Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected With Somthing (not Sure What It Is)(this Is A Cry For Help)

  • Please log in to reply
1 reply to this topic

#1 chrisc666


  • Members
  • 3 posts
  • Local time:04:51 AM

Posted 22 June 2008 - 10:25 AM

This is a cry for help, i have many valuble files on my drive which i am not able to backup because my computer is acting so slow, so disk cleanup is not an option.

Hey guys! i have a huge problem. It all started yestorday when i downloaded a programme to remove spyware. When i downloaded the .exe file it had the default C++ icon usually i dont trust those type of programes but for some resson i opend it...

Ever since my computer has been really slow and has been acting really strange here are my symptons:

- On task bar next to the time it says "VIRUS ALERT!"
- When i press alt+l+del it says task manager was dissabled by administrator.
- When i right click on desktop and click on properties it says "this can only be accessed by the admistrator"
- In my computer the only thing that shows up is the floppy drive "A:\"
- I cannot access my computer or the programme list from the start menu, i have to create shortcuts on the desktop
- Big red circle icon appears in my quick launch bar saying i have been infected with spy ware and i need to remove it. then i get a message box saying the following:

Security Warning!

Worm.win32.netbooster detected on your machine. this virus is distributed via the internet through e-mailand active-x objects. the worm has its own SMTP engine which means it gathers e-mails from your local computer and re-distributes itself. in worst casr this worm can allow attackers to access your computer, stealing passwords and personal data. This process should be removed from your system.

Type: virus
system affected: windows 2000, nt, me, xp, vista
security risk (0-5): 5
Recomendations: Click yes to remove it from your computer immediatly

my web browser keeps opening up to this website (i dont recomend clicking on the link!!!!!!)


When my computer starts up my wallpaper changes into a local webpage asking me to click on a button.


Deckard's System Scanner v20071014.68
Run by Mitzi on 2008-06-22 13:28:43
Computer is in Normal Mode.

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2008-06-22 12:28:45 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 9.5 GiB (less than 15%) free.

-- HijackThis (run as Mitzi.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31: VIRUS ALERT!, on 22/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Kontiki\KService.exe
c:\program files\grasssoft\mouse recorder\MacroService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Mitzi\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://admin:password@www.routerlogin.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QXK Olive - {18405E86-B211-4B83-B143-3BDF4D813ECB} - C:\WINDOWS\ksendlbtknb.dll
O2 - BHO: CenterLock module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Program Files\CenterLock\CenterLock.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: vrmdtneg - {51F6BB5B-9DEF-42C6-B28D-85138B300431} - C:\WINDOWS\vrmdtneg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Macro Manager] C:\Program Files\GrassSoft\Mouse Recorder\MacroManager.exe /q
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: xvorfwbd - {F935F3BF-AAE7-46D5-8885-1C1CC8697F29} - C:\WINDOWS\xvorfwbd.dll
O21 - SSODL: wpvmqosg - {F85E3426-9E6F-459C-9E7B-36C13068160F} - C:\WINDOWS\wpvmqosg.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: dopewars server (dopewars-server) - Unknown owner - C:\Program Files\dopewars-1.5.12\dopewars.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Macro Expert - Grass Software - c:\program files\grasssoft\mouse recorder\MacroService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

End of file - 6438 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R1 ts_lb - c:\windows\system32\drivers\ts_lb.sys <Not Verified; TamoSoft, Inc.; CommView Loopback Driver 2000/XP/2003>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.0.0.5) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client>
R3 bkn50USB (Belkin 54Mbps Wireless USB Network Adapter) - c:\windows\system32\drivers\rt2500usb.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 TSCOMM (CommStudio Virtual Adapter by TamoSoft) - c:\windows\system32\drivers\tscomm.sys <Not Verified; TamoSoft, Inc.; CommStudio Driver>
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 CV2K1 (CommView Network Monitor) - c:\windows\system32\drivers\cv2k1.sys <Not Verified; TamoSoft, Inc.; CommView Driver>
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 PSSdk23 - c:\windows\system32\drivers\pssdk23.drv (file missing)
S3 VHidMinidrv (Bluetooth HID Device Service) - c:\windows\system32\drivers\vhidmini.sys <Not Verified; IVT Corporation; IVT BlueSoleil>
S3 xbreader (MaxDrive XBox Driver (xbreader.sys)) - c:\windows\system32\drivers\xbreader.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Belkin 54g Wireless USB Network Adapter Service (Belkin 54g Wireless USB Network Adapter) - c:\program files\belkin\belkin wireless network utility\wlservice.exe
R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 Macro Expert - c:\program files\grasssoft\mouse recorder\macroservice.exe <Not Verified; Grass Software; Advanced Key and Mouse Recorder>

