Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Messages Popup At Startup.


  • This topic is locked This topic is locked
4 replies to this topic

#1 munkybfunky

munkybfunky

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 11 August 2008 - 11:57 PM

Hi,

I've recently been getting a lot of message popups at the startup of my computer. The popups doesn't slow down my computer but it's annoying having to close it everytime I turn the computer on. Please help me with this problem and thank you in advance. Here are the messages:

Windows cannot find "C:\Documents'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

Could not load or run "C:\Documents' specified in the registry. Make sure the file exists on your computer or remove the reference in the registry.

Windows cannot find 'and'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

Could not load or run 'and' specified in the registry. Make sure the file exists on your computer or remove the reference in the registry.

Windows cannot find 'Settings\Betty\Application'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

Could not load or run 'Settings\Betty\Application' specified in the registry. Make sure the file exists on your computer or remove the reference in the registry.

Windows cannot find 'Data\Adobe\Manager.exe". Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

Could not load or run 'Data\Adobe\Manager.exe" specified in the registry. Make sure the file exists on your computer or remove the reference in the registry.


Deckard's System Scanner v20071014.68
Run by Betty on 2008-08-11 21:17:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-08-12 04:17:25 UTC - RP10 - Deckard's System Scanner Restore Point
5: 2008-08-12 02:56:11 UTC - RP9 - Software Distribution Service 3.0
4: 2008-08-10 10:05:02 UTC - RP8 - Software Distribution Service 3.0
3: 2008-08-10 01:37:28 UTC - RP7 - Installed Microsoft Office Standard Edition 2003
2: 2008-08-10 01:28:14 UTC - RP6 - Installed Microsoft Office Standard Edition 2003


-- First Restore Point --
1: 2008-08-10 01:10:23 UTC - RP5 - Installed Microsoft Office Standard Edition 2003


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 224 MiB (512 MiB recommended).


-- HijackThis (run as Betty.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:30 PM, on 8/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\Betty\My Documents\My Completed Downloads\dss_1.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Betty.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

F3 - REG:win.ini: run="C:\Documents and Settings\Betty\Application Data\Adobe\Manager.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120151899078
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

--
End of file - 4400 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 npkcrypt - c:\program files\nexon\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-07-11 and 2008-08-11 -----------------------------

2008-08-11 20:10:24 0 d-------- C:\Documents and Settings\Betty\Application Data\WinRAR
2008-08-10 13:58:16 0 d-------- C:\Program Files\Trend Micro
2008-08-10 00:17:28 0 d-------- C:\WINDOWS\Sun
2008-08-10 00:17:27 0 d-------- C:\Documents and Settings\Betty\Application Data\Sun
2008-08-10 00:16:14 0 d-------- C:\Documents and Settings\Betty\Application Data\AdobeUM
2008-08-10 00:15:24 0 d-------- C:\Program Files\Common Files\Adobe
2008-08-09 23:26:10 0 d-------- C:\Documents and Settings\Betty\Application Data\Nexon
2008-08-09 23:25:19 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-08-09 23:24:36 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-08-09 19:39:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-09 18:39:50 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-08-09 18:38:44 0 d-------- C:\WINDOWS\SHELLNEW
2008-08-09 18:15:42 0 dr-h----- C:\MSOCache
2008-08-09 17:11:37 0 d-------- C:\Program Files\Lavasoft
2008-08-09 17:11:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-09 17:11:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-09 17:10:30 0 d-------- C:\WINDOWS\pss
2008-08-09 16:51:06 0 d-------- C:\Program Files\Nexon
2008-08-09 16:50:22 0 d-------- C:\Program Files\CCleaner
2008-08-09 16:48:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-09 16:48:52 0 d-------- C:\Program Files\Avira
2008-08-09 16:41:32 0 d-------- C:\Program Files\Java
2008-08-09 16:38:51 0 d-------- C:\Program Files\Common Files\Java
2008-08-09 16:30:39 45056 --a------ C:\WINDOWS\system32\gldmng.dll
2008-08-09 16:26:03 0 d-------- C:\Documents and Settings\Betty\Application Data\Macromedia
2008-08-09 16:26:02 0 d-------- C:\Documents and Settings\Betty\Application Data\Adobe
2008-08-09 16:14:16 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-09 16:14:12 0 d-------- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-08-09 16:14:09 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-08-09 16:14:08 0 d-------- C:\Program Files\DAP
2008-08-09 16:09:21 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-09 16:09:17 0 d-------- C:\Documents and Settings\Betty\Application Data\Mozilla
2008-08-09 16:02:12 0 dr------- C:\Documents and Settings\Betty\Favorites
2008-08-09 16:02:12 0 d-------- C:\Documents and Settings\Betty\Desktop
2008-08-09 16:02:12 0 d---s---- C:\Documents and Settings\Betty\Cookies
2008-08-09 16:02:12 0 dr-h----- C:\Documents and Settings\Betty\Application Data
2008-08-09 16:02:12 0 d-------- C:\Documents and Settings\Betty\Application Data\Identities
2008-08-09 16:02:11 0 d---s---- C:\Documents and Settings\Betty\UserData
2008-08-09 16:02:11 0 d--h----- C:\Documents and Settings\Betty\Templates
2008-08-09 16:02:11 0 dr------- C:\Documents and Settings\Betty\Start Menu
2008-08-09 16:02:11 0 dr-h----- C:\Documents and Settings\Betty\SendTo
2008-08-09 16:02:11 0 dr-h----- C:\Documents and Settings\Betty\Recent
2008-08-09 16:02:11 0 d--h----- C:\Documents and Settings\Betty\PrintHood
2008-08-09 16:02:11 3932160 --ah----- C:\Documents and Settings\Betty\NTUSER.DAT
2008-08-09 16:02:11 0 d--h----- C:\Documents and Settings\Betty\NetHood
2008-08-09 16:02:11 0 dr------- C:\Documents and Settings\Betty\My Documents
2008-08-09 16:02:11 0 d--h----- C:\Documents and Settings\Betty\Local Settings
2008-08-09 16:01:25 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-08-09 16:01:20 0 d---s---- C:\Documents and Settings\Default User\UserData


