Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Winfixer Problems


  • This topic is locked This topic is locked
2 replies to this topic

#1 AJ59

AJ59

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 21 July 2008 - 11:37 AM

Hi

Trying to clean up a PC that did have some problems, one of which was that it would sometimes take 3 to 5 tries to get windows to start. PC would start up okay, but before XP Home could start, screen would go black requiring a hard reboot to try again.

I think that Winfixer (or one of those) was accidentally installed and there was also a Vundo problem.

After scanning with SuperAntiSpyware, AVG, Adaware, and Spybot, it seems to be okay. Also did a SuperAntiSpyware scan booted from UBCD4Win CD.

I was unable to get the kaspersky online scan to work even tho the latest Java Runtime was installed.

So now I think it is mostly clean but want to confirm that as I am going to use Windows Backup to make a clean backup file to a separate hard drive. (This system has some games that would take several hours to download again (Star War Galaxies) so I do not want to rebuild Windows at this time.) So the next time this happens, I can wipe the system, reinstall XP and then restore the backup file. Hopefully.

Below are my txt files.

Any comments or help would be appreciated.

Thanks

AJ

Main DSS log:

Deckard's System Scanner v20071014.68
Run by Trav on 2008-07-21 11:58:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
57: 2008-07-21 15:58:28 UTC - RP396 - Deckard's System Scanner Restore Point
56: 2008-07-21 15:55:03 UTC - RP395 - Installed Java™ 6 Update 7
55: 2008-07-21 15:05:54 UTC - RP394 - ComboFix created restore point
54: 2008-07-21 12:59:12 UTC - RP393 - Installed Windows Backup Utility
53: 2008-07-20 16:16:02 UTC - RP392 - Installed AVG Free 8.0


-- First Restore Point --
1: 2008-04-22 16:30:46 UTC - RP340 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Trav.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:56 AM, on 7/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Cyb2k.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Trav\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Trav.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1142777730406
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E8F1653-00FC-4DFD-BB2A-1EC30AC872BF}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 5206 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080720-155715-789 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
backup-20080720-155715-872 O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\ANTIVIRUS.exe
backup-20080720-155715-896 O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll (file missing)
backup-20080720-155715-937 O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
backup-20080720-155716-161 O20 - Winlogon Notify: awvvu - C:\WINDOWS\system32\awvvu.dll (file missing)
backup-20080720-155716-191 O20 - Winlogon Notify: xxyaabx - xxyaabx.dll (file missing)
backup-20080720-155716-423 O20 - Winlogon Notify: mljjj - C:\WINDOWS\system32\mljjj.dll (file missing)
backup-20080720-160804-563 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080720-160804-575 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
backup-20080720-160804-669 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
backup-20080720-160804-795 O2 - BHO: {37fd9680-16eb-799b-0844-57bbf0759b54} - {45b9570f-bb75-4480-b997-be610869df73} - C:\WINDOWS\system32\aecntami.dll (file missing)
backup-20080720-160804-847 O2 - BHO: (no name) - {8FD66659-A7AF-4641-9999-C56607D3A0AB} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 mbmiodrvr - c:\windows\system32\mbmiodrvr.sys <Not Verified; cansoft@livewiredev.com; Windows ® 2000 DDK driver>
R2 aslm75 - c:\windows\system32\drivers\aslm75.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 WinDriver6 - c:\windows\system32\drivers\windrvr6.sys <Not Verified; Jungo; WinDriver Device Driver (x86)>
R3 yukonwxp (NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter) - c:\windows\system32\drivers\yukonwxp.sys <Not Verified; Marvell Semiconductor Inc.; Marvell Yukon Gigabit Ethernet Adapter>

S3 MEMSWEEP2 - c:\windows\system32\3.tmp (file missing)
S3 SQTECH905C (DualCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys Wireless-G PCI Adapter
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&3B1D9AB8&0&4040
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Linksys Wireless-G PCI Adapter
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&3B1D9AB8&0&4040
Service: RT2500


