Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Access Facebook, Yahoo


  • This topic is locked This topic is locked
2 replies to this topic

#1 Davidvn

Davidvn

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 22 June 2008 - 12:54 PM

Hi everyone,

I see a few other people have been experiencing the same problem I am, but none of those solutions work. I followed the preparation guide before posting this, so I hope someone can help me.

Problem Description: I run Vista, and use Firefox and IE7. Recently I can't access Facebook on my computer. All other sites work fine. I have Avast! installed and Lavasoft Ad-Aware, and Microsoft Defender running... but none of these can pick up any malware / spyware / virus. This is so frustrating, because every site works except Facebook and yahoo (and also, I discovered, the-underdogs.info).

Please help me!

Here is the Main.txt log:

Deckard's System Scanner v20071014.68
Run by David on 2008-06-22 18:55:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
10: 2008-06-22 13:54:21 UTC - RP422 - Installed Ad-Aware
9: 2008-06-22 11:04:11 UTC - RP421 - Scheduled Checkpoint
8: 2008-06-21 15:22:26 UTC - RP420 - Scheduled Checkpoint
7: 2008-06-20 07:40:54 UTC - RP419 - Scheduled Checkpoint
6: 2008-06-19 13:42:27 UTC - RP418 - Installed QuickBooks


-- First Restore Point --
1: 2008-06-15 09:58:23 UTC - RP412 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-22 18:58:00
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\PowerPlus\PowerPlus.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Allmine\Downloads\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 82.66.124.146:8081
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: PowerPlus.lnk = ?
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/5/b...heckControl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\System32\PnkBstrB.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe


--
End of file - 8503 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys

S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>
S3 LVPrcMon (Logitech LVPrcMon Driver) - \??\c:\windows\system32\drivers\lvprcmon.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 QBCFMonitorService (QuickBooks Database Manager Service) - "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe" <Not Verified; Intuit; QuickBooks for Windows>

S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>
S4 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-21 16:53:20 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{FA2CD34A-B8CA-48D2-8B41-8423C34A082B}.job


-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-22 15:54:41 0 d-------- C:\Program Files\Lavasoft
2008-06-22 15:54:40 0 d-------- C:\Users\All Users\Lavasoft
2008-06-22 15:54:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-19 16:15:55 0 d-------- C:\Program Files\Common Files\supportsoft
2008-06-19 15:48:17 1933312 --a------ C:\Windows\system32\cdintf251.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-06-19 15:43:34 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-06-19 15:42:58 0 d-------- C:\Users\All Users\Intuit
2008-06-19 15:40:31 0 d-------- C:\Users\All Users\COMMON FILES
2008-06-16 17:08:34 0 d-------- C:\Program Files\MSDN
2008-06-16 12:07:43 148480 --a------ C:\Windows\UNWISE.EXE
2008-06-16 12:07:42 0 d-------- C:\Program Files\Learn ReportBuilder
2008-06-14 15:30:04 1 --a------ C:\Windows\system32\SI.bin
2008-06-10 22:28:02 0 d--hs---- C:\Windows\ftpcache
2008-06-10 21:48:40 0 d-------- C:\Users\All Users\Lionhead Studios
2008-06-10 21:48:40 0 d-------- C:\Program Files\Lionhead Studios Ltd
2008-06-04 19:32:35 0 d-------- C:\Program Files\Google
2008-05-27 09:30:02 0 d-------- C:\Program Files\MSECache
2008-05-25 17:44:19 0 d-------- C:\Program Files\Gothic III


