Jared

Members
  • Content Count

    19
  • Joined

  • Last visited

Everything posted by Jared

  1. Hi, it kept saying that there was a memory error when I tried to run ComboFix. But I ran GMER. Hijack This Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:37, on 2007-10-21 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16546) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\GameSpy\Comrade\Comrade.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE -- End of file - 6087 bytes GMER log: GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-10-21 15:35:41 Windows 6.0.6000 ---- User code sections - GMER 1.0.13 ---- .text C:\Program Files\GameSpy\Comrade\Comrade.exe[2388] WS2_32.dll!sendto 766F3DD4 5 Bytes JMP 03F71BB0 c:\program files\gamespy\comrade\154\DetectLib.dll .text C:\Program Files\GameSpy\Comrade\Comrade.exe[2388] WS2_32.dll!WSASendTo 7670A40C 5 Bytes JMP 03F71BF0 c:\program files\gamespy\comrade\154\DetectLib.dll ---- User IAT/EAT - GMER 1.0.13 ---- IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6E9D8926] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6E9D8B5F] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6E9D8A95] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9D9845] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E9D9669] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] [6E9D9BD7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6E9D8926] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6E9D8A95] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenFile] [6E9D8CB4] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] [6E9D8926] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeleteFileW] [6E9D8A95] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!MoveFileW] [6E9D8B5F] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [6E9D955A] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] [6E9D9B2B] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [6E9D9771] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9D9845] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6E9D2E1C] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6E9D8A95] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6E9D2C06] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6E9D2A08] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!AccessCheck] [6E9D886A] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6E9D9A83] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteValueW] [6E9D9D29] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9D9845] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] [6E9D9BD7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E9D9669] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6E9D9771] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6E9D8A95] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6E9D8FD6] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6E9D8F7E] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6E9DA2A5] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] [6E9D9B2B] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6E9D955A] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6E9D9771] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueA] [6E9D9C87] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6E9D9669] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9D9845] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] [6E9D9BD7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueW] [6E9D9D29] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] [6E9D9BD7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [6E9D9E24] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [6E9D9771] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E9D9669] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9D9845] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!AccessCheck] [6E9D886A] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!MoveFileExW] [6E9D8C44] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6E9D8926] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6E9D8B5F] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6E9D8A95] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6E9D8FD6] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6E9D8C44] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9D9845] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] [6E9D9BD7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E9D9669] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteValueW] [6E9D9D29] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6E9D9A83] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6E9D94C8] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [6E9D9E24] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AccessCheck] [6E9D886A] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6E9D9771] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!PrivCopyFileExW] [6E9D8F1A] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] [6E9D8C44] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeleteFileW] [6E9D8A95] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetFileAttributesW] [6E9D8FD6] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [6E9D9E24] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCreateKeyExW] [6E9D9669] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] [6E9D9BD7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9D9845] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E9D9669] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] [6E9D9BD7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Grant\AppData\Local\Temp\Rar$EX00.805\gmer.exe[3784] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9D9845] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\ADVAPI32.DLL [KERNEL32.dll!OpenFile] [6E9D8CB4] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\ADVAPI32.DLL [KERNEL32.dll!CopyFileW] [6E9D8926] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\ADVAPI32.DLL [KERNEL32.dll!DeleteFileW] [6E9D8A95] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\ADVAPI32.DLL [KERNEL32.dll!MoveFileW] [6E9D8B5F] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\ADVAPI32.DLL [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [6E9D955A] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] [6E9D9B2B] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [6E9D9771] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9D9845] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6E9D8926] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6E9D8A95] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6E9D8926] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6E9D8B5F] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6E9D8A95] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9D9845] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E9D9669] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] [6E9D9BD7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6E9D8A95] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6E9D8FD6] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6E9D8F7E] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6E9DA2A5] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] [6E9D9B2B] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6E9D955A] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6E9D9771] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueA] [6E9D9C87] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6E9D9669] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9D9845] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] [6E9D9BD7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueW] [6E9D9D29] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6E9D8926] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6E9D8B5F] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6E9D8A95] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6E9D8FD6] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6E9D8C44] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9D9845] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] [6E9D9BD7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E9D9669] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteValueW] [6E9D9D29] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6E9D9A83] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6E9D94C8] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [6E9D9E24] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AccessCheck] [6E9D886A] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6E9D9771] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\OLE32.DLL [KERNEL32.dll!CreateProcessW] [6E9D2E1C] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\OLE32.DLL [KERNEL32.dll!DeleteFileW] [6E9D8A95] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\OLE32.DLL [KERNEL32.dll!GetFileAttributesExW] [6E9D2C06] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\OLE32.DLL [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\OLE32.DLL [KERNEL32.dll!GetFileAttributesW] [6E9D2A08] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\OLE32.DLL [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\OLE32.DLL [ADVAPI32.dll!AccessCheck] [6E9D886A] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\OLE32.DLL [ADVAPI32.dll!RegSetValueW] [6E9D9A83] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\OLE32.DLL [ADVAPI32.dll!RegDeleteValueW] [6E9D9D29] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\OLE32.DLL [ADVAPI32.dll!RegOpenKeyExW] [6E9D9845] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\OLE32.DLL [ADVAPI32.dll!RegSetValueExW] [6E9D9BD7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\OLE32.DLL [ADVAPI32.dll!RegCreateKeyExW] [6E9D9669] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\OLE32.DLL [ADVAPI32.dll!RegOpenKeyExA] [6E9D9771] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] [6E9D9BD7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [6E9D9E24] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [6E9D9771] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E9D9669] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9D9845] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!AccessCheck] [6E9D886A] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!MoveFileExW] [6E9D8C44] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!PrivCopyFileExW] [6E9D8F1A] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] [6E9D8C44] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeleteFileW] [6E9D8A95] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetFileAttributesW] [6E9D8FD6] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [6E9D9E24] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCreateKeyExW] [6E9D9669] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] [6E9D9BD7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9D9845] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E9D9669] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] [6E9D9BD7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9D9845] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExW] [6E9D9669] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegDeleteValueW] [6E9D9D29] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] [6E9D9BD7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegDeleteValueA] [6E9D9C87] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9D9845] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] [6E9D955A] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] [6E9D9B2B] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] [6E9D9771] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CopyFileA] [6E9D88CE] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetFileAttributesA] [6E9D8F7E] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExA] [6E9D8BD4] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileA] [6E9D8AEA] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!DeleteFileW] [6E9D8A95] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!DeleteFileA] [6E9D8A40] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileA] [6E9DA2A5] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetFileAttributesW] [6E9D8FD6] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E9D9669] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] [6E9D955A] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9D9845] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] [6E9D9771] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExW] [6E9D9BD7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteValueW] [6E9D9D29] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExA] [6E9D9B2B] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [6E9DA3C1] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!DeleteFileW] [6E9D8A95] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetFileAttributesW] [6E9D8FD6] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [6E9DA2A5] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] [6E9D9771] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] [6E9D955A] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SAMLIB.dll [ADVAPI32.dll!RegSetValueExA] [6E9D9B2B] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExW] [6E9D9845] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Program Files\WinRAR\WinRAR.exe[3948] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [74974618] C:\Windows\system32\ShimEng.dll AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_CREATE [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_CLOSE [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_READ [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_WRITE [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_QUERY_INFORMATION [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SET_INFORMATION [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_QUERY_EA [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SET_EA [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_FLUSH_BUFFERS [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_DEVICE_CONTROL [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [8A5C12C0] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SHUTDOWN [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_LOCK_CONTROL [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_CLEANUP [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_CREATE_MAILSLOT [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_QUERY_SECURITY [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SET_SECURITY [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_POWER [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SYSTEM_CONTROL [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_DEVICE_CHANGE [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_QUERY_QUOTA [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SET_QUOTA [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CLOSE [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_READ [82BC0038] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_WRITE [82BC0160] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_EA [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [82BBFB74] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CLEANUP [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_POWER [82BBFEAC] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE_NAMED_PIPE [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CLOSE [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_READ [82BC0038] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_WRITE [82BC0160] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_INFORMATION [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_INFORMATION [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_EA [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_EA [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_VOLUME_INFORMATION [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_VOLUME_INFORMATION [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DIRECTORY_CONTROL [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_FILE_SYSTEM_CONTROL [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL [82BBFB74] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_LOCK_CONTROL [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CLEANUP [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE_MAILSLOT [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_SECURITY [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_SECURITY [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_POWER [82BBFEAC] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DEVICE_CHANGE [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_QUOTA [82BBFB48] fvevol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_QUOTA [82BBFB48] fvevol.sys AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_CREATE [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_CLOSE [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_READ [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_WRITE [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_QUERY_INFORMATION [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SET_INFORMATION [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_QUERY_EA [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SET_EA [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_FLUSH_BUFFERS [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_DIRECTORY_CONTROL [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_DEVICE_CONTROL [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [8A5C12C0] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SHUTDOWN [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_LOCK_CONTROL [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_CLEANUP [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_CREATE_MAILSLOT [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_QUERY_SECURITY [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SET_SECURITY [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_POWER [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SYSTEM_CONTROL [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_DEVICE_CHANGE [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_QUERY_QUOTA [8A5C18E6] aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SET_QUOTA [8A5C18E6] aswTdi.SYS ---- Registry - GMER 1.0.13 ---- Reg \Registry\MACHINE\SOFTWARE\LicCtrl\LicCtrl\LicCtrl\LicCtrl ---- Files - GMER 1.0.13 ---- ADS C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{4645475C-14B5-0D59-3310-5DFE0FCE177D}1\10-{4645475C-14B5-0D59-3310-5DFE0FCE177D}-v1-{EECEE1BE-2F29-4B47-AA39-B78587B3D37B}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{1B255EC6-EEF1-A169-FD61-CB3696D97D12}1\11-{1B255EC6-EEF1-A169-FD61-CB3696D97D12}-v1-{EECEE1BE-2F29-4B47-AA39-B78587B3D37B}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ---- EOF - GMER 1.0.13 ----
  2. Thanks for the reply and sorry for replying so late, I've been very busy and haven't had time to use the computer, its still running very badly so I hope the results of this scan show some insight into whats wrong. ;******************************************************************************* ********************************************************************************* ******************* ANALYSIS: 2007-10-18 14:23:10 PROTECTIONS: 2 MALWARE: 34 SUSPECTS: 0 ;******************************************************************************* ********************************************************************************* ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================= =================== avast! antivirus 4.7.1043 [VPS 000782-1] 4.7.1043 No Yes Windows Live OneCare 1.0.0 No Yes ;=============================================================================== ================================================================================= =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================= =================== 00034347 dialer.su Dialers No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.doubleclick.net/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.atdmt.com/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tradedoubler.com/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/] 00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tribalfusion.com/] 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.mediaplex.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.com.com/] 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.xiti.com/] 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies-1.txt[.azjmp.com/] 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies-1.txt[.azjmp.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.statcounter.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.burstnet.com/] 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.burstnet.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.bs.serving-sys.com/] 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adtech.de/] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[server.iad.liveperson.net/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/] 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.overture.com/] 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.realmedia.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.realmedia.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.questionmarket.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.questionmarket.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.zedo.com/] 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adrevolver.com/] 00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.bravenet.com/] 00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.bravenet.com/] 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.atwola.com/] 00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.addynamix.com/] 01168731 Spyware/Virtumonde Spyware No 1 Yes No C:\Program Files\Alwil Software\Avast4\DATA\moved\epvpqyit.dll.vir 01168731 Spyware/Virtumonde Spyware No 1 Yes No C:\Program Files\Alwil Software\Avast4\DATA\moved\ijophorg.dll.vir 02133701 Trj/Downloader.QGS Virus/Trojan No 0 No No C:\Deckard\System Scanner\20070923081721\backup\Users\Grant\AppData\Local\Temp\PC Tools Spyware Doctor 5.0.rar[patch.exe] 02137870 Spyware/Virtumonde Spyware No 1 No No C:\Deckard\System Scanner\20070923081721\backup\Users\Grant\AppData\Local\Temp\PC Tools Spyware Doctor 5.0.rar[keygen.exe] 02287815 Adware/SpywareNo Adware No 0 No No C:\Deckard\System Scanner\20070923081721\backup\Users\Grant\AppData\Local\Temp\PC Tools Spyware Doctor 5.0.rar[crack.exe] 02402148 Application/Playmp3z HackTools No 0 Yes No C:\Users\Grant\Desktop\SHOW_PORN_VIDEO.exe ;=============================================================================== ================================================================================= =================== SUSPECTS Location ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= ===================
  3. Hi, thanks for the reply again, did the ATF Cleaner, and the defragment. I believe the DVD player on my computer is function properly in normal mode, but it just wouldn't allow me to boot from the Vista disc for some reason.
  4. Nothing with a yellow question mark next to it. What can I do next?
  5. OS Checks, Disk Checks and the Security Center Tests all passed, but the System Service Checks and Hardware Device and Driver Checks both failed. I took a screen shot for you:
  6. It's not letting me boot from the Vista CD, but my computer is working in normal mode now, still it is running very slowly. Is there any other way we can fix it without the Vista CD?
  7. The option wasn't on the CD for some reason, but I was able to load my computer's last good settings and its seemed to work, so now we can work on getting rid of the viruses again. What do you need from me for us to begin this again?