-- Files created between 2008-06-21 and 2008-07-21 -----------------------------

2008-07-21 11:22:54 0 dr-hs---- C:\cmdcons
2008-07-21 11:22:52 0 d-------- C:\WINDOWS\setup.pss
2008-07-21 11:22:33 0 d-------- C:\WINDOWS\setupupd
2008-07-21 11:05:18 68096 --a------ C:\WINDOWS\zip.exe
2008-07-21 11:05:18 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-21 11:05:18 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-21 11:05:18 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-21 11:05:18 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-21 11:05:18 98816 --a------ C:\WINDOWS\sed.exe
2008-07-21 11:05:18 80412 --a------ C:\WINDOWS\grep.exe
2008-07-21 11:05:18 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-21 06:12:37 0 d-------- C:\Program Files\Sophos
2008-07-20 19:07:39 0 d-------- C:\XPCD
2008-07-20 18:59:02 0 d-------- C:\UBCD4Win
2008-07-20 17:13:26 0 d-------- C:\WINDOWS\Recent
2008-07-20 17:13:26 0 d-------- C:\WINDOWS\Cookies
2008-07-20 17:13:26 0 d---s---- C:\Documents and Settings\Trav\Cookies
2008-07-20 17:13:26 0 d-------- C:\Documents and Settings\NetworkService\Recent
2008-07-20 17:13:26 0 d-------- C:\Documents and Settings\NetworkService\Cookies
2008-07-20 17:13:26 0 d-------- C:\Documents and Settings\LocalService\Recent
2008-07-20 17:13:26 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-20 17:13:26 0 d-------- C:\Documents and Settings\Guest\Cookies
2008-07-20 17:13:26 0 d-------- C:\Documents and Settings\Default User\Recent
2008-07-20 17:13:26 0 d-------- C:\Documents and Settings\Default User\Cookies
2008-07-20 17:13:26 0 d-------- C:\Documents and Settings\All Users\Recent
2008-07-20 17:13:26 0 d-------- C:\Documents and Settings\All Users\Cookies
2008-07-20 17:13:26 0 d-------- C:\Documents and Settings\Administrator\Recent
2008-07-20 17:13:26 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-07-20 14:34:26 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-07-20 14:31:02 6144 --a------ C:\WINDOWS\system32\atiicdxx.sys <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators>
2008-07-20 14:31:01 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2008-07-20 14:31:00 24064 --a------ C:\WINDOWS\system32\ativcoxx.dll <Not Verified; ATI Technologies, Inc.; >
2008-07-20 14:31:00 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2008-07-20 14:31:00 2060288 --a------ C:\WINDOWS\system32\atipuixx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-07-20 14:31:00 114688 --a------ C:\WINDOWS\system32\atippaxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-07-20 14:31:00 274432 --a------ C:\WINDOWS\system32\atipdsxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-07-20 14:31:00 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-07-20 14:31:00 180224 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-07-20 14:30:59 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-07-20 14:30:57 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-07-20 14:30:57 344064 --a------ C:\WINDOWS\system32\atiptaxx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-07-20 14:30:57 139264 --a------ C:\WINDOWS\system32\atiprbxx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-07-20 14:30:57 61440 --a------ C:\WINDOWS\system32\atiphexx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-07-20 14:30:57 9535488 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-07-20 14:30:57 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-07-20 14:30:57 36864 --a------ C:\WINDOWS\system32\atiiprxx.exe
2008-07-20 14:30:57 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-07-20 14:30:57 380928 --a------ C:\WINDOWS\system32\atiicdxx.dll <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators>
2008-07-20 14:30:57 368640 --a------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-07-20 14:30:57 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2008-07-20 14:30:57 348160 --a------ C:\WINDOWS\system32\aticds10.dll <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators>
2008-07-20 14:30:57 1830912 --a------ C:\WINDOWS\system32\atiadaxx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-07-20 14:30:57 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2008-07-20 14:30:57 495616 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-07-20 14:30:57 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2008-07-20 14:30:57 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2008-07-20 14:30:54 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-20 14:30:54 887724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-07-20 14:30:54 3107788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-07-20 14:30:54 158080 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-20 14:30:42 0 d-------- C:\Program Files\Radeon Omega Drivers
2008-07-20 13:34:13 1333280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-20 13:32:42 0 d-------- C:\Program Files\ZoneAlarmSB
2008-07-20 12:57:20 0 d--h----- C:\$AVG8.VAULT$
2008-07-20 12:16:15 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-20 12:16:14 0 d-------- C:\Documents and Settings\Trav\Application Data\AVGTOOLBAR
2008-07-20 12:16:02 0 d-------- C:\Program Files\AVG
2008-07-20 12:16:02 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-20 09:28:42 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-20 09:28:31 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-20 09:28:31 0 d-------- C:\Documents and Settings\Trav\Application Data\SUPERAntiSpyware.com
2008-07-20 09:12:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-20 09:12:42 0 d-------- C:\Program Files\SystemRequirementsLab
2008-07-20 09:12:40 0 d-------- C:\Documents and Settings\Trav\Application Data\SystemRequirementsLab


