Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Have An Error Cleaner, Privacy Protector, Spyware And Malware Protection Problem (virus? Malware? Trojan?)


  • This topic is locked This topic is locked
2 replies to this topic

#1 aquadragon

aquadragon

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 08 June 2008 - 11:32 AM

This showed up when i started up my computer last night (I'm running XP). My desktop background changed to red with biohazard type logo, windows keep popping up trying to sell me protection, etc. when it first showed up some of my desktop icons dispeared and i couldn't get into my c drive, but that seems to have stopped for the moment.

I've run my Kasperskys Antivirus, which says it can't delete it, disinfects it, but doesn't seem to change anything.

I've also used System Mechanic 5, Spybot Search and Destroy, Smitfraudfix (i saw this suggested to someone else veiwing another forum- and it seems to work and everything looks good for 5 minutes, but then low and behold it comes right back) plus RegClean, RegistryFix, Tracks Eraser Pro, BugDoctor- to try and clean stuff out- some things seem to get rid of it, but then it returns.

I've been looking it up on google to see what other people did, and trying these things, but obviously this strategy hasn't worked. its just given me a headache.

I'm out of my depth. I really need help! Thankyou in advance for your wisdom.

Here are my dss reports:


Deckard's System Scanner v20071014.68
Run by Aqua Dragon on 2008-06-08 11:54:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-06-08 15:54:53 UTC - RP230 - Deckard's System Scanner Restore Point
4: 2008-06-08 04:47:17 UTC - RP229 - june 8 2008
3: 2008-06-07 10:47:31 UTC - RP228 - Restore Operation
2: 2008-06-07 09:58:45 UTC - RP227 - Last good restore point
1: 2008-06-07 09:58:33 UTC - RP226 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-08 11:56:47
Platform: Windows XP Service Pack 3, v.3264 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.3264)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_5.27_windows_intelx86.exe
C:\Documents and Settings\Aqua Dragon\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Aqua Dragon
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QXK Olive - {80C0F2F5-68A6-428A-8625-8A22E0CDD699} - (no file)
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\Program Files\PopUpCop\PopUpCop.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe"
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.*.windowsupdate.microsoft.com (HKCU)
O15 - Trusted Zone: *.*.scotiaonline.scotiabank.com (HKCU)
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebcam/eng5...WebMonProj1.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) -
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.playfirst.com/play/game/tr...nx.1.0.0.86.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1185746635050
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186109102843
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://81.179.9.93/activex/AxisCamControl.cab
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://gretnaweddings-anvilhall.remotemana...MJPEGRender.ocx
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O21 - SSODL: adgpfoxs - {124110CA-ED1E-4ABA-99F4-59A814040A1A} - C:\WINDOWS\adgpfoxs.dll
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7422 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R1 MagicTune - c:\windows\system32\drivers\mtictwl.sys <Not Verified; Beyond Logic http://www.beyondlogic.org; PortTalk Driver V2.0>
R2 SetupNT - c:\windows\system32\setupnt.sys
R3 SGUARD - c:\windows\system32\drivers\sguard.sys <Not Verified; iolo technologies, LLC; Startup Guard™ Registry Driver>

S1 Amfilter (Compatible Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys
S3 Amusbprt (Compatible HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys
S3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 Autocomplete (AutoComplete Service) - c:\program files\acesoft\tracks eraser pro\autocomp.exe <Not Verified; Acesoft; AUTOCOMP>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: SMC EZ Card 10/100 (SMC1244TX V2)
Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_EC021113&REV_11\3&61AAA01&0&78
Manufacturer: SMC
Name: SMC EZ Card 10/100 (SMC1244TX V2)
PNP Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_EC021113&REV_11\3&61AAA01&0&78
Service: FastNIC

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: C-Media AC97 Audio Device
Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_80A11043&REV_50\3&61AAA01&0&8D
Manufacturer: C-Media
Name: C-Media AC97 Audio Device
PNP Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_80A11043&REV_50\3&61AAA01&0&8D
Service: cmuda