  8. Yeah but I cannot find the product key.
  9. What what kind of information do you need? There is alot to read and it doesn't stay on the screen long...
  10. Thank you very much, ill be awaiting your reply
  11. 09/24/2007 12:53 Scan of all local drives File C:\Program Files\Panda Security\TotalScan\pskavs.dll is infected by Win32:CTX, Repair: Error 42060 {The file was not repaired.}, Deleted File C:\Users\Grant\Desktop\sdsetup.exe\{app}\IDBLib.sdp Error 42146 {Installer archive is corrupted.} File C:\Windows\System32\gebyx.dll is infected by Win32:Vundo-gen49 [Adw], Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Deleted File C:\Windows\System32\pmkkh.dll is infected by Win32:Vundo-gen49 [Adw], Repair: Error 42060 {The file was not repaired.}, Deleted Scanning aborted Number of searched folders: 10656 Number of tested files: 296916 Number of infected files: 3 ---------------------------------------- 09/25/2007 07:46 Scan of all local drives File C:\Users\Grant\Desktop\sdsetup.exe\{app}\IDBLib.sdp Error 42146 {Installer archive is corrupted.} File C:\Windows\System32\epvpqyit.dll is infected by Win32:Virtumonde-BA [Adw], Moved File C:\Windows\System32\gebyx.dll is infected by Win32:Vundo-gen49 [Adw], Moved to chest File C:\Windows\System32\ijophorg.dll is infected by Win32:Virtumonde-BA [Adw], Moved File C:\Windows\System32\mfqdlycu.dll is infected by Win32:Virtumonde-BA [Adw], Moved to chest File C:\Windows\System32\pmkkh.dll is infected by Win32:Vundo-gen49 [Adw], Moved to chest Number of searched folders: 15800 Number of tested files: 319137 Number of infected files: 5 TotalScan: ;******************************************************************************* ********************************************************************************* ******************* ANALYSIS: 2007-09-25 20:30:22 PROTECTIONS: 2 MALWARE: 36 SUSPECTS: 0 ;******************************************************************************* ********************************************************************************* ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================= =================== avast! antivirus 4.7.1043 [VPS 000776-1] 4.7.1043 No Yes Windows Live OneCare 1.0.0 No Yes ;=============================================================================== ================================================================================= =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================= =================== 00034347 dialer.su Dialers No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.doubleclick.net/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.atdmt.com/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tradedoubler.com/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/] 00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/] 00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt 00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/] 00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/] 00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/] 00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/] 00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tribalfusion.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tribalfusion.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tribalfusion.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tribalfusion.com/] 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.mediaplex.com/] 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.com.com/] 00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.yadro.ru/] 00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.yadro.ru/] 00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.gostats.com/] 00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.gostats.com/] 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies-1.txt[.azjmp.com/] 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies-1.txt[.azjmp.com/] 00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.toplist.cz/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.statcounter.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.burstnet.com/] 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.burstnet.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.bs.serving-sys.com/] 00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.888.com/] 00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.888.com/] 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[www.burstbeacon.com/] 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adtech.de/] 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adtech.de/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/] 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[statse.webtrendslive.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.ads.pointroll.com/] 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.overture.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.realmedia.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.questionmarket.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.questionmarket.com/] 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adrevolver.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adultfriendfinder.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.go.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.go.com/] 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.atwola.com/] 00286734 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[adserver.filefront.com/] 01168731 Spyware/Virtumonde Spyware No 1 Yes No C:\Program Files\Alwil Software\Avast4\DATA\moved\epvpqyit.dll.vir 01168731 Spyware/Virtumonde Spyware No 1 Yes No C:\Program Files\Alwil Software\Avast4\DATA\moved\ijophorg.dll.vir 02133701 Trj/Downloader.QGS Virus/Trojan No 0 No No C:\Deckard\System Scanner\20070923081721\backup\Users\Grant\AppData\Local\Temp\PC Tools Spyware Doctor 5.0.rar[patch.exe] 02137870 Spyware/Virtumonde Spyware No 1 No No C:\Deckard\System Scanner\20070923081721\backup\Users\Grant\AppData\Local\Temp\PC Tools Spyware Doctor 5.0.rar[keygen.exe] ;=============================================================================== ================================================================================= =================== SUSPECTS Location ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= =================== Hijackthis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:32:30 PM, on 25/09/2007 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\DllHost.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE -- End of file - 6488 bytes Thank you for your time and patience with this, I hope we are getting somewhere... Something has happened and I can only start my laptop in safe mode, it keeps doing a dump of physical memory every time I start it normally.
  12. Deckard's System Scanner v20070905.67 Run by Grant on 2007-09-23 08:17:30 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Grant.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:17:54 AM, on 23/09/2007 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\Users\Grant\Desktop\dss(2).exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Grant.