffin.log
2008-04-21 12:42:13 7887 --a------ C:\Users\Deb\AppData\Roaming\pcouffin.cat
2008-04-20 10:57:52 0 d-------- C:\Users\Deb\AppData\Roaming\HP
2008-04-18 11:12:31 0 d-------- C:\Users\Deb\AppData\Roaming\SBTT
2008-04-17 21:14:37 0 d-------- C:\Users\Deb\AppData\Roaming\Ludia
2008-04-17 14:05:05 0 d-------- C:\Users\Deb\AppData\Roaming\WinRAR
2008-04-17 00:55:51 0 d-------- C:\Users\Deb\AppData\Roaming\Hewlett-Packard
2008-04-17 00:08:43 0 d-------- C:\Users\Deb\AppData\Roaming\Macromedia
2008-04-17 00:01:00 174 --ahs---- C:\Program Files\desktop.ini
2008-04-16 23:52:13 0 d-------- C:\Program Files\Windows Calendar
2008-04-16 23:52:10 0 d-------- C:\Program Files\Windows Mail
2008-04-16 23:52:06 0 d-------- C:\Program Files\Windows Defender
2008-04-16 23:51:52 0 d-------- C:\Program Files\Windows Sidebar
2008-04-16 23:43:26 0 d-------- C:\Users\Deb\AppData\Roaming\GTek
2008-04-16 23:40:38 74 --a------ C:\autoexec.bat
2008-04-16 23:06:47 0 d-------- C:\Users\Deb\AppData\Roaming\Identities
2008-03-28 18:41:32 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-03-06 17:29:44 966656 --a------ C:\Windows\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/16/2008 11:38 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [11/06/2006 12:58 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/15/2007 02:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [04/16/2008 11:22 PM]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [12/04/2006 02:39 PM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [12/02/2006 06:32 PM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [10/18/2006 11:56 AM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [10/18/2006 11:32 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 05:38 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [02/11/2008 08:13 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [02/11/2008 08:13 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [02/11/2008 08:13 PM]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/15/2007 02:29 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [03/14/2008 06:50 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 01:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [04/16/2008 11:20 PM]
"MSServer"="C:\Users\Deb\AppData\Local\Temp\mlJAtUOI.dll,#1" []
"cmds"="C:\Users\Deb\AppData\Local\Temp\yayYRLBu.dll,c" []
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []
"7c43ad86"="C:\Users\Deb\AppData\Local\Temp\ofkxkiyb.dll,b" []
"BM7f709e1a"="C:\Users\Deb\AppData\Local\Temp\pgnnckks.dll,s" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/3/2006 7:55:50 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-29 21:25:27 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2250 @ 1.73GHz
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 1013.44 MiB / 293.57 MiB
Pagefile Memory (total/avail): 2281.75 MiB / 1471.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.89 MiB

C: is Fixed (NTFS) - 111.79 GiB total, 73.62 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2120BH PL ATA Device - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.79 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1169 [VPS 080429-1] v4.8.1169 (ALWIL Software) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: avast! antivirus 4.8.1169 [VPS 080429-1] v4.8.1169 (ALWIL Software) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Deb\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DEB-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Deb
LOCALAPPDATA=C:\Users\Deb\AppData\Local
LOGONSERVER=\\DEB-PC
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Deb\AppData\Local\Temp
TMP=C:\Users\Deb\AppData\Local\Temp
USERDOMAIN=Deb-PC
USERNAME=Deb
USERPROFILE=C:\Users\Deb
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Deb


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\HP Games\Ancient Sudoku\Uninstall.exe"
--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Big Kahuna Reef\Uninstall.exe"
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe"
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
--> "C:\Program Files\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
--> "C:\Program Files\HP Games\Flip Words\Uninstall.exe"
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Lemonade Tycoon 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Otto\Uninstall.exe"
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\HP Games\Poker Superstars 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Tubing\Uninstall.exe"
--> "C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
--> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
--> "C:\Program Files\HP Games\The Apprentice\Uninstall.exe"
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\HP Games\Word Symphony\Uninstall.exe"
--> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ASL_HS_Installer32 --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Broadcom 802.11 Wireless LAN Adapter --> "C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Candy Land --> C:\Windows\uninst.exe -f"C:\Program Files\HASBRO Interactive\Candy Land\DeIsL1.isu" -c"C:\Program Files\HASBRO Interactive\Candy Land\_ISREG32.DLL"
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IwisR30B7.INF
ConvertXtoDVD 3.0.0.9 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Elf Bowling The Last Insult --> "C:\Program Files\Elf Bowling The Last Insult\ReflexiveArcade\unins000exe.exe"
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IwqcVenz.inf
Hewlett-Packard Active Check for Health Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{21E62565-8639-457C-B64C-A3FF0A8B4D80}\setup.exe -runfromtemp -l0x0409
HP Connections (remove only) --> C:\Windows\HPCPCUninstall-6811507\HPBWSetup.exe -appid 6811507 -uninstall
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Easy Setup - Core --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support --> MsiExec.exe /I{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}
HP Integrated Module with Bluetooth wireless technology 6.0.1.3100 --> MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
HP Quick Launch Buttons 6.10 B9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 uninst
HP QuickPlay 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Total Care Advisor --> MsiExec.exe /X{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP Wireless Assistant --> MsiExec.exe /I{355FADAF-55C4-4E08-88D4-A86C4CA6930C}
HPNetworkAssistant --> MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Intel® Network Connections Drivers --> Prounstl.exe
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99C5770C-1C90-42E7-9B74-D47CFAF14621}\setup.exe" -l0x9
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SpongeBob's Obstacle Odyssey --> C:\Program Files\SpongeBob's Obstacle Odyssey\Uninstal.exe
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Vista Codec Package --> MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
WinRAR --> "C:\Windows\WinRAR\uninstall.exe" "/U:C:\Program Files\WinRAR\Uninstall\uninstall.xml"