S3 dopewars-server (dopewars server) - c:\program files\dopewars-1.5.12\dopewars.exe -n
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-22 13:13:30 0 d-------- C:\Documents and Settings\Mitzi\Application Data\Sun
2008-06-22 13:08:13 0 d-------- C:\Documents and Settings\Mitzi\Application Data\Macromedia
2008-06-22 13:08:13 0 d-------- C:\Documents and Settings\Mitzi\Application Data\Adobe
2008-06-22 13:02:47 0 d-------- C:\Documents and Settings\Mitzi\Application Data\Talkback
2008-06-22 13:02:24 0 d-------- C:\Documents and Settings\Mitzi\Application Data\Mozilla
2008-06-22 12:56:47 0 d-------- C:\WINDOWS\privacy_danger
2008-06-22 12:56:38 0 d-------- C:\Documents and Settings\Mitzi\Application Data\Grasssoft
2008-06-22 12:56:32 0 d-------- C:\Documents and Settings\Mitzi\Application Data\TmpRecentIcons
2008-06-22 12:11:17 0 d-------- C:\Documents and Settings\Games\Application Data\TmpRecentIcons
2008-06-21 22:33:51 0 d-------- C:\Documents and Settings\RS\Application Data\Identities
2008-06-21 22:32:39 0 d--h----- C:\Documents and Settings\RS\Templates
2008-06-21 22:32:39 0 dr------- C:\Documents and Settings\RS\Start Menu
2008-06-21 22:32:39 0 dr-h----- C:\Documents and Settings\RS\SendTo
2008-06-21 22:32:39 0 dr-h----- C:\Documents and Settings\RS\Recent
2008-06-21 22:32:39 0 d--h----- C:\Documents and Settings\RS\PrintHood
2008-06-21 22:32:39 524288 --ah----- C:\Documents and Settings\RS\NTUSER.DAT
2008-06-21 22:32:39 0 d--h----- C:\Documents and Settings\RS\NetHood
2008-06-21 22:32:39 0 dr------- C:\Documents and Settings\RS\My Documents
2008-06-21 22:32:39 0 d--h----- C:\Documents and Settings\RS\Local Settings
2008-06-21 22:32:39 0 dr------- C:\Documents and Settings\RS\Favorites
2008-06-21 22:32:39 0 d-------- C:\Documents and Settings\RS\Desktop
2008-06-21 22:32:39 0 d---s---- C:\Documents and Settings\RS\Cookies
2008-06-21 22:32:39 0 dr-h----- C:\Documents and Settings\RS\Application Data
2008-06-21 22:32:39 0 d---s---- C:\Documents and Settings\RS\Application Data\Microsoft
2008-06-21 17:55:09 0 d-------- C:\Program Files\CenterLock
2008-06-21 17:05:38 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-06-21 16:54:43 225280 --a------ C:\WINDOWS\xvorfwbd.dll
2008-06-21 16:54:43 253952 --a------ C:\WINDOWS\wpvmqosg.dll
2008-06-21 16:54:43 155648 --a------ C:\WINDOWS\vrmdtneg.dll
2008-06-21 16:54:43 81920 --a------ C:\WINDOWS\neltabxw.exe
2008-06-21 16:54:43 323584 --a------ C:\WINDOWS\ksendlbtknb.dll
2008-06-21 16:54:43 139264 --a------ C:\WINDOWS\ekvs.exe
2008-06-21 16:54:30 0 d-------- C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd
2008-06-21 16:35:33 0 d-------- C:\Documents and Settings\Games\Application Data\Uniblue
