Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dss Hijackthislog


  • This topic is locked This topic is locked
8 replies to this topic

#1 jimbo1000

jimbo1000

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 27 July 2008 - 10:23 AM

Hi,

I'm getting a "Visa Advanced Verification" pop-up every time I try to purchase on-line. I.E also crashes a lot.

I have followed your instructions and run DSS - the report is below.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 1022.98 MiB / 410.65 MiB
Pagefile Memory (total/avail): 2464.22 MiB / 1990.9 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.98 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.71 GiB total, 87.23 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)

.PHYSICALDRIVE0 - ST3120026AS - 111.76 GiB - 2 partitions
PARTITION0 - Unknown - 47.03 MiB
PARTITION1 (bootable) - Installable File System - 111.71 GiB - C:

.PHYSICALDRIVE1 - SanDisk ImageMate CF-SM USB Device

.PHYSICALDRIVE2 - SanDisk ImageMate CF-SM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FW: Trend Micro PC-cillin Internet Security (Firewall) v15 (Trend Micro, Inc.)
AV: Trend Micro PC-cillin Internet Security 2007 v15.00.1420 (Trend Micro, Inc.)

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesMessengermsmsgs.exe"="C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger"
"C:Program FilesInternet Exploreriexplore.exe"="C:Program FilesInternet Exploreriexplore.exe:*:Disabled:Internet Explorer"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:Program FilesiTunesiTunes.exe"="C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:Documents and SettingsAll Users
APPDATA=C:Documents and SettingsJim PlantApplication Data
CLASSPATH=.;C:Program FilesJavaj2re1.4.2_03libextQTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:Program FilesCommon Files
COMPUTERNAME=DAWN
ComSpec=C:WINDOWSsystem32cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=Documents and SettingsJim Plant
LOGONSERVER=DAWN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;C:PROGRA~1COMMON~1SONICS~1;C:Program FilesQuickTimeQTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:Program Files
PROMPT=$P$G
QTJAVA=C:Program FilesJavaj2re1.4.2_03libextQTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:WINDOWS
TEMP=C:DOCUME~1JIMPLA~1LOCALS~1Temp
TMP=C:DOCUME~1JIMPLA~1LOCALS~1Temp
USERDOMAIN=DAWN
USERNAME=Jim Plant
USERPROFILE=C:Documents and SettingsJim Plant
windir=C:WINDOWS


