Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly Infected With Vundo Virus


  • Please log in to reply
1 reply to this topic

#1 Vinchenzison

Vinchenzison

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 16 May 2008 - 06:59 AM

Getting popups in internet explorer alerting to download virusscanners and spyware detection software.
Comput

Here is the logs from DSS

Deckard's System Scanner v20071014.68
Run by James Ison-Stierer on 2008-05-16 12:40:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-05-16 11:40:18 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-05-16 11:04:20 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as James Ison-Stierer.exe) ----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:41, on 16/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\WLTRAY.exe
d:\Program Files\Spyware Doctor\sdhelp.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\JAMESI~1.JAM\LOCALS~1\Temp\RtkBtMnt.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\James Ison-Stierer.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5AD44D43-F351-406D-8F60-57956A88277A} - C:\WINDOWS\system32\xxyvULbC.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - d:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - d:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {F1B2B165-FBF2-4EB3-98FF-9CF5506062B5} - C:\WINDOWS\system32\byXQKcab.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [c4a5c1ab] rundll32.exe "C:\WINDOWS\system32\ekcrwknx.dll",b
O4 - HKLM\..\Run: [BMc796f237] Rundll32.exe "C:\WINDOWS\system32\twpdmpmt.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - d:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210811676375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: byXQKcab - C:\WINDOWS\SYSTEM32\byXQKcab.dll
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7250 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.js - JSFile - DefaultIcon - "D:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>

S3 ovt519 (EyeToy) - c:\windows\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_006A1025&REV_03\3&B1BFB68&0&F3
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_006A1025&REV_03\3&B1BFB68&0&F3
Service:


-- Files created between 2008-04-16 and 2008-05-16 -----------------------------

2008-05-16 12:41:04 0 d-------- C:\Program Files\Trend Micro
2008-05-16 12:32:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-05-16 12:32:45 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-16 12:11:28 0 d-------- C:\WINDOWS\LastGood
2008-05-16 11:58:24 68096 --a------ C:\WINDOWS\zip.exe
2008-05-16 11:58:24 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-16 11:58:24 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-16 11:58:24 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-16 11:58:24 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-16 11:58:24 98816 --a------ C:\WINDOWS\sed.exe
2008-05-16 11:58:24 80412 --a------ C:\WINDOWS\grep.exe
2008-05-16 11:58:24 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-16 10:32:54 0 d-------- C:\VundoFix Backups
2008-05-16 10:19:20 125952 --a------ C:\WINDOWS\system32\twpdmpmt.dll
2008-05-16 10:16:35 0 d-------- C:\quarantine
2008-05-16 10:16:30 52276 --a------ C:\WINDOWS\system32\dqxumnex.dll
2008-05-16 00:58:40 0 d-------- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Application Data\PC Tools
2008-05-15 15:05:29 0 d-------- C:\Program Files\GPLGS
2008-05-15 14:01:07 116736 --a------ C:\WINDOWS\system32\ekcrwknx.dll
2008-05-15 13:55:11 59904 --a------ C:\WINDOWS\system32\byXQKcab.dll
2008-05-15 13:27:24 0 d--h----- C:\Documents and Settings\Administrator.JAMESLAPTOP\Templates
2008-05-15 13:27:24 0 dr------- C:\Documents and Settings\Administrator.JAMESLAPTOP\Start Menu
2008-05-15 13:27:24 0 dr-h----- C:\Documents and Settings\Administrator.JAMESLAPTOP\SendTo
2008-05-15 13:27:24 0 d--h----- C:\Documents and Settings\Administrator.JAMESLAPTOP\Recent
2008-05-15 13:27:24 0 d--h----- C:\Documents and Settings\Administrator.JAMESLAPTOP\PrintHood
2008-05-15 13:27:24 262144 --ah----- C:\Documents and Settings\Administrator.JAMESLAPTOP\NTUSER.DAT
2008-05-15 13:27:24 0 d--h----- C:\Documents and Settings\Administrator.JAMESLAPTOP\NetHood
2008-05-15 13:27:24 0 d-------- C:\Documents and Settings\Administrator.JAMESLAPTOP\My Documents
2008-05-15 13:27:24 0 d--h----- C:\Documents and Settings\Administrator.JAMESLAPTOP\Local Settings
2008-05-15 13:27:24 0 d-------- C:\Documents and Settings\Administrator.JAMESLAPTOP\Favorites
2008-05-15 13:27:24 0 d-------- C:\Documents and Settings\Administrator.JAMESLAPTOP\Desktop
2008-05-15 13:27:24 0 d--hs---- C:\Documents and Settings\Administrator.JAMESLAPTOP\Cookies
2008-05-15 13:27:24 0 dr-h----- C:\Documents and Settings\Administrator.JAMESLAPTOP\Application Data
2008-05-15 13:27:24 0 d---s---- C:\Documents and Settings\Administrator.JAMESLAPTOP\Application Data\Microsoft
2008-05-15 11:31:01 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus
2008-05-15 11:30:58 0 d-------- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Application Data\Azureus
2008-05-15 11:00:18 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-15 10:48:27 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-05-15 10:48:08 0 d-------- C:\Program Files\Apple Software Update
2008-05-15 10:48:08 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-05-15 00:41:00 0 d-------- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Contacts
2008-05-15 00:37:04 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-05-14 22:09:03 200704 -ra------ C:\WINDOWS\sel3110.exe <Not Verified; ; select Application>
2008-05-14 22:09:03 40960 -ra------ C:\WINDOWS\CleanDev.exe <Not Verified; ; CleanDevice>
2008-05-14 22:09:02 307200 -ra------ C:\WINDOWS\vidcap32.exe <Not Verified; Microsoft Corporation; Microsoft Windows>
2008-05-14 22:09:02 61440 -ra------ C:\WINDOWS\ov519dib.dll <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519>
2008-05-14 22:09:01 25211 -ra------ C:\WINDOWS\system32\drivers\ov519cmd.sys <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2008-05-14 22:09:01 135168 -ra------ C:\WINDOWS\ov519cap.exe <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519>
2008-05-14 22:09:01 32528 -ra------ C:\WINDOWS\amcap.exe
2008-05-14 22:09:00 174530 -ra------ C:\WINDOWS\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>
2008-05-14 22:08:59 16426 -ra------ C:\WINDOWS\system32\ov519usd.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2008-05-14 22:08:59 40960 -ra------ C:\WINDOWS\system32\ov519ext.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2008-05-14 18:34:57 0 d-------- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Application Data\Talkback
2008-05-14 18:34:36 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-14 18:34:33 0 d-------- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Application Data\Mozilla
2008-05-14 18:33:37 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2008-05-14 16:33:37 0 d-------- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Application Data\WinRAR
2008-05-14 16:30:54 0 d-------- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Application Data\Adobe
2008-05-14 16:03:39 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Macromedia
2008-05-14 15:50:47 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-14 15:50:46 0 d-------- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Application Data\skypePM
2008-05-14 15:50:11 0 d-------- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Application Data\Skype
2008-05-14 15:49:43 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2008-05-14 15:39:40 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-05-14 15:39:39 65536 --a------ C:\WINDOWS\system32\WLTRYSVC.EXE
2008-05-14 15:39:39 192512 --a------ C:\WINDOWS\system32\AegisI5.exe <Not Verified; ; AegisInstall Application>
2008-05-14 15:39:38 1396831 --a------ C:\WINDOWS\system32\AegisE5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2008-05-14 15:33:00 0 d-------- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Application Data\Macromedia
2008-05-14 14:07:20 108256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>
2008-05-14 14:07:20 58048 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
2008-05-14 14:07:15 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Network Associates
2008-05-14 14:00:58 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-05-14 13:42:19 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Templates
2008-05-14 13:42:19 0 dr------- C:\Documents and Settings\Default User.WINDOWS\Start Menu
2008-05-14 13:42:19 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\SendTo
2008-05-14 13:42:19 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Recent
2008-05-14 13:42:19 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\PrintHood
2008-05-14 13:42:19 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\NetHood
2008-05-14 13:42:19 0 d-------- C:\Documents and Settings\Default User.WINDOWS\My Documents
2008-05-14 13:42:19 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Local Settings
2008-05-14 13:42:19 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Favorites
2008-05-14 13:42:19 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Desktop
2008-05-14 13:42:19 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Cookies
2008-05-14 13:42:19 0 d--h----- C:\Documents and Settings\All Users.WINDOWS\Templates
2008-05-14 13:42:19 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Start Menu
2008-05-14 13:42:19 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Favorites
2008-05-14 13:42:19 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-05-14 13:42:19 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Desktop
2008-05-14 13:42:00 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Application Data
2008-05-14 13:42:00 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft
2008-05-14 13:41:59 0 dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data
2008-05-14 13:41:59 0 d---s---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-05-14 13:27:31 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
2008-05-14 13:25:13 0 d--hs---- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\UserData
2008-05-14 13:23:42 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Start Menu
2008-05-14 13:22:07 0 d-------- C:\WINDOWS\Prefetch
2008-05-14 13:02:21 0 d-------- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Application Data\Identities
2008-05-14 13:02:11 0 d--h----- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Templates
2008-05-14 13:02:11 0 dr------- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Start Menu
2008-05-14 13:02:11 0 dr-h----- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\SendTo
2008-05-14 13:02:11 0 dr-h----- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Recent
2008-05-14 13:02:11 0 d--h----- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\PrintHood
2008-05-14 13:02:11 1572864 --ah----- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\NTUSER.DAT
2008-05-14 13:02:11 0 d--h----- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\NetHood
2008-05-14 13:02:11 0 dr------- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\My Documents
2008-05-14 13:02:11 0 d--h----- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Local Settings
2008-05-14 13:02:11 0 dr------- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Favorites
2008-05-14 13:02:11 0 d-------- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Desktop
2008-05-14 13:02:11 0 d--hs---- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Cookies
2008-05-14 13:02:11 0 dr-h----- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Application Data
2008-05-14 12:59:28 229376 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
2008-05-14 12:59:28 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings
2008-05-14 12:59:28 0 d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
2008-05-14 12:59:28 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
2008-05-14 12:59:28 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft
2008-05-14 12:59:27 229376 --ah----- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
2008-05-14 12:59:27 0 d--h----- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings
2008-05-14 12:59:27 0 d--hs---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies
2008-05-14 12:59:27 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data
2008-05-14 12:59:27 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Microsoft
2008-05-14 12:55:07 262144 --ah----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
2008-05-14 12:53:59 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-05-14 12:51:38 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-14 12:50:29 40960 --a------ C:\WINDOWS\system32\tscupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-14 10:56:42 0 d-------- C:\Documents and Settings\Default User\Application Data\DivX
2008-05-13 11:02:15 0 dr-h----- C:\Documents and Settings\JIsonstierer\Recent
2008-05-13 10:00:20 0 d-------- C:\WINDOWS\ERUNT
2008-05-13 00:39:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-12 17:28:26 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-12 17:28:11 0 d--h----- C:\WINDOWS\system32\.c4a5c104
2008-05-07 13:07:18 0 d-------- C:\WINDOWS\system32\scripting
2008-05-07 13:07:14 0 d-------- C:\WINDOWS\l2schemas
2008-05-07 13:07:13 0 d-------- C:\WINDOWS\system32\en
2008-05-03 22:33:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-03 22:33:29 0 d-------- C:\Documents and Settings\JIsonstierer\Application Data\Azureus
2008-04-23 22:21:47 0 d-------- C:\Program Files\Virtual Earth 3D
2008-04-16 22:31:53 0 d-------- C:\Program Files\Common Files\Skype