-- Find3M Report ---------------------------------------------------------------

2008-08-10 00:15:24 0 d-------- C:\Program Files\Common Files


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [04/12/2005 11:31 AM C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [04/08/2005 02:17 PM]
"SoundMan"="SOUNDMAN.EXE" [12/01/2004 04:54 PM C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [11/20/2003 08:41 AM C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [10/08/2004 03:44 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/08/2004 03:43 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 02:00 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 02:00 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 02:00 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 02:00 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antispy]
C:\Program Files\IEAntiVirus\scan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\MSMSGS.EXE" /background




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8972 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-11 21:21:35 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® M processor 1300MHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 223.36 MiB / 70.24 MiB
Pagefile Memory (total/avail): 546.71 MiB / 249.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.87 MiB

C: is Fixed (NTFS) - 37.25 GiB total, 32.16 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST94011A - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.25 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Betty\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-55236F1921
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Betty
LOGONSERVER=\\YOUR-55236F1921
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\Betty\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Betty\LOCALS~1\Temp
TMP=C:\DOCUME~1\Betty\LOCALS~1\Temp
USERDOMAIN=YOUR-55236F1921
USERNAME=Betty
USERPROFILE=C:\Documents and Settings\Betty
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Betty (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Agere Systems AC'97 Modem v2136D --> agrsmdel
Avira AntiVir Personal Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinRip --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D32D4182-DE6C-457E-838C-8D7B9CE332BA}\setup.exe" REMOVEALL
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NTI CD & DVD-Maker Gold --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1033 AnyText
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem0.inf
SiSAGP driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type47 / Error
Event Submitted/Written: 08/11/2008 08:02:37 PM
Event ID/Source: 4118 / Avira AntiVir
Event Description:
C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xmlUNKNOWN20598784

Event Record #/Type44 / Error
Event Submitted/Written: 08/11/2008 07:45:05 PM
Event ID/Source: 4118 / Avira AntiVir
Event Description:
C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xmlUNKNOWN20598784

Event Record #/Type41 / Error
Event Submitted/Written: 08/11/2008 00:30:51 PM
Event ID/Source: 4118 / Avira AntiVir
Event Description:
C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xmlUNKNOWN20598784

Event Record #/Type40 / Error
Event Submitted/Written: 08/11/2008 00:30:18 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application scan.exe, version 3.4.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type39 / Error
Event Submitted/Written: 08/11/2008 00:30:18 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application scan.exe, version 3.4.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type318 / Warning
Event Submitted/Written: 08/10/2008 00:39:59 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00142A2A3C8A. The IP address being used is 169.254.44.54.

Event Record #/Type317 / Warning
Event Submitted/Written: 08/10/2008 00:39:49 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00142A2A3C8A. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type283 / Warning
Event Submitted/Written: 08/09/2008 06:42:54 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll.

Event Record #/Type280 / Error
Event Submitted/Written: 08/09/2008 06:35:59 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type271 / Warning
Event Submitted/Written: 08/09/2008 06:30:03 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-08-11 21:21:35 ------------

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:01 PM

Posted 14 August 2008 - 08:10 AM

Hi,

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.
After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").
Doubleclick ResetTeaTimer.bat and let it run.
This will only take a few seconds.

Then, Start HijackThis and check next entry in it:

F3 - REG:win.ini: run="C:\Documents and Settings\Betty\Application Data\Adobe\Manager.exe"


click the Fix checked button below.
Make sure your Internet Explorer is closed when you click Fix checked.

Then, navigate to and delete next file:

C:\WINDOWS\system32\gldmng.dll

Also look if the following folder is still present and delete it:

C:\Program Files\IEAntiVirus

Then, Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antispy]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Reboot afterwards.
Let me know if that solved your problem.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 munkybfunky

munkybfunky
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 15 August 2008 - 02:52 AM

:thumbsup: I followed all your instructions and the popups stopped coming. I really appreciate your help. Thank you so much.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:01 PM

Posted 15 August 2008 - 03:20 AM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:01 PM

Posted 25 August 2008 - 03:21 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users