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE -- End of file - 5552 bytes -- Files created between 2007-08-23 and 2007-09-23 ----------------------------- 2007-09-22 17:55:01 0 d-------- C:\Program Files\ABC 2007-09-22 10:30:53 0 d-------- C:\Program Files\Panda Security 2007-09-21 10:22:59 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com 2007-09-21 10:19:30 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-09-21 10:13:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-09-20 23:26:56 0 d-------- C:\VundoFix Backups 2007-09-19 15:34:35 0 d-------- C:\75cf96a29f74c67ebc0686a23926 2007-09-19 08:37:16 0 d-------- C:\Program Files\Trend Micro 2007-09-18 20:44:57 0 d-------- C:\Program Files\Windows Live 2007-09-18 20:44:27 0 d-------- C:\Users\All Users\WLInstaller 2007-09-18 20:35:10 0 d-------- C:\Users\All Users\Avg7 2007-09-18 07:40:49 0 d-------- C:\Program Files\Microsoft Windows OneCare Live 2007-09-17 21:05:51 0 d-------- C:\Program Files\Windows Live Safety Center 2007-09-11 10:46:24 95744 --a------ C:\Windows\system32\msencode.dll 2007-09-11 10:46:24 4126 --a------ C:\Windows\system32\msdxmlc.dll 2007-09-11 10:46:24 311296 --a------ C:\Windows\system32\MSDBRPT.DLL <Not Verified; Microsoft Corporation; MSDataReport> 2007-08-27 10:34:46 0 d-------- C:\Program Files\Common Files\NSV -- Find3M Report --------------------------------------------------------------- 2007-09-22 20:07:33 0 d-------- C:\Users\Grant\AppData\Roaming\.ABC 2007-09-21 17:50:21 12 --a------ C:\Windows\bthservsdp.dat 2007-09-21 10:19:30 0 d-------- C:\Users\Grant\AppData\Roaming\SUPERAntiSpyware.com 2007-09-21 10:13:16 0 d-------- C:\Program Files\Common Files 2007-09-18 20:37:02 0 d-------- C:\Program Files\Image-Line 2007-09-18 08:27:59 0 d-------- C:\Program Files\AskPBar 2007-09-18 08:18:57 0 d-------- C:\Users\Grant\AppData\Roaming\Paltalk 2007-09-18 08:18:57 0 d-------- C:\Program Files\Paltalk Messenger 2007-09-18 07:57:10 0 d-------- C:\Program Files\VstPlugins 2007-09-17 14:35:41 0 d-------- C:\Program Files\LimeWire 2007-09-16 12:13:58 0 d-------- C:\Users\Grant\AppData\Roaming\uTorrent 2007-09-14 18:14:59 2910 --a------ C:\Users\Grant\AppData\Roaming\wklnhst.dat 2007-08-11 16:53:36 0 d-------- C:\Program Files\iTunes 2007-08-11 16:53:30 0 d-------- C:\Program Files\iPod 2007-08-11 16:44:57 0 d-------- C:\Program Files\QuickTime 2007-08-10 15:59:35 0 d-------- C:\Program Files\World of Warcraft 2007-07-31 19:00:00 0 d-------- C:\Program Files\Siemens Subscriber Networks 2007-07-30 16:44:20 0 d-------- C:\Program Files\ousbnic -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06 AM] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/2007 03:10 PM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/07/2007 01:28 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 06:24 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [31/07/2007 06:44 PM] "OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [01/08/2007 03:06 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "@"="" [] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 04:19 PM] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 10:33 PM] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 02:06 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 01:55 PM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Grant^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk] path=C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk backup=C:\Windows\pss\CCC.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] C:\Windows\ehome\ehTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3] rundll32.exe "C:\Windows\system32\mfqdlycu.dll",realset [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0612725f-e7c9-11db-b257-0015c5ba7ce8}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {537DCF03-71F2-E659-C402-516AE3F1003F} /qb [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2007-09-23 08:18:47 ------------ Thanks once again.
  13. Ran that, here are the results: LoadLibrary failed for C:\Windows\System32\ijophorg.dll C:\Windows\System32\ijophorg.dll NOT unregistered. C:\Windows\System32\ijophorg.dll moved successfully. LoadLibrary failed for C:\Windows\System32\epvpqyit.dll C:\Windows\System32\epvpqyit.dll NOT unregistered. C:\Windows\System32\epvpqyit.dll moved successfully. LoadLibrary failed for C:\Windows\System32\mfqdlycu.dll C:\Windows\System32\mfqdlycu.dll NOT unregistered. C:\Windows\System32\mfqdlycu.dll moved successfully. Created on 09/22/2007 17:00:36
  14. Finished the scan, here are the results: ;******************************************************************************* ********************************************************************************* ******************* ANALYSIS: 2007-09-22 12:25:53 PROTECTIONS: 1 MALWARE: 33 SUSPECTS: 0 ;******************************************************************************* ********************************************************************************* ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================= =================== Windows Live OneCare 1.0.0 Yes Yes ;=============================================================================== ================================================================================= =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================= =================== 00034347 dialer.su Dialers No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.casalemedia.com/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.doubleclick.net/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.atdmt.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tradedoubler.com/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.fastclick.net/] 00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/] 00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/] 00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/] 00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/] 00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/] 00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.2o7.net/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tribalfusion.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tribalfusion.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tribalfusion.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.tribalfusion.com/] 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.mediaplex.com/] 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt 00147814 Cookie/AspinallsOnlineCasino TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.pacificpoker.com/] 00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.clickbank.net/] 00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.gostats.com/] 00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.gostats.com/] 00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.gostats.com/] 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies-1.txt[.azjmp.com/] 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies-1.txt[.azjmp.com/] 00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.toplist.cz/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.statcounter.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[ad.yieldmanager.com/] 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.burstnet.com/] 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.burstnet.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.serving-sys.com/] 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.bs.serving-sys.com/] 00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.888.com/] 00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.888.com/] 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[www.burstbeacon.com/] 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adtech.de/] 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adtech.de/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.advertising.com/] 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[statse.webtrendslive.com/] 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.overture.com/] 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adrevolver.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.adultfriendfinder.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.go.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.go.com/] 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[.atwola.com/] 00286734 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\qc0zadh1.default\cookies.txt[adserver.filefront.com/] 01168731 Spyware/Virtumonde Spyware No 1 Yes No C:\Windows\System32\ijophorg.dll 01168731 Spyware/Virtumonde Spyware No 1 Yes No C:\Windows\System32\epvpqyit.dll 01168731 Spyware/Virtumonde Spyware No 1 Yes No C:\Windows\System32\mfqdlycu.dll 02133701 Trj/Downloader.QGS Virus/Trojan No 0 No No C:\Deckard\System Scanner\backup\Users\Grant\AppData\Local\Temp\PC Tools Spyware Doctor 5.0.rar[patch.exe] 02137870 Spyware/Virtumonde Spyware No 1 No No C:\Deckard\System Scanner\backup\Users\Grant\AppData\Local\Temp\PC Tools Spyware Doctor 5.0.rar[keygen.exe] ;=============================================================================== ================================================================================= =================== SUSPECTS Location ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= ===================
  15. I ran VundoFix and it found nothing. When I went to the Panda site the scan wouldn't open because it said they don't currently support Windows Vista... Thank you for your help so far, I hope you can help me remove this Trojan.