2008-06-20 20:48:00 0 d-------- C:\Documents and Settings\Games\Application Data\Recorder
2008-06-20 20:47:24 0 d-------- C:\Program Files\Recorder
2008-06-18 23:34:39 0 d-------- C:\Program Files\ProxyWay
2008-06-16 19:38:46 0 d---s---- C:\Documents and Settings\Games\UserData
2008-06-15 00:33:26 0 d-------- C:\Documents and Settings\Games\Contacts
2008-06-14 01:33:15 0 d-------- C:\Documents and Settings\Games\Shared
2008-06-14 01:32:53 0 d-------- C:\Documents and Settings\Games\Incomplete
2008-06-14 01:32:44 0 d-------- C:\Documents and Settings\Games\Application Data\LimeWire
2008-06-12 01:33:15 0 d-------- C:\Documents and Settings\Games\Application Data\Grasssoft
2008-06-12 01:33:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Grasssoft
2008-06-12 01:32:58 0 d-------- C:\Program Files\GrassSoft
2008-06-08 14:48:20 0 d-------- C:\Documents and Settings\Games\Application Data\Sun
2008-06-08 14:48:06 0 d-------- C:\Documents and Settings\Games\Application Data\Macromedia
2008-06-08 14:48:06 0 d-------- C:\Documents and Settings\Games\Application Data\Adobe
2008-06-08 14:47:48 0 d-------- C:\Documents and Settings\Games\Application Data\Talkback
2008-06-08 14:47:29 0 d-------- C:\Documents and Settings\Games\Application Data\Mozilla
2008-06-08 14:46:36 0 d-------- C:\Documents and Settings\Games\Application Data\Identities
2008-06-08 14:46:22 0 d--h----- C:\Documents and Settings\Games\Templates
2008-06-08 14:46:22 0 dr------- C:\Documents and Settings\Games\Start Menu
2008-06-08 14:46:22 0 dr-h----- C:\Documents and Settings\Games\SendTo
2008-06-08 14:46:22 0 dr-h----- C:\Documents and Settings\Games\Recent
2008-06-08 14:46:22 0 d--h----- C:\Documents and Settings\Games\PrintHood
2008-06-08 14:46:22 0 d--h----- C:\Documents and Settings\Games\NetHood
2008-06-08 14:46:22 0 dr------- C:\Documents and Settings\Games\My Documents
2008-06-08 14:46:22 0 d--h----- C:\Documents and Settings\Games\Local Settings
2008-06-08 14:46:22 0 dr------- C:\Documents and Settings\Games\Favorites
2008-06-08 14:46:22 0 d-------- C:\Documents and Settings\Games\Desktop
2008-06-08 14:46:22 0 d---s---- C:\Documents and Settings\Games\Cookies
2008-06-08 14:46:22 0 dr-h----- C:\Documents and Settings\Games\Application Data
2008-06-08 14:46:22 0 d---s---- C:\Documents and Settings\Games\Application Data\Microsoft
2008-06-08 14:46:21 2097152 --ah----- C:\Documents and Settings\Games\NTUSER.DAT
2008-06-03 20:55:46 0 d-------- C:\Program Files\Project1
2008-05-31 19:35:55 0 d------c- C:\Kontiki
2008-05-31 11:01:30 0 d------c- C:\Logs
2008-05-30 01:44:47 17920 --a------ C:\WINDOWS\system32\Instmsng.dll
2008-05-30 01:44:47 37124 --a------ C:\WINDOWS\system32\imsn.exe