-- Find3M Report ---------------------------------------------------------------

2008-06-22 18:00:06 0 d-------- C:\Users\David\AppData\Roaming\Vidalia
2008-06-22 18:00:06 0 d-------- C:\Users\David\AppData\Roaming\tor
2008-06-22 15:54:09 0 d-------- C:\Program Files\Common Files
2008-06-22 12:35:32 0 d-------- C:\Program Files\Steam
2008-06-19 15:45:16 0 d-------- C:\Program Files\Common Files\Intuit
2008-06-19 15:42:58 0 d-------- C:\Program Files\Intuit
2008-06-18 15:04:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-18 09:12:39 38432 --a------ C:\Users\David\AppData\Roaming\Microsoft Excel.ADR
2008-06-14 21:07:58 0 d-------- C:\Users\David\AppData\Roaming\InstallShield
2008-06-14 15:43:06 0 d-------- C:\Program Files\Microsoft Games
2008-06-14 14:19:46 0 d-------- C:\Program Files\Common Files\Steam
2008-06-11 23:29:04 0 d-------- C:\Users\David\AppData\Roaming\Adobe
2008-06-10 22:29:31 0 d-------- C:\Users\David\AppData\Roaming\Lionhead Studios
2008-06-04 19:33:33 0 d-------- C:\Users\David\AppData\Roaming\Google
2008-05-12 15:47:54 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-12 15:47:53 0 d-------- C:\Program Files\Business Objects
2008-05-12 15:45:29 0 d-------- C:\Program Files\Microsoft SQL Server
2008-05-12 15:33:06 0 d-------- C:\Program Files\Microsoft Device Emulator
2008-05-12 15:32:48 0 d-------- C:\Program Files\Windows Mobile 5.0 SDK R2
2008-05-12 15:30:46 0 d-------- C:\Program Files\Microsoft.NET
2008-05-12 15:26:29 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-05-12 15:26:06 0 d-------- C:\Program Files\MSBuild
2008-05-12 15:23:05 0 d-------- C:\Program Files\CE Remote Tools
2008-05-12 15:21:56 0 d-------- C:\Program Files\Microsoft Web Designer Tools
2008-05-07 20:16:21 0 d-------- C:\Program Files\Vidalia Bundle
2008-04-22 18:01:51 0 d-------- C:\Users\David\AppData\Roaming\Ubisoft
2008-04-22 17:43:30 0 d-------- C:\Program Files\Ubisoft
2008-04-22 17:33:12 0 d-------- C:\Program Files\SEGA
2008-04-08 17:32:42 669184 --a------ C:\Windows\system32\pbsvc.exe
2008-03-26 22:52:46 98304 --a------ C:\Windows\system32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007/08/17 11:07 AM]
"RtHDVCpl"="RtHDVCpl.exe" [2007/04/23 09:51 AM C:\Windows\RtHDVCpl.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008/05/16 01:19 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007/06/04 05:24 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007/07/06 08:15 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007/07/06 08:15 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007/07/06 08:15 PM]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006/11/02 11:45 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008/02/22 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008/01/11 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006/11/02 02:35 PM]
"IBP"="" []
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004/06/16 06:03 AM]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008/06/14 04:10 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
PowerPlus.lnk - C:\Windows\Installer\{C44138BF-8D99-4DA9-8B96-8CBEE3045FCD}\IconC44138BF1.exe [2007/08/18 11:54:11 AM]
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006/11/20 04:30:54 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007/08/23 06:43:46 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk
backup=C:\Windows\pss\QuickBooks 2002 Delivery Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamWizard]
C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\Windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6dcf781-4c9a-11dc-bd3d-806e6f6e6963}]
AutoRun\command- D:\setup\rsrc\Autorun.exe
dinstall\command- D:\Directx\dxsetup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-22 18:59:05 ------------

And here is the extra.txt file:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Business (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 3325.69 MiB / 2001.7 MiB
Pagefile Memory (total/avail): 8188.39 MiB / 6961.56 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.34 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 74.6 GiB free.
D: is CDROM (UDF)

\\.\PHYSICALDRIVE0 - ST3250410AS ATA Device - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v7.1.078.000 (Check Point, LTD.) Disabled
AV: avast! antivirus 4.8.1201 [VPS 080621-0] v4.8.1201 (ALWIL Software)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Outdated
AS: avast! antivirus 4.8.1201 [VPS 080621-0] v4.8.1201 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\David\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KICKASS
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\David
LOCALAPPDATA=C:\Users\David\AppData\Local
LOGONSERVER=\\KICKASS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\David\AppData\Local\Temp
TMP=C:\Users\David\AppData\Local\Temp
tvdumpflags=8
USERDOMAIN=KICKASS
USERNAME=David
USERPROFILE=C:\Users\David
VS90COMNTOOLS=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