-- Scheduled Tasks -------------------------------------------------------------

2008-05-23 20:00:00 576 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Aqua Dragon.job
2008-05-10 21:41:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-03 18:33:00 276 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
2008-03-21 03:30:00 438 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
2008-03-21 03:30:00 414 --a------ C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
2008-03-21 03:00:00 500 --a------ C:\WINDOWS\Tasks\MalwareBot Scheduled Scan.job
2007-08-07 18:11:21 350 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job


-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-08 11:06:01 0 d-------- C:\WINDOWS\privacy_danger
2008-06-08 00:33:10 1746 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-08 00:16:16 0 dr-h----- C:\Documents and Settings\Aqua Dragon\Recent
2008-06-07 23:09:56 0 d-------- C:\Documents and Settings\Aqua Dragon\.housecall6.6
2008-06-07 22:46:37 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-07 22:46:37 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-07 22:46:37 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-07 22:46:37 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-07 22:46:37 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-07 22:46:37 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-07 22:46:37 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-07 22:46:37 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-07 22:46:37 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-07 22:46:37 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-07 22:46:37 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-07 22:46:37 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-07 22:46:37 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-07 22:46:36 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-07 22:15:55 0 d-------- C:\Documents and Settings\Aqua Dragon\Application Data\TmpRecentIcons
2008-06-07 05:56:41 159744 --a------ C:\WINDOWS\xbqmfsed.exe
2008-06-07 05:56:41 163840 --a------ C:\WINDOWS\eslm.exe
2008-06-07 05:56:41 315392 --a------ C:\WINDOWS\adgpfoxs.dll
2008-06-01 14:20:07 0 d-------- C:\Program Files\Lionhead Studios Ltd
2008-05-27 22:12:55 53248 --a------ C:\WINDOWS\system32\ciaXPRegSvr20.dll <Not Verified; CIA, The Company; ciaXPRegSvr20>
2008-05-27 22:12:55 40960 --a------ C:\WINDOWS\system32\ciaSubClsSvr.dll <Not Verified; CIA, The Company; ciaSubClsSvr>
2008-05-27 22:12:55 692224 --a------ C:\WINDOWS\system32\ciaResSvr20.dll <Not Verified; CIA, The Company; ciaResSvr20>
2008-05-26 19:23:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
2008-05-26 19:15:40 0 d-------- C:\Documents and Settings\Aqua Dragon\Application Data\mojosoft
2008-05-25 19:31:15 0 d-------- C:\Documents and Settings\Aqua Dragon\Application Data\VeniceMysteryData
2008-05-25 11:10:47 0 d-------- C:\Documents and Settings\All Users\Application Data\MonteCristo
2008-05-18 14:01:48 0 d-------- C:\Documents and Settings\Aqua Dragon\Application Data\Friday's games
2008-05-17 13:01:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2008-05-12 21:01:05 0 d-------- C:\Documents and Settings\Aqua Dragon\Application Data\Sudden Games
2008-05-10 09:31:12 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-05-10 09:31:11 73216 -----n--- C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>