-- User Profiles ---------------------------------------------------------------

Dawn Plant (admin)
Jim Plant (admin)
Jim & Dawn's Mail (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:Program FilesInstallShield Installation Information{F37167DD-4436-4641-90B6-329D60632DDA}Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
--> C:WINDOWSIsUninst.exe -fC:WINDOWSorun32.isu
--> C:WINDOWSSystem32MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:WINDOWSSystem32MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:WINDOWSSystem32MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
--> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
--> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{FA7621DC-7144-4A24-973C-B9BC0E945628}setup.exe" -l0x9
--> RunDll32 C:PROGRA~1FREESE~1FSBarFSBar.dll,VoilaBarUnInstall
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Adobe Acrobat 4.0 --> C:WINDOWSISUNINST.EXE -f"C:Program FilesCommon FilesAdobeAcrobat 4.0NTUninst.isu" -c"C:Program FilesCommon FilesAdobeAcrobat 4.0NTUninst.dll"
Adobe ActiveShare 1.3.1 --> C:WINDOWSIsUninst.exe -f"C:Program FilesAdobeActiveShareUninst.isu"
Adobe Download Manager 1.2 (Remove Only) --> "C:Program FilesCommon FilesAdobeESDuninst.exe"
Adobe Flash Player 9 ActiveX --> C:WINDOWSsystem32MacromedFlashFlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe PhotoDeluxe Home Edition 4.0 --> C:WINDOWSIsUninst.exe -f"C:Program FilesAdobePhotoDeluxe Home Edition 4.0Uninst.isu"
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Alcatel SpeedTouch USB Software --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}Setup.exe" /l0009 -Control_Panel
altcompare --> C:Program Filesaltcmduninstall.bat
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{85309D89-7BE9-4094-BB17-24999C6118FC}SETUP.EXE" -l0x9
ArcSoft VideoImpression 1.6FP --> C:WINDOWSIsUninst.exe -f"C:Program FilesArcSoftVideoImpressionUninst.isu"
Canon MP Navigator 2.0 --> "C:Program FilesCanonMP Navigator 2.0Maint.exe" /UninstallRemove C:Program FilesCanonMP Navigator 2.0uninst.ini
Canon MP450 --> "C:WINDOWSsystem32CanonMP Uninstaller Information{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}DelDrv.exe" /U:{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD} /L0x0009
Canon Utilities Easy-PhotoPrint --> C:Program FilesCanonEasy-PhotoPrintuninst.exe uninst.ini
Copernic Agent Basic --> "C:WINDOWSCopernicAgentUninstall.exe" /ARGSFILE="C:Program FilesCopernic Agentunwise.dat"
Dell Media Experience --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{2637C347-9DAD-11D6-9EA2-00055D0CA761}setup.exe" -uninstall
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Digital Camera User's Manual --> C:PROGRA~1DIGITA~1UNWISE.EXE C:PROGRA~1DIGITA~1INSTALL.LOG
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Easy-WebPrint --> C:WINDOWSIsUninst.exe -f"C:Program FilesCanonEasy-WebPrintUninst.isu"
FinePixViewer Ver.3.0 --> C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{24ED4D80-8294-11D5-96CD-0040266301AD} /l1033
Freeserve Search toolbar --> C:Program FilesFreeserveFSBarUninstall.exe
FUJIFILM USB Driver --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{5490882C-6961-11D5-BAE5-00E0188E010B}SETUP.EXE"
Google Earth --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1001Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:program filesgooglegoogletoolbar4.dll"
HijackThis 2.0.2 --> "C:Program FilesTrend MicroHijackThisHijackThis.exe" /uninstall
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
InterActual Player --> C:Program FilesInterActualInterActual Playerinuninst.exe
InterVideo MediaOne Gallery --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{34F0D55F-C386-4195-9A5B-961D3F6ACD46}setup.exe" REMOVEALL
iPod for Windows 2005-09-23 --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Kazoo Player --> C:WINDOWSIsUninst.exe -f"C:Program FilesLightWork DesignKazoo PlayerUninst.isu"
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Modem Event Monitor --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}setup.exe" -l0x9
Modem Helper --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{7F142D56-3326-11D5-B229-002078017FBF}setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{3F92ABBB-6BBF-11D5-B229-002078017FBF}setup.exe" -l0x9 ControlPanelAnyText
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:WINDOWSSystem32nvinstnt.dll,NvUninstallNT4 nvdd.inf
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
PowerDVD --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
RealPlayer Basic --> C:Program FilesCommon FilesRealUpdaternuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:WINDOWS$NtUninstallKB898458$spuninstspuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:WINDOWS$NtUninstallKB923723$spuninstspuninst.exe"
Sky Broadband --> MsiExec.exe /I{14C35072-D7D0-4B29-B5BF-C94E426D77E9}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Ericsson Communications Suite --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{B8BC806D-0703-11D4-BB23-006008676AF8}Setup.exe" -l0x9 -l0009 --remove=y
Sony Ericsson File Manager --> MsiExec.exe /X{F00B1D05-AB7C-4E0A-87A0-CC25D82D7F1D}
Sony Ericsson Image Editor --> MsiExec.exe /X{4FB0FB47-8F1D-4339-8BE9-39819362AE05}
Sony Ericsson MMS Home Studio --> MsiExec.exe /X{7828342A-B269-4387-9A2B-84AF300F0983}
Sony Ericsson Sound Editor --> MsiExec.exe /X{8DD641C2-FFEC-4AED-A339-88BACFC60C39}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Trend Micro PC-cillin Internet Security 2007 --> msiexec.exe /i {BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Viewpoint Media Player --> C:Program FilesViewpointViewpoint Experience TechnologymtsAxInstaller.exe /u
XTNDConnect PC --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{D5CF3710-211B-11D4-B9B9-00105AE05C5D}setup.exe" UNINSTALL