-- Application Event Log -------------------------------------------------------

Event Record #/Type3185 / Success
Event Submitted/Written: 04/29/2008 08:48:51 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type3182 / Success
Event Submitted/Written: 04/29/2008 08:48:49 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type3173 / Success
Event Submitted/Written: 04/29/2008 08:48:39 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type3154 / Success
Event Submitted/Written: 04/29/2008 08:37:24 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type3152 / Success
Event Submitted/Written: 04/29/2008 08:37:23 PM
Event ID/Source: 5615 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12936 / Error
Event Submitted/Written: 04/29/2008 08:48:54 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Parallel port driver%%1058

Event Record #/Type12893 / Error
Event Submitted/Written: 04/29/2008 08:48:32 PM
Event ID/Source: 6008 / EventLog
Event Description:
The previous system shutdown at 8:47:22 PM on 4/29/2008 was unexpected.

Event Record #/Type12892 / Error
Event Submitted/Written: 04/29/2008 08:45:36 PM
Event ID/Source: 10010 / DCOM
Event Description:
{0002DF01-0000-0000-C000-000000000046}

Event Record #/Type12876 / Warning
Event Submitted/Written: 04/29/2008 08:38:01 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Deb-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Deb-PC27 can't undo changes that you allow.

For more information please see the following:
%Deb-PC275

Scan ID: {6F0A0624-B01A-436F-8C42-6D0BF894B086}

User: Deb-PC\Deb

Name: %Deb-PC271

ID: %Deb-PC272

Severity ID: %Deb-PC273

Category ID: %Deb-PC274

Path Found: %Deb-PC276

Alert Type: %Deb-PC278

Detection Type: 1.1.1505.02

Event Record #/Type12875 / Warning
Event Submitted/Written: 04/29/2008 08:37:56 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Deb-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Deb-PC27 can't undo changes that you allow.

For more information please see the following:
%Deb-PC275

Scan ID: {6B989DD4-A6D4-4CD1-B332-A8A2DC791C1C}

User: Deb-PC\Deb

Name: %Deb-PC271

ID: %Deb-PC272

Severity ID: %Deb-PC273

Category ID: %Deb-PC274

Path Found: %Deb-PC276

Alert Type: %Deb-PC278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2008-04-29 21:25:27 ------------
You can't control the wind, but you can adjust your sails.

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:00 AM

Posted 16 May 2008 - 08:50 PM

Hello bamadeb. :thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :blink:
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
See you soon,
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#4 bamadeb

bamadeb
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 17 May 2008 - 07:47 PM

It's been awhile since I first posted and I've tried not to make any major changes. I did have to install my printer software in order to print off some docs the other day. The only other major change I think I've made was removing nero 8 from the computer.

I haven't done a rescent virus scan because it kept picking up the hijack log and I wasn't sure what I was suppose to do. My computer is running better but I want to make sure this stuff is gone. I was going to run another dss scan but didn't know if that was wise so I didn't.

So Billy just tell me what I need to do lol.

Edited by bamadeb, 17 May 2008 - 11:36 PM.

You can't control the wind, but you can adjust your sails.

#5 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:00 AM

Posted 19 May 2008 - 05:19 AM

Hello again, bamadeb.