  16. Thanks for the help, I did what you said, here are the logs: Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:54:55 PM, on 21/09/2007 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE -- End of file - 5436 bytes SUPERAntiSpyware: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/21/2007 at 05:48 PM Application Version : 3.9.1008 Core Rules Database Version : 3310 Trace Rules Database Version: 1314 Scan type : Complete Scan Total Scan Time : 07:21:01 Memory items scanned : 629 Memory threats detected : 0 Registry items scanned : 6803 Registry threats detected : 1 File items scanned : 200568 File threats detected : 7 Adware.Vundo Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{8071E65A-3F56-4426-8372-8667CD213057} Adware.Tracking Cookie C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt Is it running better yet? Or is there still problems? EDIT - After I did this I ran a quick virus check with Windows Live OneCare and it still comes up with a virus called 'Trojan:Win32/Conhook.A' do you have any idea what this is??
  17. Hey, thanks for the help. Daft: DAFT Log saved on 2007-09-20 23:24:27 ----------------------------------------------------------------------- All associations okay! Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:25:52 PM, on 20/09/2007 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - (no file) O2 - BHO: (no name) - {5EF2B0B8-2EAD-490A-91D7-B8DDDAE91160} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8071E65A-3F56-4426-8372-8667CD213057} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O20 - Winlogon Notify: wvwxw - C:\Windows\ O20 - Winlogon Notify: xxyxwvw - xxyxwvw.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE -- End of file - 5507 bytes Im running the VundoFix now. Once again, thanks for the help. Is it looking better? EDIT - VundoFix didnt find anything, so nothing happened.
  18. Thank you for you help, I ran DSS, here are the main.txt and extra.txt MAIN Deckard's System Scanner v20070905.67 Run by Grant on 2007-09-20 01:42:11 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 12: 2007-09-19 10:40:50 UTC - RP159 - Microsoft OneCare Protection Checkpoint 11: 2007-09-19 05:32:25 UTC - RP157 - Microsoft OneCare Protection Checkpoint 10: 2007-09-19 02:10:11 UTC - RP155 - Microsoft OneCare Protection Checkpoint 9: 2007-09-18 11:17:10 UTC - RP153 - Installed Windows Live 8: 2007-09-18 10:55:22 UTC - RP152 - Installed Windows Live -- First Restore Point -- 1: 2007-09-18 01:46:25 UTC - RP144 - Microsoft OneCare Protection Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Grant.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:43:41 AM, on 20/09/2007 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe C:\Users\Grant\Desktop\dss.exe C:\Windows\system32\conime.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Grant.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - (no file) O2 - BHO: (no name) - {5EF2B0B8-2EAD-490A-91D7-B8DDDAE91160} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8071E65A-3F56-4426-8372-8667CD213057} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O20 - Winlogon Notify: wvwxw - C:\Windows\ O20 - Winlogon Notify: xxyxwvw - xxyxwvw.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE -- End of file - 5476 bytes -- File Associations ----------------------------------------------------------- .reg - regfile - shell\open\command - "regedit.exe" "%1" -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 16197 - \??\c:\windows\system32\16197.sys R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0> R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service> R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution> S2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service> S4 LicCtrlService (LicCtrl Service) - c:\windows\runservice.exe -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a} Description: Nokia N73 Device ID: ROOT\WPD000 Manufacturer: Nokia Name: Nokia N73 PNP Device ID: ROOT\WPD000 Service: WUDFRd -- Scheduled Tasks ------------------------------------------------------------- 2007-09-15 14:33:38 284 --a------ C:\Windows\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-08-20 and 2007-09-20 ----------------------------- 2007-09-19 15:34:35 0 d-------- C:\75cf96a29f74c67ebc0686a23926 2007-09-19 08:37:16 0 d-------- C:\Program Files\Trend Micro 2007-09-18 20:44:57 0 d-------- C:\Program Files\Windows Live 2007-09-18 20:44:27 0 d-------- C:\Users\All Users\WLInstaller 2007-09-18 20:35:10 0 d-------- C:\Users\All Users\Avg7 2007-09-18 07:40:49 0 d-------- C:\Program Files\Microsoft Windows OneCare Live 2007-09-17 21:05:51 0 d-------- C:\Program Files\Windows Live Safety Center 2007-09-11 10:46:24 95744 --a------ C:\Windows\system32\msencode.dll 2007-09-11 10:46:24 4126 --a------ C:\Windows\system32\msdxmlc.dll 2007-09-11 10:46:24 311296 --a------ C:\Windows\system32\MSDBRPT.DLL <Not Verified; Microsoft Corporation; MSDataReport> 2007-08-27 10:34:46 0 d-------- C:\Program Files\Common Files\NSV -- Find3M Report --------------------------------------------------------------- 2007-09-19 11:44:02 2062 --a------ C:\Windows\bthservsdp.dat 2007-09-18 20:37:02 0 d-------- C:\Program Files\Image-Line 2007-09-18 08:27:59 0 d-------- C:\Program Files\AskPBar 2007-09-18 08:18:57 0 d-------- C:\Users\Grant\AppData\Roaming\Paltalk 2007-09-18 08:18:57 0 d-------- C:\Program Files\Paltalk Messenger 2007-09-18 07:57:10 0 d-------- C:\Program Files\VstPlugins 