-- Application Event Log -------------------------------------------------------

Event Record #/Type1797 / Error
Event Submitted/Written: 07/27/2008 04:02:47 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type1787 / Warning
Event Submitted/Written: 07/27/2008 02:36:00 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1784 / Error
Event Submitted/Written: 07/27/2008 00:39:10 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application pccguide.exe, version 15.0.0.1420, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1782 / Warning
Event Submitted/Written: 07/27/2008 08:41:38 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1778 / Warning
Event Submitted/Written: 07/26/2008 07:09:16 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type80799 / Error
Event Submitted/Written: 07/27/2008 03:37:03 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.0.2 for the Network Card with network address 000CF1E59B91 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type80795 / Error
Event Submitted/Written: 07/27/2008 02:56:22 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.0.2 for the Network Card with network address 000CF1E59B91 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type80794 / Warning
Event Submitted/Written: 07/27/2008 02:56:18 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000CF1E59B91. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type80791 / Warning
Event Submitted/Written: 07/27/2008 02:56:16 PM
Event ID/Source: 4 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Event Record #/Type80788 / Warning
Event Submitted/Written: 07/27/2008 02:56:08 PM
Event ID/Source: 4 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down



-- End of Deckard's System Scanner: finished at 2008-07-27 16:03:28 ------------



Not sure if it helps you at this stage, but I have run scans with Trend Micro (my resident anti-virus software) as well as SuperAntiSpyware and SDFix. The only one that found anything suspicious was SDfix which removed 1 file but reported that there were 2 it could not remove

Thanks in advance for any help you can offer.

Hi,
Not sure if you wanted this log as well:


Deckard's System Scanner v20071014.68
Run by Jim Plant on 2008-07-27 16:01:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
28: 2008-07-27 15:01:15 UTC - RP353 - Deckard's System Scanner Restore Point
27: 2008-07-26 12:29:13 UTC - RP352 - System Checkpoint
26: 2008-07-20 10:38:48 UTC - RP351 - System Checkpoint
25: 2008-07-19 09:26:33 UTC - RP350 - System Checkpoint
24: 2008-07-17 19:21:14 UTC - RP349 - System Checkpoint


-- First Restore Point --
1: 2008-05-08 19:07:03 UTC - RP326 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jim Plant.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02:35, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSSystem32nvsvc32.exe
C:PROGRA~1TRENDM~1INTERN~4PcCtlCom.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1TRENDM~1INTERN~4Tmntsrv.exe
C:PROGRA~1TRENDM~1INTERN~4TmPfw.exe
C:PROGRA~1TRENDM~1INTERN~4tmproxy.exe
C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1TRENDM~1INTERN~4PcScnSrv.exe
C:Program FilesJavaj2re1.4.2_03binjusched.exe
C:Program FilesIntelModem Event MonitorIntelMEM.exe
C:Program FilesDellMedia ExperiencePCMService.exe
C:WINDOWSSystem32DSentry.exe
C:WINDOWSsystem32dlatfswctrl.exe
C:Program FilesScanSoftOmniPageSE2.0OpwareSE2.exe
C:PROGRA~1TRENDM~1INTERN~4pccguide.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesTrend MicroInternet Security 2007TMAS_OETMAS_OEMon.exe
C:Program FilesFinePixViewerQuickDCF.exe
C:Program FilesiPodbiniPodService.exe
C:Documents and SettingsJim PlantDesktopdss.exe
C:PROGRA~1TRENDM~1HIJACK~1Jim Plant.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.co.uk/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = "C:Program FilesOutlook Expressmsimn.exe"
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar4.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:PROGRA~1FREESE~1FSBarFSBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:Program FilesCanonEasy-WebPrintToolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar4.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_03binjusched.exe
O4 - HKLM..Run: [IntelMeM] C:Program FilesIntelModem Event MonitorIntelMEM.exe
O4 - HKLM..Run: [PCMService] "C:Program FilesDellMedia ExperiencePCMService.exe"
O4 - HKLM..Run: [DVDSentry] C:WINDOWSSystem32DSentry.exe
O4 - HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe
O4 - HKLM..Run: [UpdateManager] "C:Program FilesCommon FilesSonicUpdate Managersgtray.exe" /r
O4 - HKLM..Run: [VirusScan] c:PROGRA~1mcafee.comvsomcvsshld.exe
O4 - HKLM..Run: [REGSHAVE] C:Program FilesREGSHAVEREGSHAVE.EXE /AUTORUN
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesAlcatelSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [OpwareSE2] "C:Program FilesScanSoftOmniPageSE2.0OpwareSE2.exe"
O4 - HKLM..Run: [pccguide.exe] C:PROGRA~1TRENDM~1INTERN~4pccguide.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [OE] "C:Program FilesTrend MicroInternet Security 2007TMAS_OETMAS_OEMon.exe"
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:Program FilesFinePixViewerQuickDCF.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:Program FilesCopernic AgentCopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Search with Freeserve - res://C:PROGRA~1FREESE~1FSBarFSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll (file missing)
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:PROGRA~1COPERN~1COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:PROGRA~1COPERN~1COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:PROGRA~1COPERN~1COPERN~1.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:Program FilesIntelNCSSyncNetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:PROGRA~1TRENDM~1INTERN~4PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:PROGRA~1TRENDM~1INTERN~4PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:PROGRA~1TRENDM~1INTERN~4Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:PROGRA~1TRENDM~1INTERN~4TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:PROGRA~1TRENDM~1INTERN~4tmproxy.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe

--
End of file - 8758 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:windowssystemrootsystem32driversagp440.sys (file missing)
R1 omci (OMCI WDM Device Driver) - c:windowssystem32driversomci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 tmtdi (Trend Micro TDI Driver) - c:windowssystem32driverstmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
R2 ASCTRM - c:windowssystem32driversasctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 tmmbd (Trend Micro MBD Driver) - c:windowssystem32driverstm_mbd_c.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>

S3 catchme - c:docume~1jimpla~1locals~1tempcatchme.sys (file missing)
S3 iAimTV2 - c:windowssystem32driverswatv03nt.sys (file missing)
S3 usb2vcom (USB Data Cable) - c:windowssystem32driversusb2vcom.sys <Not Verified; ; USB to Serial Bridge Controller>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:program filescommon filesapplemobile device supportbinapplemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 PcCtlCom (Trend Micro Central Control Component) - c:progra~1trendm~1intern~4pcctlcom.exe <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>
R2 Tmntsrv (Trend Micro Real-time Service) - c:progra~1trendm~1intern~4tmntsrv.exe <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>
R2 TmPfw (Trend Micro Personal Firewall) - c:progra~1trendm~1intern~4tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
R2 tmproxy (Trend Micro Proxy Service) - c:progra~1trendm~1intern~4tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
R3 PcScnSrv (Trend Micro Protection Against Spyware ) - "c:progra~1trendm~1intern~4pcscnsrv.exe" <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-19 19:33:01 284 --a------ C:WINDOWSTasksAppleSoftwareUpdate.job


-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-26 09:28:38 0 d-------- C:Documents and SettingsAll UsersApplication DataSpybot - Search & Destroy
2008-07-22 21:02:07 0 d-------- C:WINDOWSERUNT
2008-07-04 15:21:24 0 d-------- C:Documents and SettingsAll UsersApplication DataSUPERAntiSpyware.com
2008-07-04 15:20:59 0 d-------- C:Program FilesSUPERAntiSpyware
2008-07-04 15:20:59 0 d-------- C:Documents and SettingsJim PlantApplication DataSUPERAntiSpyware.com
2008-07-04 15:19:15 0 d-------- C:Program FilesCommon FilesWise Installation Wizard
2008-07-03 11:40:35 7823 --a------ C:Documents and SettingsJim PlantApplication Datatemp.dll
2008-07-03 11:40:31 0 d-------- C:Program Filesaltcmd
2008-07-03 11:40:31 1821 --a------ C:Documents and SettingsJim Plantxl00326.exe


-- Find3M Report ---------------------------------------------------------------

2008-07-24 19:18:10 0 d-------- C:Program FilesTrend Micro
2008-07-21 09:17:48 0 d-------- C:Documents and SettingsJim PlantApplication DataCanon
2008-07-12 08:19:21 0 d-------- C:Program FilesCopernic Agent
2008-07-04 15:19:15 0 d-------- C:Program FilesCommon Files