-- Find3M Report ---------------------------------------------------------------

2008-06-22 13:31:14 0 d-------- C:\Program Files\Trend Micro
2008-06-21 21:57:46 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-20 20:47:18 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-17 23:49:05 0 d-------- C:\Program Files\Java
2008-06-14 01:32:36 0 d-------- C:\Program Files\Cheat Engine
2008-06-14 01:32:35 0 d-------- C:\Program Files\DivX
2008-06-07 23:31:37 0 d-------- C:\Program Files\Steam
2008-06-06 01:00:48 0 d-------- C:\Program Files\World of Warcraft
2008-06-02 00:45:47 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-02 00:19:21 36864 --a------ C:\WINDOWS\system32\reginv.dll
2008-06-02 00:19:19 350764 --a------ C:\WINDOWS\system32\lncom.exe
2008-05-17 04:47:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-15 23:13:27 0 d-------- C:\Program Files\Kontiki
2008-05-15 21:15:31 0 d-------- C:\Program Files\Smallvideosoft
2008-05-15 19:40:26 0 d-------- C:\Program Files\WoW-FE
2008-05-14 09:49:49 0 d-------- C:\Documents and Settings\Mitzi\Application Data\Identities
2008-05-07 22:46:57 0 d-------- C:\Program Files\The Creative Assembly
2008-05-07 22:46:56 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-07 11:08:36 0 d-------- C:\Program Files\Surreal

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18405E86-B211-4B83-B143-3BDF4D813ECB}]
21/06/2008 10:55: VIRUS ALERT! 323584 --a------ C:\WINDOWS\ksendlbtknb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}]
27/03/2008 14:02: VIRUS ALERT! 247296 --a------ C:\Program Files\CenterLock\CenterLock.dll

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [02/11/2004 09:03: VIRUS ALERT!]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [02/11/2004 08:59: VIRUS ALERT!]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25: VIRUS ALERT!]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [13/09/2006 20:33: VIRUS ALERT!]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [18/06/2006 17:54: VIRUS ALERT!]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [23/11/2007 00:19: VIRUS ALERT!]
"Macro Manager"="C:\Program Files\GrassSoft\Mouse Recorder\MacroManager.exe" [11/06/2008 02:44: VIRUS ALERT!]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00: VIRUS ALERT!]

"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)
"NoDispCPL"=1 (0x1)

"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

"xvorfwbd"= {F935F3BF-AAE7-46D5-8885-1C1CC8697F29} - C:\WINDOWS\xvorfwbd.dll [21/06/2008 10:55: VIRUS ALERT! 225280]
"wpvmqosg"= {F85E3426-9E6F-459C-9E7B-36C13068160F} - C:\WINDOWS\wpvmqosg.dll [21/06/2008 10:55: VIRUS ALERT! 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 10/10/2006 18:53: VIRUS ALERT! 135168 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

-- End of Deckard's System Scanner: finished at 2008-06-22 13:33:21 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.66GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 758.98 MiB / 453.39 MiB
Pagefile Memory (total/avail): 1856.6 MiB / 1594.97 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.34 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.49 GiB total, 9.5 GiB free.

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.49 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Pro Firewall v6.5.722.000 (Zone Labs, Inc.)

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Steam\\SteamApps\\chrisc666\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\chrisc666\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\Microsoft Visual Studio\\VB98\\VB6.EXE"="C:\\Program Files\\Microsoft Visual Studio\\VB98\\VB6.EXE:*:Enabled:Visual Basic"
"C:\\Program Files\\CoreFTP\\coreftp.exe"="C:\\Program Files\\CoreFTP\\coreftp.exe:*:Enabled:Core FTP App"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\NovaLogic\\Delta Force 2\\Update.exe"="C:\\Program Files\\NovaLogic\\Delta Force 2\\Update.exe:*:Enabled:Update"
"C:\\Program Files\\NovaLogic\\Delta Force 2\\Df2.exe"="C:\\Program Files\\NovaLogic\\Delta Force 2\\Df2.exe:*:Enabled:Df2"
"C:\\Program Files\\Raven\\SOF PLATINUM\\SoF.exe"="C:\\Program Files\\Raven\\SOF PLATINUM\\SoF.exe:*:Enabled:SoF"
"C:\\Sierra\\Half-Life\\hl.exe"="C:\\Sierra\\Half-Life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Steam\\SteamApps\\chrisc666\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\chrisc666\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\chrisc666\\team fortress classic\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\chrisc666\\team fortress classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\chrisc666\\deathmatch classic\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\chrisc666\\deathmatch classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\chrisc666\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\chrisc666\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\chrisc666\\opposing force\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\chrisc666\\opposing force\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\chrisc666\\half-life\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\chrisc666\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\chrisc666\\half-life blue shift\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\chrisc666\\half-life blue shift\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe"="C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe:*:Enabled:dfbhd"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\XBC\\neXBC.exe"="C:\\Program Files\\XBC\\neXBC.exe:*:Enabled:XBConnect"
"C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"="C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe:*:Enabled:VoipDiscount"
"C:\\Program Files\\iCall\\iCall.exe"="C:\\Program Files\\iCall\\iCall.exe:*:Enabled:iCall"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\Gaming\\Desktop\\M\\ProRat.exe"="C:\\Documents and Settings\\Gaming\\Desktop\\M\\ProRat.exe:*:Enabled:ProRat"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Mitzi\Application Data
CommonProgramFiles=C:\Program Files\Common Files
HOMEPATH=\Documents and Settings\Mitzi
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
ProgramFiles=C:\Program Files
USERPROFILE=C:\Documents and Settings\Mitzi