-- Find3M Report ---------------------------------------------------------------

2008-07-21 11:55:42 0 d-------- C:\Program Files\Java
2008-07-21 06:10:45 28 --a------ C:\WINDOWS\liccyval.dat
2008-07-20 13:32:45 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-20 12:12:12 0 d-------- C:\Program Files\Common Files
2008-07-20 09:28:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-20 09:12:47 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-18 10:16:18 0 d-------- C:\Program Files\Star Wars Galaxies
2008-07-18 09:59:24 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/20/2008 12:16 PM 2055960 --------- C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
07/20/2008 01:32 PM 262144 --------- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/20/2008 12:16 PM 2055960]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [07/20/2008 01:32 PM 262144]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C2K"="C:\WINDOWS\Cyb2k.exe" [05/16/2005 02:10 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/20/2008 12:16 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07/09/2008 09:05 AM]
"AtiPTA"="atiptaxx.exe" [02/21/2006 09:05 PM C:\WINDOWS\system32\atiptaxx.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC8Player]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VC8SecS"=2 (0x2)
"UPS"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-07-21 11:59:45 ------------

Extra text:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 3200+
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 1023.48 MiB / 588.74 MiB
Pagefile Memory (total/avail): 1694.14 MiB / 1364.11 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.69 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.32 GiB total, 28.32 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L080P0 - 76.33 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.32 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.483.000 (Check Point, LTD.)
AV: AVG Anti-Virus Free v8.0 (AVG Technologies) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\1155590959\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1155590959\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\WINDOWS\\Cyb2k.exe"="C:\\WINDOWS\\Cyb2k.exe:*:Enabled:CYBERsitter Control Panel"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe:*:Enabled:LaunchPad"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Gpotato\\Flyff\\Flyff.exe"="C:\\Program Files\\Gpotato\\Flyff\\Flyff.exe:*:Enabled:Flyff"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Trav\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TRAVIS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Trav
LOGONSERVER=\\TRAVIS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\PROGRA~1\Java\JRE15~1.0_0\bin;C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;;.
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Trav\LOCALS~1\Temp
TMP=C:\DOCUME~1\Trav\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=TRAVIS
USERNAME=Trav
USERPROFILE=C:\Documents and Settings\Trav
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Trav (admin)
AJ (admin)
Administrator (new local, admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
ATI Display Driver (Omega 3.8.442) --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BobaFett's Ultra Utility v3 --> C:\WINDOWS\system32\UUv3Uninstall.exe uninstall
Chessmaster 10th Edition --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E9AE9A91-AB45-4321-87BD-AD34855D944F}
Civilization III --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}\setup.exe"
Disney Pirates of the Caribbean Online --> C:\Program Files\Disney\Disney Online\PiratesOnline\uninst.exe
Exact Audio Copy 0.95b4 --> C:\Program Files\Exact Audio Copy\uninst.exe
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IL-2 Sturmovik: Forgotten Battles --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3} /l1033
IL-2 Sturmovik: Forgotten Battles AEP --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D2BBEABB-A8DF-4451-A7C4-63C87B31E325} /l1033
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
JAM's Jedi Knight KT v2.0 --> C:\WINDOWS\system32\JAMktSetup_uninstall.exe uninstall
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kids Cam Show and Share Creativity Center --> C:\PROGRA~1\KIDSCA~1\Setup.exe /remove /q0
Linksys Wireless-G PCI Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x9
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Masque Games on aim --> C:\Program Files\MasqueAIM\uninstall.exe "Masque Games on aim.ilg"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motherboard Monitor 5 --> "C:\Program Files\Motherboard Monitor 5\unins000.exe"
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
MyDSC2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x9
Nasty File Remover v0.72 (remove only) --> "C:\Program Files\NFR\unins_NFR.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NvMixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
PF+FB+AEP --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51F24145-A833-4BD5-AA38-AFC5268928E5} /l1033
Radeon Omega Drivers v4.8.442 Setup Files and Tools --> "C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe" "/U:C:\Program Files\Radeon Omega Drivers\v4.8.442\Omega Uninstall.xml"
SeaMonkey (1.1.9) --> C:\WINDOWS\SeaMonkeyUninstall.exe /ua "1.1.9 (en)"
Sophos Anti-Rootkit 1.3.1 --> C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove
Star Wars Battlefront --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C79CB9C7-10A4-4814-8402-F574672C2192}\Setup.exe" -l0x9
Star Wars Battlefront II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D374523-CFDE-461A-827E-2A102E2AB365}\Setup.exe" -l0x9 -removeonly
Star Wars Jedi Knight Jedi Academy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}\Setup.exe" -l0x9
Star Wars® Knights of the Old Republic® II: The Sith Lords™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9 -removeonly
Station LaunchPad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7447B32-518C-442F-A8E4-DCF12D8A6D75}\Setup.exe" -l0x9
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
U.B. Funkeys --> C:\Program Files\U.B. Funkeys\uninstall.exe
UBCD4Win 3.20 --> "C:\UBCD4Win\unins000.exe"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server --> MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
Wheel of Fortune 2 (remove only) --> "C:\Program Files\Sony Online Entertainment\Wheel of Fortune 2\Uninstall Wheel of Fortune 2.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
ZoneAlarm Spy Blocker --> rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O