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NvCplDaemon"="C:WINDOWSSystem32NvCpl.dll" [03/11/2003 13:46]
"SunJavaUpdateSched"="C:Program FilesJavaj2re1.4.2_03binjusched.exe" [19/11/2003 17:48]
"IntelMeM"="C:Program FilesIntelModem Event MonitorIntelMEM.exe" [03/09/2003 20:12]
"PCMService"="C:Program FilesDellMedia ExperiencePCMService.exe" [26/08/2003 19:47]
"DVDSentry"="C:WINDOWSSystem32DSentry.exe" [13/08/2003 10:27]
"dla"="C:WINDOWSsystem32dlatfswctrl.exe" [15/03/2004 01:04]
"UpdateManager"="C:Program FilesCommon FilesSonicUpdate Managersgtray.exe" [19/08/2003 01:01]
"VirusScan"="c:PROGRA~1mcafee.comvsomcvsshld.exe" []
"REGSHAVE"="C:Program FilesREGSHAVEREGSHAVE.exe" [04/02/2002 22:32]
"SpeedTouch USB Diagnostics"="C:Program FilesAlcatelSpeedTouch USBDragdiag.exe" [12/11/2002 11:02]
"OpwareSE2"="C:Program FilesScanSoftOmniPageSE2.0OpwareSE2.exe" [08/05/2003 11:00]
"pccguide.exe"="C:PROGRA~1TRENDM~1INTERN~4pccguide.exe" [29/09/2006 22:02]
"QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [19/10/2007 21:16]
"iTunesHelper"="C:Program FilesiTunesiTunesHelper.exe" [02/11/2007 19:36]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [04/08/2004 08:56]
"OE"="C:Program FilesTrend MicroInternet Security 2007TMAS_OETMAS_OEMon.exe" [26/09/2006 23:37]

C:Documents and SettingsJim PlantStart MenuProgramsStartup
DESKTOP.INI [03/09/2002 09:00:00]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Reader Speed Launch.lnk - C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe [14/12/2004 05:44:06]
DESKTOP.INI [03/09/2002 09:00:00]
Exif Launcher.lnk - C:Program FilesFinePixViewerQuickDCF.exe [09/01/2002 03:53:14]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:Program FilesSUPERAntiSpywareSASSEH.DLL [13/05/2008 10:13 77824]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
C:Program FilesSUPERAntiSpywareSASWINLO.dll 19/04/2007 13:41 294912 C:Program FilesSUPERAntiSpywareSASWINLO.dll

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvds]
@="Service"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8910 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-27 16:03:28 ------------

Merge posts. ~ OB

Edited by Orange Blossom, 27 July 2008 - 11:27 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:00 AM

Posted 08 August 2008 - 12:59 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 jimbo1000

jimbo1000
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 09 August 2008 - 08:42 AM

Suebaby41,

Thanks for your reply, but I believe the problem is now fixed.

Jimbo

#4 jimbo1000

jimbo1000
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 09 August 2008 - 11:09 AM

Suebaby41,

I was wrong, it's still there!! I'll post the necessary logs

#5 jimbo1000

jimbo1000
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 09 August 2008 - 11:22 AM

Here are the two logs:

Deckard's System Scanner v20071014.68
Run by Jim Plant on 2008-08-09 17:13:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
40: 2008-08-09 16:13:28 UTC - RP366 - Deckard's System Scanner Restore Point
39: 2008-08-09 14:07:17 UTC - RP365 - Software Distribution Service 3.0
38: 2008-08-09 08:09:40 UTC - RP364 - Installed AVG Free 8.0
37: 2008-08-09 07:45:41 UTC - RP363 - Removed Trend Micro PC-cillin Internet Security 2007
36: 2008-08-09 07:45:35 UTC - RP362 - Removed TMASOLDL


-- First Restore Point --
1: 2008-05-16 18:37:50 UTC - RP327 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-09 17:14:56
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\SYSTEM32\DSentry.exe
C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jim Plant\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\Program Files\Freeserve\FSBar\FSBar.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/9/b...heckControl.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O18 - Protocol: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead


--
End of file - 10374 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 usb2vcom (USB Data Cable) - c:\windows\system32\drivers\usb2vcom.sys <Not Verified; ; USB to Serial Bridge Controller>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-07 19:33:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2008-08-09 12:34:18 0 d--h----- C:\$AVG8.VAULT$
2008-08-09 09:34:37 0 d-------- C:\Documents and Settings\Jim Plant\Application Data\AVGTOOLBAR
2008-08-09 09:09:50 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-09 09:09:50 0 d-------- C:\Documents and Settings\Dawn Plant\Application Data\AVGTOOLBAR
2008-08-09 09:09:41 0 d-------- C:\Program Files\AVG
2008-08-09 09:09:40 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-08 22:08:32 0 d-------- C:\WINDOWS\pss
2008-08-01 21:06:13 0 d-------- C:\WINDOWS\system32\NtmsData
2008-07-22 21:02:07 0 d-------- C:\WINDOWS\ERUNT


-- Find3M Report ---------------------------------------------------------------

2008-08-08 22:40:02 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-08-08 22:38:34 0 d-------- C:\Documents and Settings\Jim Plant\Application Data\Canon
2008-08-08 22:34:53 0 d-------- C:\Program Files\Trend Micro
2008-07-12 08:19:21 0 d-------- C:\Program Files\Copernic Agent
2008-07-04 15:20:59 0 d-------- C:\Documents and Settings\Jim Plant\Application Data\SUPERAntiSpyware.com
2008-07-04 15:19:15 0 d-------- C:\Program Files\Common Files


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
09/08/2008 09:09 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [09/08/2008 09:09 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [03/11/2003 13:46]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [19/11/2003 17:48]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [03/09/2003 20:12]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [26/08/2003 19:47]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [13/08/2003 10:27]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [15/03/2004 01:04]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [19/08/2003 01:01]
"VirusScan"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" []
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 22:32]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [12/11/2002 11:02]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [08/05/2003 11:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [19/10/2007 21:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/11/2007 19:36]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [09/08/2008 09:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" []

C:\Documents and Settings\Jim Plant\Start Menu\Programs\Startup\
DESKTOP.INI [03/09/2002 09:00:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 05:44:06]
DESKTOP.INI [03/09/2002 09:00:00]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [09/01/2002 03:53:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com

8810 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-09 17:16:51 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1022.98 MiB / 662.86 MiB
Pagefile Memory (total/avail): 2464.22 MiB / 2211.49 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1912.46 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.71 GiB total, 87.81 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3120026AS - 111.76 GiB - 2 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 111.71 GiB - C:

\\.\PHYSICALDRIVE1 - SanDisk ImageMate CF-SM USB Device

\\.\PHYSICALDRIVE2 - SanDisk ImageMate CF-SM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jim Plant\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DAWN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jim Plant
LOGONSERVER=\\DAWN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JIMPLA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JIMPLA~1\LOCALS~1\Temp
USERDOMAIN=DAWN
USERNAME=Jim Plant
USERPROFILE=C:\Documents and Settings\Jim Plant
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Dawn Plant (admin)
Jim Plant (admin)
Jim & Dawn's Mail (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA7621DC-7144-4A24-973C-B9BC0E945628}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll,VoilaBarUnInstall
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe ActiveShare 1.3.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\ActiveShare\Uninst.isu"
Adobe Download Manager 1.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe PhotoDeluxe Home Edition 4.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\PhotoDeluxe Home Edition 4.0\Uninst.isu"
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Alcatel SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
ArcSoft VideoImpression 1.6FP --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\VideoImpression\Uninst.isu"
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Canon MP Navigator 2.0 --> "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP450 --> "C:\WINDOWS\system32\CanonMP Uninstaller Information\{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}\DelDrv.exe" /U:{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD} /L0x0009
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Copernic Agent Basic --> "C:\WINDOWS\CopernicAgentUninstall.exe" /ARGSFILE="C:\Program Files\Copernic Agent\unwise.dat"
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Digital Camera User's Manual --> C:\PROGRA~1\DIGITA~1\UNWISE.EXE C:\PROGRA~1\DIGITA~1\INSTALL.LOG
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
FinePixViewer Ver.3.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{24ED4D80-8294-11D5-96CD-0040266301AD} /l1033
Freeserve Search toolbar --> C:\Program Files\Freeserve\FSBar\Uninstall.exe
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo MediaOne Gallery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34F0D55F-C386-4195-9A5B-961D3F6ACD46}\setup.exe" REMOVEALL
iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Kazoo Player --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\LightWork Design\Kazoo Player\Uninst.isu"
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sky Broadband --> MsiExec.exe /I{14C35072-D7D0-4B29-B5BF-C94E426D77E9}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Ericsson Communications Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8BC806D-0703-11D4-BB23-006008676AF8}\Setup.exe" -l0x9 -l0009 --remove=y
Sony Ericsson File Manager --> MsiExec.exe /X{F00B1D05-AB7C-4E0A-87A0-CC25D82D7F1D}
Sony Ericsson Image Editor --> MsiExec.exe /X{4FB0FB47-8F1D-4339-8BE9-39819362AE05}
Sony Ericsson MMS Home Studio --> MsiExec.exe /X{7828342A-B269-4387-9A2B-84AF300F0983}
Sony Ericsson Sound Editor --> MsiExec.exe /X{8DD641C2-FFEC-4AED-A339-88BACFC60C39}
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
XTNDConnect PC --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5CF3710-211B-11D4-B9B9-00105AE05C5D}\setup.exe" UNINSTALL


-- Application Event Log -------------------------------------------------------

Event Record #/Type1994 / Warning
Event Submitted/Written: 08/09/2008 02:10:52 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1989 / Warning
Event Submitted/Written: 08/09/2008 09:33:48 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1983 / Warning
Event Submitted/Written: 08/09/2008 08:57:52 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1979 / Warning
Event Submitted/Written: 08/08/2008 10:49:05 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1965 / Warning
Event Submitted/Written: 08/08/2008 10:10:03 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type82227 / Error
Event Submitted/Written: 08/09/2008 04:54:55 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.0.2 for the Network Card with network address 000CF1E59B91 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type82195 / Error
Event Submitted/Written: 08/09/2008 11:06:41 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.0.2 for the Network Card with network address 000CF1E59B91 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type82054 / Error
Event Submitted/Written: 08/09/2008 08:31:43 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.0.2 for the Network Card with network address 000CF1E59B91 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type81975 / Error
Event Submitted/Written: 08/08/2008 10:29:10 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Trend Micro Real-time Service service failed to start due to the following error:
%%3

Event Record #/Type81974 / Error
Event Submitted/Written: 08/08/2008 10:29:10 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The tmcomm service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-08-09 17:16:51 ------------

FYI - When the original problem started I installed Spybot but it conflicted with PC Cillin Internet Security 2007 so I uninstalled Spybot. Despite uninstalling it, traces of Spybot's bad web address database remained and PC Cillin kept finding these 'Hosts Files' each time it scanned (some are shown in the log above). I then had further problems trying to upgrade PC Cillin so I uninstalled that aswell and installed AVG. My PC seems more stable now and not so slow, however the 'VISA Advanced Verification' pop-up still comes up if I try to purchase anything - so something is not right.

Thanks.

Edited by jimbo1000, 09 August 2008 - 01:28 PM.


#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:00 AM

Posted 11 August 2008 - 10:07 AM

Step 1

The entries below indicate that you may have three antivirus programs, AVG8, McAfee Security Suite, and Trend Micro Internet Security Suite on your computer.

AVG8

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe


Mcafee Security Suite

O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
mcvsshld.exe is an important executable belonging to McAfee's Internet security suite. If you have installed Mcafee's antivirus software, then you will find this in your startup programs list. (Do not terminate as your anti-virus checking will also be affected, unless you are not using McAfee, since this may have come pre installed on your system).

Trend Micro Internet Security 2007

O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"

Multiple antivirus programs can interfere with one another and actually allow MORE viruses to get through. Running two antivirus programs at the same time could lead to both of them trying to scan the same file at the same time, scan the same email at the same time and so on which could lead to conflicts.