-- Find3M Report ---------------------------------------------------------------

2008-06-08 11:58:02 0 d-------- C:\Program Files\BOINC
2008-06-08 10:32:08 0 d-------- C:\Program Files\Bug Doctor
2008-06-08 00:57:33 0 d-------- C:\Program Files\Serials 2000
2008-06-08 00:08:49 0 d-------- C:\Program Files\Snapshot Viewer
2008-06-07 07:38:38 0 d-------- C:\Documents and Settings\Aqua Dragon\Application Data\PopupCop
2008-06-06 12:57:56 2574 --a----c- C:\WINDOWS\eReg.dat
2008-06-06 12:46:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-03 22:21:51 0 d-------- C:\Program Files\DesignWorks Professional 4
2008-05-17 09:09:44 0 d-------- C:\Documents and Settings\Aqua Dragon\Application Data\Big Fish Games
2008-05-04 13:28:17 0 d-------- C:\Documents and Settings\Aqua Dragon\Application Data\Mysteryville2
2008-05-03 23:27:39 0 d-------- C:\Documents and Settings\Aqua Dragon\Application Data\BloodTies
2008-04-20 12:35:50 0 d-------- C:\Documents and Settings\Aqua Dragon\Application Data\Image Zone Express
2008-04-19 19:05:24 0 d-------- C:\Program Files\DesignWorks Lite 4
2008-04-19 08:41:54 0 d-------- C:\Documents and Settings\Aqua Dragon\Application Data\SpinTop
2008-04-13 10:03:51 0 d-------- C:\Documents and Settings\Aqua Dragon\Application Data\PlayFirst
2008-04-12 22:11:14 0 d-------- C:\Documents and Settings\Aqua Dragon\Application Data\Gaijin Ent
2008-04-12 14:12:25 0 --a------ C:\WINDOWS\system32\Ultra.dll
2008-03-27 22:23:31 96577 --a------ C:\WINDOWS\hpqins16.dat
2008-03-27 20:06:26 100 --a----c- C:\WINDOWS\start.reg
2008-03-21 15:52:44 3160 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80C0F2F5-68A6-428A-8625-8A22E0CDD699}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/18/2006 16:25]
"nwiz"="nwiz.exe" [09/18/2006 16:25 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/18/2006 16:25]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [12/01/2007 01:26]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 13:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Mechanic Startup Guard"="C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe" [10/26/2004 15:53]

C:\Documents and Settings\Aqua Dragon\Start Menu\Programs\Startup\
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [11/13/2007 2:44:44 PM]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"adgpfoxs"= {124110CA-ED1E-4ABA-99F4-59A814040A1A} - C:\WINDOWS\adgpfoxs.dll [06/06/2008 14:49 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wupdmgr.exe]
Debugger=ntsd

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Color Calibration.lnk]
backup=C:\WINDOWS\pss\Color Calibration.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Aqua Dragon^Start Menu^Programs^Startup^Registration .LNK]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Aqua Dragon^Start Menu^Programs^Startup^SpamPal.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BPS Spyware Remover]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMXInit]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com

6360 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-08 11:58:57 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2200+
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 895.53 MiB / 539.33 MiB
Pagefile Memory (total/avail): 2170.8 MiB / 1881.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.13 MiB

A: is Removable (No Media)
B: is Removable (No Media)
C: is Fixed (NTFS) - 38.28 GiB total, 21.95 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6E040L0 - 38.29 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 38.28 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Aqua Dragon\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALIEN-S0ZCP3OAM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Aqua Dragon
LOGONSERVER=\\ALIEN-S0ZCP3OAM
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\AQUADR~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\AQUADR~1\LOCALS~1\Temp
USERDOMAIN=ALIEN-S0ZCP3OAM
USERNAME=Aqua Dragon
USERPROFILE=C:\Documents and Settings\Aqua Dragon
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Aqua Dragon (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator 7.0 --> C:\WINDOWS\uninst.exe -f"C:\Adobe\Illustrator 7.0\DeIsL1.isu"
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AMD Processor Driver --> C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AXIS Media Control SDK 4.13 --> "C:\Program Files\Axis Communications\AXIS Media Control SDK\unins000.exe"
Black and White --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}\setup.exe"
BOINC --> MsiExec.exe /I{39F9C9CD-1912-4E29-A52E-ADB73D2FC1D5}
Bug Doctor 3.0.3.8 --> "C:\Program Files\Bug Doctor\unins000.exe"
C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
Corel Applications --> C:\WINDOWS\Corel\Uninst32.exe
DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
DesignWorks Professional 4 --> C:\WINDOWS\unvise32.exe C:\Program Files\DesignWorks Professional 4\uninstal.log
DivX Codec 3.1alpha release --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Driver Diagnostics --> MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{25F6C900-C138-4888-A56C-91D3D063023A}
ICQ6 --> "C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
iolo technologies' System Mechanic 5 Professional --> C:\PROGRA~1\iolo\SYSTEM~1\UninstallSMPro.exe
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
MagicTune 2.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C04D433-2EDF-4AFB-B31B-C0B13065092F}\setup.exe" -l0x9
MaxBlast 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639858DD-4966-40F3-A706-7C838BCF3A2B}\setup.exe"
MGI PhotoSuite SE (Remove Only) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\PhotoSuite SE\Uninst.isu"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft PhotoDraw 2000 V2 --> MsiExec.exe /I{3C5EA394-1033-11D2-A2CB-00C04F72F31D}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MPS HTMLGate Premium --> C:\PROGRA~1\MPSOFT~1\HTMLGA~1\UNWISE.EXE C:\PROGRA~1\MPSOFT~1\HTMLGA~1\INSTALL.LOG
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Natural Color --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}\setup.exe"
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
NotePadXP Version 1.5.0 Build 133 (remove only) --> "C:\Program Files\NotePadXP\uninstall.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
PopUpCop --> C:\PROGRA~1\PopUpCop\UNWISE.EXE /U C:\PROGRA~1\PopUpCop\INSTALL.LOG
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RegistryFix v6.2 --> "C:\Program Files\RegistryFix\unins000.exe"
Shop for HP Supplies --> C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Sid Meier's SimGolf --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C4504A1-9280-11D5-9F7E-00902712427E}\setup.exe"
The Sims Makin' Magic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}\setup.exe" -l0009
Tracks Eraser Pro v4.01 --> "C:\Program Files\Acesoft\Tracks Eraser Pro\unins000.exe"
USB Storage Driver --> DelUIDrv.exe
VIA Rhine-Family Fast-Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
WebFldrs XP -->
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type8005 / Error
Event Submitted/Written: 06/08/2008 09:30:01 AM
Event ID/Source: 0 / pctsSvc.exe
Event Description:
The service process could not connect to the service controller