Sorry about the delay. :thumbsup:

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Users\Deb\AppData\Local\Temp\mlJAtUOI.dll
    C:\Users\Deb\AppData\Local\Temp\yayYRLBu.dll
    C:\Users\Deb\AppData\Local\Temp\ofkxkiyb.dll
    C:\Users\Deb\AppData\Local\Temp\pgnnckks.dll
    C:\Windows\winstart.bat
    C:\Windows\tmpdelis.bat
    C:\Windows\tmpcpyis.bat
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSServer
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cmds
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\7c43ad86
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BM7f709e1a
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

I would like us to run a scan with MalwareBytes' Anti-Malware
Please download MalwareBytes' Anti-Malware from one of the following mirrors:Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded select "Perform Quick Scan", then click Scan.
    Note: Quick is somewhat of a misnomer. The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See note below)
  • The log is automatically saved by MbAM and can be viewed by clicking the Logs tab in MbAM.
  • Copy&Paste the entire report in your next reply.
Note: If MbAM encounters a file that is difficult to remove,you will be presented with a prompt. Click OK to to any prompts to let MbAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 6...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "English".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe
  • Follow the on screen instructions to install the latest Java version.
It appears your AVAST! Anti-Virus is disabled. Did you disable it on purpose? If so, is there any particular reason?

Please reply with the following reports:
  • OTMoveIt2's log
  • MbAM's log
  • A new DSS log

(In the event you lost your copy, you can download a new one from here: Deckard's System Scanner)
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#6 bamadeb

bamadeb
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 19 May 2008 - 02:35 PM

:thumbsup: woooohoooo yahooooo I think it's fixed. The dll messages I was getting about not being found have not vanished upon rebooting. Attached are my scans. Thanks so much for your help. Let me know if I'm all clear.

Attached Files


You can't control the wind, but you can adjust your sails.

#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:00 AM

Posted 20 May 2008 - 12:17 PM

Hello again, Bamadeb.

I would like to check our work.
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

Please reply with ESET's log.

Have a nice day,
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#8 bamadeb

bamadeb
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 20 May 2008 - 05:47 PM

I think the only infections that it caught were ones that had been listed on the dss scan. I'm attaching the results.

Can I delete the dss from my system after this so the virus programs will stop picking up on the stuff listed there?

Attached Files


You can't control the wind, but you can adjust your sails.

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:00 AM

Posted 21 May 2008 - 05:37 AM

Bamadeb, you now appear to be clean. Congratulations!

Can I delete the dss from my system after this so the virus programs will stop picking up on the stuff listed there?

See the next step :blink:

We need to clean up our tools.
Note, this will remove DSS from your system like you wanted :thumbsup:
  • Please download OTMoveIt2 by OldTimer and save it to your desktop.
  • Click the Clean Up button.
    Posted Image
  • Accept any prompts.
  • This will remove any tools we used, including OTMoveIt, and will require a reboot.
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints: Malware Complaints. Just find your country room and register your complaint.
The infection you had was "Vundo"

Below are some steps to follow in order to dramatically lower the chances of reinfection.
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.
  • Set a New Restore Point to prevent possible reinfection from an old one.
    Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
    You can view a video of the following instructions.
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Then go to Start > Run and type: Cleanmgr
    • Click "OK".
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    Note: You should only do this once!

  • Make sure you install all the security updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications.
    Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.

  • Make Internet Explorer more secure
    • Click Start -> Run
    • Type "Inetcpl.cpl" (without quotes) & click OK.
    • Click on the Security tab.
    • Click "Reset all zones to default level"
    • Make sure the Internet Zone is selected & click "Custom level"
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls") to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Click OK, then Apply, then OK to exit the Internet Properties page.

  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing themselves on your computer.
    If you don't know what ActiveX controls are, see here
    You can download SpywareBlaster from here.

  • Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly.

  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of Microsoft Windows includes a hosts file. A hosts file is a bit like a phone book: it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites.
    Spybot Search & Destroy has a good HOSTS file built in. To enable it,
    • Run Spybot Search & Destroy
    • Click the Mode button on the toolbar, and then place a tick next to Advanced mode.
    • Click Yes.
    • In the left hand pane of Spybot Search & Destroy, click on "Tools", and then on Hosts File.
    • Click on "Add Spybot-S&D hosts list"
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start -> Run.
    • Type "services.msc" (without quotes) & click OK.
    • In the list, find the service called "DNS Client" & double click on it.
    • On the dropdown box, change the setting from "Automatic" to "Manual".
    • Click OK.
    • Exit/close the Services window
    For a more detailed explanation of the HOSTS file, click here.

  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers

  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date!

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#10 bamadeb

bamadeb
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 21 May 2008 - 10:26 PM

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints: Malware Complaints. Just find your country room and register your complaint.
The infection you had was "Vundo


I don't know if it I should put what I want done in writing lol. I'd be happy to register my complaint.

I want to thank you for giving me peace of mind and all your hard work helping me clean off my system. I really appreciate your time and effort ;)

Debbie
You can't control the wind, but you can adjust your sails.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users