Most of the popular antivirus products, when running together, will "fight for control" over the user's machine. It is this conflict that will slow down the system speed and cause various serious compatibility problems. This can also create registry conflicts as well as causing false virus alerts - or worse, missing alerts entirely! Having more than one antivirus program running and "active in memory" will use more resources which will adversely affect your access to files and cause overall system slowdowns.

Symantec strongly recommends that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

See Should you run more than one antivirus program at the same time?

Kaspersky Lab experts do not recommend using more that one antivirus package on the computer as the co-work of two different Antivirus programs may lead to computer productivity and operating system fall. And to solve the problem of Antivirus applications you will need to reinstall the operating system.

See Co-use of Kaspersky AntiVirus 5.0 and Antivirus packages of other vendors

Ask Leo said:

Real time monitoring, on the other hand, is another story. When you install most anti-virus programs they often automatically install and enable their real-time monitors. Running two or more real-time anti-virus monitors at the same time is very likely to cause a conflict. That conflict could result in error messages, crashes of the anti-virus programs, or other types of failure.

See Can I run more than one anti-virus program? Anti-spyware program? Firewall? Should I?

Types Of Antivirus Programs:

There are basically two types of antivirus programs: On-Access and On-Demand

On-Access Scanners, as the name implies, run in the background all the time the PC is turned on and running. The main function of an on-access scanner is to monitor activity on your machine.

On-Demand Scanners, such as Online Scans and scanners that run on your machine but are not actively scanning your machine, as the name implies, are scanners that only run when you ask them to run.

Antivirus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two antivirus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. I notice that you are using more than one antivirus program. This is very dangerous, as multiple antivirus programs can interfere with one another and actually allow MORE viruses to get through. Running two antivirus programs at the same time could lead to both of them trying to scan the same file at the same time, scan the same email at the same time and so on which could lead to conflicts.
I strongly suggest you do one of the following:
  • Configure only one antivirus program to enable automatic realtime scanning and leave the rest disabled most of the time.
  • Go to "Start -> Control Panel -> Add/Remove Programs" and uninstall all but one antivirus program.
Step 2

McAfee Security Suite and Trend Micro Internet Security Suite include firewalls which means you may have two firewalls.

Running multiple software firewalls is unnecessary for typical home computers, home networking, and small-business networking scenarios. Using two firewalls on the same connection could cause issues with connectivity to the Internet or other unexpected behavior. One firewall can provide substantial protection for your computer. Microsoft specifically says not to use more than one firewall, because it can result in some programs not working correctly. There's even a Help and Support Center topic in XP SP2 called Why you should only use one firewall. In any event, having two firewalls running simultaneously is most certainly an unnecessary drain on system resources.   I strongly suggest that you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one firewall. For more information about firewalls, and why a two-way firewall is better than the Windows XP one-way firewall, please read Understanding and Using Firewalls.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:00 AM

Posted 11 August 2008 - 10:16 AM

It seems that you have your HijackThis log posted at the BleepingComputer Forums and the Spybot Search & Destroy Forums.
http://forums.spybot.info/showthread.php?t=31500

It is very important that you deal with only one forum for your fixes. In addition, the helpers at all the forums are volunteers and our time is limited so we try to help as many people as we can. Your taking the time of two volunteers would mean that someone would not be helped.

If you decide to continue with me here at the BleepingComputer Forum, then you will need to let the Spybot Search & Destroy Forums know this.

If you decide to continue with the Spybot Search & Destroy Forums, please let me know so I can close this thread.

Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#8 jimbo1000

jimbo1000
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 12 August 2008 - 04:50 PM

Suebaby41,

Apologies for confusing the issue between BCs forum & Spybot forum. I originally had lots of problems with Spybot S&D on my PC (conflicts with PC Cillin) in the end I removed both and moved to BCs. Until you pointed it out, I hadn't realised I had a reply from Spybot. As I started with Spybot, I'll continue with them so please feel free to close this thread. Hope I didn't waste too much of your time.

Regards.

#9 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:00 AM

Posted 12 August 2008 - 06:00 PM

Thanks for letting me know.

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users