Event Record #/Type7995 / Success
Event Submitted/Written: 06/08/2008 00:49:21 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type7991 / Warning
Event Submitted/Written: 06/08/2008 00:07:41 AM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800401F0

Event Record #/Type7979 / Success
Event Submitted/Written: 06/07/2008 01:28:15 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type7973 / Success
Event Submitted/Written: 06/07/2008 00:02:26 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type132441 / Warning
Event Submitted/Written: 06/08/2008 11:30:45 AM
Event ID/Source: 825 / Rasman
Event Description:
The Network Access Protection (NAP) enforcement client failed to register with the Network Access Protection Agent (NAPAgent) service. Some network services or resources might not be available. If the problem persists, disconnect and retry the remote access connection or contact the administrator for the remote access server.

Event Record #/Type132440 / Error
Event Submitted/Written: 06/08/2008 11:30:45 AM
Event ID/Source: 10016 / DCOM
Event Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type132420 / Error
Event Submitted/Written: 06/08/2008 11:09:55 AM / 06/08/2008 11:09:56 AM
Event ID/Source: 4199 / Tcpip
Event Description:
The system detected an address conflict for IP address 192.168.1.2 with the system
having network hardware address 00:40:D0:43:9C:AB. Network operations on this system may
be disrupted as a result.

Event Record #/Type132409 / Warning
Event Submitted/Written: 06/08/2008 09:35:34 AM
Event ID/Source: 825 / Rasman
Event Description:
The Network Access Protection (NAP) enforcement client failed to register with the Network Access Protection Agent (NAPAgent) service. Some network services or resources might not be available. If the problem persists, disconnect and retry the remote access connection or contact the administrator for the remote access server.

Event Record #/Type132408 / Error
Event Submitted/Written: 06/08/2008 09:35:34 AM
Event ID/Source: 10016 / DCOM
Event Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.



-- End of Deckard's System Scanner: finished at 2008-06-08 11:58:57 ------------

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:32 PM

Posted 09 June 2008 - 03:30 AM

Hi,

Please uninstall the following programs since they are known to cause more damage than anything else:

RegistryFix v6.2
Bug Doctor 3.0.3.8

Reboot afterwards.

After reboot, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:32 PM

Posted 21 June 2008 - 07:49 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users