-- User Profiles ---------------------------------------------------------------

Owner (admin)
Mitzi (admin)
Games (admin)
RS (new local)
Administrator.OWNER-878280B55 (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -f\"C:\Program Files\Final Fantasy VII\Uninst.isu"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32BC2460-6246-11D3-88BC-0000B43BC585}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Battlefield 1942 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
BBC iPlayer Download Manager --> MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
Belkin 54g USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\Belkin Wireless Network Utility\setup.exe" -l0x9
BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x9
Broken Sword --> C:\Sword\uninstal.exe
Cakewalk VST Adapter --> C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
CenterLock --> "C:\Program Files\CenterLock\Uninstall.exe"
Cheat Engine 5.3 --> "C:\Program Files\Cheat Engine\unins000.exe"
Command & Conquer Red Alert 2 --> C:\Westwood\RA2\Uninstll.EXE
Command & Conquer The First Decade --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
Command && Conquer Red Alert 2 - Yuri's Revenge --> C:\Westwood\RA2\Uninstll.EXE
Counter-Strike: Source --> MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
Delta Force - Black Hawk Down --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8FE54D21-8254-4CCF-AEE0-066496AE43F4}\setup.exe" -l0x9 -uninst
Delta Force 2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NovaLogic\Delta Force 2\Uninst.isu"
DivX ;-) Audio Compressor 4.02 --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivXAudioCompressor4.02.inf
dopewars-1.5.12 --> C:\WINDOWS\bw-uninstall.exe dopewars-1.5.12
Final Fantasy VII - Ultima Edition --> "C:\Program Files\Final Fantasy VII\unins000.exe"
Final Fantasy VII XP Patch --> C:\Program Files\Square Soft, Inc\Final Fantasy VII\Patch\Uninstall XP Patch.EXE /u:"Final Fantasy VII XP Patch"
FinalAlert 2 Yuri's Revenge --> C:\Program Files\FinalAlert 2 Yuri's Revenge\SMUninstall.exe
Freez 3GP Video Converter 2.0 --> "C:\Program Files\Smallvideosoft\Freez 3GP Video Converter\unins000.exe"
GPL MPEG-1/2 DirectShow Decoder Filter --> MsiExec.exe /I{870815CA-6B60-47B6-88DD-A67F42D2F03E}
Half-Life --> C:\Sierra\HALF-L~1\UNWISE.EXE C:\Sierra\HALF-L~1\INSTALL.LOG
Hello and welcome to RSMS, please follow the instructions to install this software. (backline software inc...) --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Project1\ST6UNST.LOG"
Heroes of Might and Magic IV: Winds of War --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Heroes of Might and Magic IV\Heroes of Might and Magic IV.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
i-Sound WMA MP3 Recorder --> C:\Program Files\i-Sound Pro\uninstex.exe
IMSI Applications --> C:\WINDOWS\corel\imsiuset.exe
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
J2SE Development Kit 5.0 Update 11 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150110}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire PRO 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveSynth Pro DXi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05F6050A-5C77-44BC-87E4-75B828500FB6}\Setup.exe" UNINSTALL
Lord of the Rings: The Fellowship of the Ring --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{49C98C60-BAC3-4C92-AF4F-E890FD312D60}
Medieval - Total War - Gold Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A10F7877-4276-416C-9F22-CB56C0CB2700}\setup.exe" -l0x9 -removeonly
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 6.0 Professional Edition --> "C:\Program Files\Microsoft Visual Studio\VB98\Setup\1033\Setup.exe"
Microsoft Visual C++ 6.0 Standard Edition --> "C:\Program Files\Microsoft Visual Studio\VC98\Setup\1033\Setup.exe"