-- Find3M Report ---------------------------------------------------------------

2008-05-15 13:57:04 0 d-------- C:\Program Files\Common Files\Macromedia
2008-05-15 13:44:13 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-15 00:39:57 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-14 15:42:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-14 14:01:13 0 d-------- C:\Program Files\Realtek AC97
2008-05-14 13:42:19 62 --ahs---- C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Application Data\desktop.ini
2008-05-14 13:17:50 0 d-------- C:\Program Files\Messenger
2008-05-14 13:17:10 0 d-------- C:\Program Files\Movie Maker
2008-05-14 13:14:24 0 d-------- C:\Program Files\Windows NT
2008-05-14 11:09:48 0 d-------- C:\Program Files\LogMeIn
2008-05-13 13:00:31 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 3
2008-05-13 11:02:10 0 d-------- C:\Program Files\Spyware Doctor
2008-05-12 17:47:24 0 d-------- C:\Program Files\SmartFTP Client 2.0
2008-05-12 17:47:09 0 d-------- C:\Program Files\QuickTime
2008-05-12 17:45:48 0 d-------- C:\Program Files\Microsoft Money 2007
2008-05-12 17:37:49 0 d-------- C:\Program Files\AC3Filter
2008-05-08 16:37:57 0 d-------- C:\Program Files\Mozilla Firefox 2 Beta 2
2008-05-07 20:39:05 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-16 22:31:53 0 d-------- C:\Program Files\Common Files
2008-03-25 14:59:22 0 d-------- C:\Program Files\Broadcom


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AD44D43-F351-406D-8F60-57956A88277A}]
C:\WINDOWS\system32\xxyvULbC.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1B2B165-FBF2-4EB3-98FF-9CF5506062B5}]
15/05/2008 13:55 59904 --a------ C:\WINDOWS\system32\byXQKcab.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [24/08/2005 12:50]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [24/08/2005 12:47]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [24/08/2005 12:51]
"SoundMan"="SOUNDMAN.EXE" [16/04/2007 15:28 C:\WINDOWS\soundman.exe]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [22/09/2004 21:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [06/08/2004 03:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [07/10/2003 10:48]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"c4a5c1ab"="C:\WINDOWS\system32\ekcrwknx.dll" [15/05/2008 14:01]
"BMc796f237"="C:\WINDOWS\system32\twpdmpmt.dll" [16/05/2008 10:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 05:42]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [23/04/2008 17:45]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F1B2B165-FBF2-4EB3-98FF-9CF5506062B5}"= C:\WINDOWS\system32\byXQKcab.dll [15/05/2008 13:55 59904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXQKcab]
byXQKcab.dll 15/05/2008 13:55 59904 C:\WINDOWS\system32\byXQKcab.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - ENTDRV51