David


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> MsiExec.exe /I{71EEA108-09C9-4D81-8FA2-D48C70681242}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Age of Empires III --> C:\Program Files\InstallShield Installation Information\{70F8B183-99EB-4304-BA35-080E2DFFD2A3}\setup.exe -runfromtemp -l0x0409
Age of Empires III - The WarChiefs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
Assassin's Creed --> C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitLord 1.1 --> C:\Allmine\BitLord\uninst.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Coding4Fun Issue 3 --> MsiExec.exe /I{3CB48471-8ABD-4162-9A9E-D885332FFD55}
Combined Community Codec Pack 2008-01-24 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel Uninstaller --> C:\Windows\COREL\UNINST32.EXE
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Crystal Reports Basic for Visual Studio 2008 --> MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Dark Messiah --> C:\Program Files\InstallShield Installation Information\{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}\setup.exe -runfromtemp -l0x0009 -removeonly
DotNetBar for Windows Forms --> MsiExec.exe /X{5868DD13-0DB2-4CE9-9F32-A81EFE09482E}
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
IP*Works! V6 ActiveX Edition --> C:\Program Files\nsoftware\IPWorks V6 ActiveX Edition\uninstall.exe
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.2.5 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Learn ReportBuilder --> C:\Windows\UNWISE.EXE C:\Windows\Install.log
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
MediaShow 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 --> C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5 --> MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Device Emulator version 3.0 - ENU --> MsiExec.exe /X{B32E7732-B2FB-3FD0-81AC-6025B1104C66}
Microsoft Document Explorer 2008 --> C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008 --> MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visual Web Developer 2007 --> MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007 --> MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Report Viewer Redistributable 2005 --> C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Report Viewer Redistributable 2005\install.exe
Microsoft Report Viewer Redistributable 2008 --> c:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Report Viewer Redistributable 2008\install.exe
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Compact 3.5 for Devices ENU --> MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504}
Microsoft SQL Server Database Publishing Wizard 1.2 --> MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual Studio 2005 Tools for Office Runtime --> MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 2008 Performance Collection Tools - ENU --> MsiExec.exe /I{EB3F5C2A-0754-38B8-8722-7B537006BF46}
Microsoft Visual Studio Team System 2008 Team Suite - ENU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio Team System 2008 Team Suite - ENU\setup.exe
Microsoft Visual Studio Web Authoring Component --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\wmv9vcm.inf, Uninstall
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools --> MsiExec.exe /X{05EC21B8-4593-3037-A781-A6B5AFFCB19D}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense --> MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f}
Microsoft Windows SDK for Visual Studio 2008 Tools --> MsiExec.exe /X{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MySQL Connector/ODBC 3.51 --> MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
Nero 7 Essentials --> MsiExec.exe /X{8A8C4EAC-9AB7-45FA-9480-5716FD261033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
PhotoNow! 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
PlayLinc --> MsiExec.exe /I{2158685C-E2B3-4026-B0A1-0FFE31837AFD}
PowerDirector --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerPlus --> MsiExec.exe /I{C44138BF-8D99-4DA9-8B96-8CBEE3045FCD}
Privoxy 3.0.6 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe"
PunkBuster Services --> C:\Windows\system32\pbsvc.exe -u
QuickBooks Premier Edition 2008 --> msiexec.exe /I {71EEA108-09C9-4D81-8FA2-D48C70681242} UNIQUE_NAME="accountant" QBFULLNAME="QuickBooks Premier 2008" ADDREMOVE=1
QuickBooks Pro 2002 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{809987B2-F964-11D4-A1A5-00104BD190B1}\Setup.exe" -addremove
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Striata Reader --> rundll32.exe C:\Windows\system32\keymail.dll,UninstallDll
SupportSoft Assisted Service --> MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Movies™ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{0556F885-2415-4666-B53E-33727E46AEA1} /l1033
Tor 0.1.2.19 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe"
VC Runtimes MSI --> MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}
Vidalia 0.0.16 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe"
Visual Studio 2005 Tools for Office Second Edition Runtime --> c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime --> C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime --> MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
WinAce Archiver --> "C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile 5.0 SDK R2 for Pocket PC --> MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876}
Windows Mobile 5.0 SDK R2 for Smartphone --> MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}
Xara XS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{538A8F91-7431-4CDB-8E8D-C16D3E228407}\setup.exe" -l0x9
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type23581 / Error
Event Submitted/Written: 06/22/2008 00:36:24 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Steam.exe, version 1.0.0.0, time stamp 0x47cdc51a, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000005, fault offset 0x0002294f,
process id 0xf30, application start time 0xSteam.exe0.

Event Record #/Type23573 / Success
Event Submitted/Written: 06/22/2008 00:33:58 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type23568 / Success
Event Submitted/Written: 06/22/2008 00:33:58 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type23539 / Success
Event Submitted/Written: 06/22/2008 00:33:43 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type23530 / Success
Event Submitted/Written: 06/21/2008 08:27:25 PM
Event ID/Source: 903 / Software Licensing Service
Event Description:
The Software Licensing service has stopped.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type14863497 / Error
Event Submitted/Written: 06/22/2008 06:59:02 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Remote Access Connection ManagerTelephony%%1058

Event Record #/Type14863496 / Error
Event Submitted/Written: 06/22/2008 06:58:57 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Remote Access Connection ManagerTelephony%%1058

Event Record #/Type14863495 / Error
Event Submitted/Written: 06/22/2008 06:58:52 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Remote Access Connection ManagerTelephony%%1058

Event Record #/Type14863494 / Error
Event Submitted/Written: 06/22/2008 06:58:47 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Remote Access Connection ManagerTelephony%%1058

Event Record #/Type14863493 / Error
Event Submitted/Written: 06/22/2008 06:58:42 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Remote Access Connection ManagerTelephony%%1058



-- End of Deckard's System Scanner: finished at 2008-06-22 18:59:05 ------------


I hope someone here can help - I'm quite proficient on Vista, but this problem has me completely stumped!

Thanking you in advance,
David.

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:07 AM

Posted 15 July 2008 - 09:45 PM

Hello, Davidvn.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
Please run Deckard's System Scanner again, this time using these instructions:
(In the event you lost your copy, you can download a new one from here: Deckard's System Scanner)
  • Click on Start, click on Run
  • Copy and paste the following in the open window and then click OK:
    "%userprofile%\desktop\dss.exe" /config
  • This will open up DSS configuration
  • Click on Check All.
  • Click Scan.
    DSS will now run again.
  • Please post back both logs that open in notepad.
    Main.txt and Extra.txt
In your next reply, please include the following:
  • DSS's Main.txt
  • DSS's Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:07 AM

Posted 18 July 2008 - 08:19 AM

Hello, Davidvn.
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users