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Mozilla Firefox ( --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSDN Library - Visual Studio 6.0 --> "C:\Program Files\Microsoft Visual Studio\MSDN98\98VS\1033\Setup\Setup.exe"
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MusicLab RealGuitar v1.5 --> C:\PROGRA~1\MusicLab\REALGU~1\UNWISE.EXE C:\PROGRA~1\MusicLab\REALGU~1\INSTALL.LOG
Neverwinter Nights --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}\Setup.exe" -l0x9
PE Explorer 1.98 R5 --> "C:\Program Files\PE Explorer\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
ProxyWay Pro --> MsiExec.exe /X{620797B0-A022-4B57-A95E-DD7DD0321038}
QuickCam Drivers --> rundll.exe setupx.dll,InstallHinfSection DefaultInstall 132 c:\lvideo2\lvcam\lvdel.inf
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer 7 Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Recorder --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Recorder\ST6UNST.LOG"
RSMS --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Project1\ST6UNST.LOG"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG
Soldier of Fortune Platinum --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Raven\SOF PLATINUM\sofplat.isu"
SONAR 5 Producer Edition --> C:\PROGRA~1\Cakewalk\SONAR5~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\SONAR5~1\INSTALL.LOG
Sony Ericsson Themes Creator 3.17 --> C:\Program Files\Sony Ericsson\Themes Creator\Uninstall.exe
Sony Media Manager 2.2 --> MsiExec.exe /X{C9E129BC-27D3-436E-BAAC-4CE81E0962F1}
Sony Vegas 7.0 --> MsiExec.exe /X{96965E6C-41DB-4E0A-BC65-D92381D51D2A}
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SWAT3 Elite Edition --> C:\Sierra\SWAT3\UNWISE.EXE C:\Sierra\SWAT3\INSTALL.LOG
USB MassStorage CardReader --> C:\Program Files\Kodak\040a_5005\Remove.exe
WebVideo Support --> C:\WINDOWS\neltabxw.exe
Westwood Shared Internet Components --> C:\Westwood\Internet\UnstllAP.EXE
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPcap 3.1 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xbox 360 Controller for Windows --> "C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
ZoneAlarm Pro --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type30002 / Error
Event Submitted/Written: 06/22/2008 01:32:26 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The SmartLinkService service has reported an invalid current state 0.

Event Record #/Type29976 / Error
Event Submitted/Written: 06/22/2008 00:53:59 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the Macro Expert service.

Event Record #/Type29975 / Error
Event Submitted/Written: 06/22/2008 00:53:59 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the Macro Expert service.

Event Record #/Type29959 / Warning
Event Submitted/Written: 06/22/2008 00:51:36 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type29907 / Warning
Event Submitted/Written: 06/22/2008 00:17:35 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

-- End of Deckard's System Scanner: finished at 2008-06-22 13:33:21 ------------

Deactivated link. ~ OB

Edited by Orange Blossom, 11 February 2013 - 01:12 AM.

BC AdBot (Login to Remove)



#2 OldTimer


    Malware Expert

  • Members
  • 11,092 posts
  • Gender:Male
  • Location:North Carolina
  • Local time:05:51 AM

Posted 25 June 2008 - 03:53 PM

Hello chrisc666 and welcome to BC. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Desktop Components
      Reg - Software Policy Settings
      File - Additional Folder Scans
  • copy/paste the text in the codebox below into the Custon Scans box:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
    HKEY_CURRENT_USER\Control Panel\International
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).


I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.

Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users