-- End of Deckard's System Scanner: finished at 2008-05-16 12:47:33 ------------



Here is the Extra.txt log


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® M processor 1.50GHz
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 2038.42 MiB / 1379.54 MiB
Pagefile Memory (total/avail): 3931.36 MiB / 3580.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.39 MiB

C: is Fixed (NTFS) - 16.45 GiB total, 4.28 GiB free.
D: is Fixed (NTFS) - 17.67 GiB total, 5.79 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST9402112A - 37.26 GiB - 3 partitions
\PARTITION0 - Unknown - 3.13 GiB
\PARTITION1 (bootable) - Installable File System - 16.45 GiB - C:
\PARTITION2 - Installable File System - 17.67 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP\Application Data
CLASSPATH=.;D:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JAMESLAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\James Ison-Stierer.JAMESLAPTOP
LOGONSERVER=\\JAMESLAPTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;D:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=D:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JAMESI~1.JAM\LOCALS~1\Temp
TMP=C:\DOCUME~1\JAMESI~1.JAM\LOCALS~1\Temp
USERDOMAIN=JAMESLAPTOP
USERNAME=James Ison-Stierer
USERPROFILE=C:\Documents and Settings\James Ison-Stierer.JAMESLAPTOP
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

James Ison-Stierer.JAMESLAPTOP (admin)
Administrator.JAMESLAPTOP (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Azureus Vuze --> d:\Program Files\Azureus\uninstall.exe
Broadcom 802.11 Network Adapter --> C:\WINDOWS\system32\BCMWLU00.exe verbose
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
D-Link VGA Webcam --> C:\WINDOWS\CleanDev.exe C:\WINDOWS\ov519.TXT
Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Magic ISO Maker v5.3 (build 0221) --> D:\PROGRA~1\MagicISO\UNWISE.EXE D:\PROGRA~1\MagicISO\INSTALL.LOG
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Porta --> "d:\Program Files\Porta\uninstall.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spyware Doctor 3.5 --> "d:\Program Files\Spyware Doctor\unins000.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows XP Service Pack 3 --> "D:\sp3uninstall\$ntservicepackuninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type819 / Error
Event Submitted/Written: 05/16/2008 00:47:29 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: C:\WINDOWS\system32\byXQKcab.dll was detected using user defined detection settings,clean and move failed.(from JAMESLAPTOP IP 192.168.1.68 user JAMESLAPTOP running VirusScan Enter 8.0 OAS)

Event Record #/Type818 / Error
Event Submitted/Written: 05/16/2008 00:47:25 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: C:\WINDOWS\system32\byXQKcab.dll was detected using user defined detection settings,clean and move failed.(from JAMESLAPTOP IP 192.168.1.68 user JAMESLAPTOP running VirusScan Enter 8.0 OAS)

Event Record #/Type817 / Error
Event Submitted/Written: 05/16/2008 00:47:22 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: C:\WINDOWS\system32\byXQKcab.dll was detected using user defined detection settings,clean and move failed.(from JAMESLAPTOP IP 192.168.1.68 user JAMESLAPTOP running VirusScan Enter 8.0 OAS)

Event Record #/Type816 / Error
Event Submitted/Written: 05/16/2008 00:47:17 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: C:\WINDOWS\system32\byXQKcab.dll was detected using user defined detection settings,clean and move failed.(from JAMESLAPTOP IP 192.168.1.68 user JAMESLAPTOP running VirusScan Enter 8.0 OAS)

Event Record #/Type815 / Error
Event Submitted/Written: 05/16/2008 00:47:14 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: C:\WINDOWS\system32\byXQKcab.dll was detected using user defined detection settings,clean and move failed.(from JAMESLAPTOP IP 192.168.1.68 user JAMESLAPTOP running VirusScan Enter 8.0 OAS)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type495 / Error
Event Submitted/Written: 05/16/2008 00:38:58 PM
Event ID/Source: 6004 / EventLog
Event Description:
A driver packet received from the I/O subsystem was invalid. The data is the
packet.

Event Record #/Type494 / Error
Event Submitted/Written: 05/16/2008 00:38:54 PM
Event ID/Source: 6004 / EventLog
Event Description:
A driver packet received from the I/O subsystem was invalid. The data is the
packet.

Event Record #/Type493 / Warning
Event Submitted/Written: 05/16/2008 00:36:55 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

Event Record #/Type492 / Warning
Event Submitted/Written: 05/16/2008 00:36:54 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

Event Record #/Type491 / Warning
Event Submitted/Written: 05/16/2008 00:36:54 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-05-16 12:47:33 ------------

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:36 AM

Posted 16 May 2008 - 10:07 AM

Hello Vinchenzison and welcome to BC. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users