-- Application Event Log -------------------------------------------------------

Event Record #/Type10415 / Error
Event Submitted/Written: 07/21/2008 09:58:01 AM
Event ID/Source: 8019 / NTBackup
Event Description:
End Operation: Warnings or errors were encountered.

Consult the backup report for more details.

Event Record #/Type10414 / Error
Event Submitted/Written: 07/21/2008 09:58:00 AM
Event ID/Source: 8001 / NTBackup
Event Description:
End Backup of 'C:' 'Warnings or errors were encountered.'


Verify: Off

Mode: Append

Type: Normal


Consult the backup report for more details.

Event Record #/Type10412 / Error
Event Submitted/Written: 07/21/2008 09:09:00 AM
Event ID/Source: 12289 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error DeviceIoControl(00000234,0x0053c020,00037D08,0,00038D10,4096,[0]). hr = 0x80070057.

Event Record #/Type10311 / Error
Event Submitted/Written: 07/20/2008 11:53:32 AM
Event ID/Source: 5 / CYBERsitter
Event Description:
Exception Error - GETCIP [10013] Permission denied.

Event Record #/Type10310 / Error
Event Submitted/Written: 07/20/2008 11:52:35 AM
Event ID/Source: 5 / CYBERsitter
Event Description:
Exception Error - Remote Access Server: [10013] Permission denied.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type34469 / Error
Event Submitted/Written: 07/21/2008 11:25:35 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The AVG Free8 E-mail Scanner service terminated unexpectedly. It has done this 2 time(s).

Event Record #/Type34468 / Error
Event Submitted/Written: 07/21/2008 11:25:26 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type34465 / Error
Event Submitted/Written: 07/21/2008 11:25:17 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The AVG Free8 E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type34435 / Error
Event Submitted/Written: 07/21/2008 11:11:17 AM / 07/21/2008 11:11:46 AM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type34433 / Error
Event Submitted/Written: 07/21/2008 11:11:15 AM / 07/21/2008 11:11:46 AM
Event ID/Source: 10270 / ati2mtag
Event Description:




-- End of Deckard's System Scanner: finished at 2008-07-21 11:59:45 ------------

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:46 PM

Posted 07 August 2008 - 10:05 AM

Hello, AJ59.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
Please run Deckard's System Scanner again, this time using these instructions:
(In the event you lost your copy, you can download a new one from here: Deckard's System Scanner)
  • Click on Start, click on Run
  • Copy and paste the following in the open window and then click OK:
    "%userprofile%\desktop\dss.exe" /config
  • This will open up DSS configuration
  • Click on Check All.
  • Click Scan.
    DSS will now run again.
  • Please post back both logs that open in notepad.
    Main.txt and Extra.txt
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:46 PM

Posted 10 August 2008 - 05:04 PM

Hello, AJ59.
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users