2007-09-17 14:35:41 0 d-------- C:\Program Files\LimeWire 2007-09-16 12:13:58 0 d-------- C:\Users\Grant\AppData\Roaming\uTorrent 2007-09-14 18:14:59 2910 --a------ C:\Users\Grant\AppData\Roaming\wklnhst.dat 2007-08-27 10:34:46 0 d-------- C:\Program Files\Common Files 2007-08-11 16:53:36 0 d-------- C:\Program Files\iTunes 2007-08-11 16:53:30 0 d-------- C:\Program Files\iPod 2007-08-11 16:44:57 0 d-------- C:\Program Files\QuickTime 2007-08-10 15:59:35 0 d-------- C:\Program Files\World of Warcraft 2007-07-31 19:00:00 0 d-------- C:\Program Files\Siemens Subscriber Networks 2007-07-30 16:44:20 0 d-------- C:\Program Files\ousbnic 2007-06-21 13:22:52 43520 --a------ C:\Windows\system32\CmdLineExt03.dll <CMDLIN~1.DLL> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5EF2B0B8-2EAD-490A-91D7-B8DDDAE91160}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8071E65A-3F56-4426-8372-8667CD213057}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06 AM] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/2007 03:10 PM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/07/2007 01:28 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 06:24 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [31/07/2007 06:44 PM] "OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [01/08/2007 03:06 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "@"="" [] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 04:19 PM] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 10:33 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvwxw] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxwvw] xxyxwvw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Grant^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk] path=C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk backup=C:\Windows\pss\CCC.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] C:\Windows\ehome\ehTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3] rundll32.exe "C:\Windows\system32\mfqdlycu.dll",realset [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0612725f-e7c9-11db-b257-0015c5ba7ce8}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {537DCF03-71F2-E659-C402-516AE3F1003F} /qb [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2007-09-20 01:53:33 ------------ EXTRA Deckard's System Scanner v20070905.67 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vistaâ„¢ Ultimate (build 6000) Architecture: X86; Language: English CPU 0: Intel® Core2 CPU T7200 @ 2.00GHz Percentage of Memory in Use: 46% Physical Memory (total/avail): 2045.82 MiB / 1101.88 MiB Pagefile Memory (total/avail): 4312.68 MiB / 3248.64 MiB Virtual Memory (total/avail): 2047.88 MiB / 1929.17 MiB C: is Fixed (NTFS) - 107.42 GiB total, 35.23 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - Hitachi HTS541612J9SA00 ATA Device - 111.79 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 107.42 GiB - C: \PARTITION1 - Unknown - 1435.5 MiB -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation) AV: Windows Live OneCare v1.0.0 (Microsoft Corporation) AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Disabled Outdated AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled Outdated AS: Windows Live OneCare v1.0.0 (Microsoft Corporation) [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process " "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:[email protected] User Interface" "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Grant\AppData\Roaming CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=GRANT-B3E9F098A ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Grant LOCALAPPDATA=C:\Users\Grant\AppData\Local LOGONSERVER=\\GRANT-B3E9F098A NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f06 ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\Grant\AppData\Local\Temp TMP=C:\Users\Grant\AppData\Local\Temp USERDOMAIN=GRANT-B3E9F098A USERNAME=Grant USERPROFILE=C:\Users\Grant windir=C:\Windows -- User Profiles --------------------------------------------------------------- Grant -- Add/Remove Programs --------------------------------------------------------- --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7875FD9-6ADB-4D4B-A756-3A2306A3D5E1}\setup.exe" -l0x9 anything µTorrent --> "C:\Program Files\uTorrent\uninstall.exe" Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001} Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Photoshop CS2 --> Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003} Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log Apple Mobile Device Support --> MsiExec.exe /I{967D588C-9B96-40C9-A222-DCD6922563CA} Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D} ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Branding --> Broadcom 440x 10/100 Integrated Controller --> MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A} Canon iP4300 --> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300 /L0x0009 Canon Setup Utility 2.3 --> "C:\Program Files\Canon\Canon Setup Utility 2.3\Maint.exe" /Uninstall C:\Program Files\Canon\Canon Setup Utility 2.3\uninst.ini Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini Canon Utilities Easy-PrintToolBox --> C:\Program Files\Canon\Easy-PrintToolBox\uninst.exe uninst.ini Catalyst Control Center Core Implementation --> Catalyst Control Center Graphics Full Existing --> Catalyst Control Center Graphics Full New --> Catalyst Control Center Graphics Light --> Catalyst Control Center Graphics Previews Vista --> ccc-core-static --> ccc-core-update1 --> ccc-utility --> CCC Help English --> CD-LabelPrint --> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application DawnOfWar --> DawnOfWar --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{362D5167-9716-44BE-89FD-BF9EB6EF814B} Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B} Dell Resource CD --> MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0} Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card" DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe" e-tax 2007 --> C:\etax2007\e-tax 2007_uninstall.exe HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe iTunes --> MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9} Java SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe" mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B} Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp" Microsoft Protection Service --> MsiExec.exe /I{A9475612-7515-4532-B59C-06689088F5E0} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Windows Live OneCare Resources v1.6.2111.32 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB} Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{5F9E8613-C1A5-4995-8E8B-3F178F439B6C} Microsoft Windows OneCare Live v1.6.2111.32 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3} Microsoft Windows OneCare Live v1.6.2111.32 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920} Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB} MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA} mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401} mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023} Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7} Nokia Lifeblog 2.1 --> MsiExec.exe /I{EE565795-2776-415A-B31C-EB3A8D7C6FA4} Nokia MTP driver --> MsiExec.exe /I{59359B3D-ABE7-46BF-AB55-43B67A64DC68} Nokia N73 highlights --> MsiExec.exe /I{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2} Nokia Nseries Skin for Microsoft Windows Media Player --> MsiExec.exe /I{73E30715-9EC4-4DAE-BE67-64500AEB8012} Nokia PC Suite --> C:\ProgramData\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_eng.exe Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72} Nokia Software Updater --> MsiExec.exe /X{F1C1272D-FEE6-4B24-862C-01F4959997E2} Nokia themes for your device --> MsiExec.exe /I{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8} PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF} PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall Prism --> C:\Program Files\NCH Software\Prism\uninst.exe PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA} QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Roxio DVDit Pro HD --> MsiExec.exe /I{353073E8-1185-4823-8F3A-A1F4AF6DD2CD} SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly Skins --> Sonic Audio module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe WebFldrs XP --> WIDCOMM Bluetooth Software 6.0.1.3100 --> MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2} Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccswpddriver.inf_a419b392\pccswpddriver.inf Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_51d2d3e1\pccs_bluetooth.inf Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_e5643fdd\nokbtmdm.inf Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7dedec2f\nokbtmdm.inf Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rimsptsk_469677EEC4F8D39ABD61046D242B2A1651DE8AEF\rimsptsk.inf Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rimmptsk_EA24AF82DAB6BA6CF6FB1A3004EE91F51D3FDCF9\rimmptsk.inf Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rixdptsk_30B42BE4DA4D11DB80E5D3DD10180621BA0A53DD\rixdptsk.inf Windows Live installer --> MsiExec.exe /X{7BC43F11-02C8-45FA-ABDC-E2F9FF31F825} Windows Live Mail --> MsiExec.exe /I{EDB619FD-4E71-403C-8E99-DFC9CF9DD345} Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D} Windows Live Sign-in Assistant --> MsiExec.exe /I{CB5EA99C-8A5B-49F2-9A1A-2EF78BE4DB41} Windows Movie Maker 2.6 --> MsiExec.exe /X{B3DAF54F-DB25-4586-9EF1-96D24BB14088} WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe" -- Application Event Log ------------------------------------------------------- Event Record #/Type58486 / Error Event Submitted/Written: 09/20/2007 01:37:04 AM Event ID/Source: 454 / ESENT Event Description: msnmsgr (1132) \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db: Database recovery/restore failed with unexpected error -1022. Event Record #/Type58485 / Error Event Submitted/Written: 09/20/2007 01:37:03 AM Event ID/Source: 419 / ESENT Event Description: msnmsgr (1132) \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db: Unable to read page 143 of database \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db. Error -1022. Event Record #/Type58484 / Error Event Submitted/Written: 09/20/2007 01:37:03 AM Event ID/Source: 481 / ESENT Event Description: msnmsgr (1132) \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db: An attempt to read from the file "\\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db" at offset 1179648 (0x0000000000120000) for 8192 (0x00002000) bytes failed after msnmsgr0 seconds with system error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation will fail with error -1022 (0xfffffc02). If this error persists then the file may be damaged and may need to be restored from a previous backup. Event Record #/Type58480 / Error Event Submitted/Written: 09/20/2007 00:36:54 AM Event ID/Source: 454 / ESENT Event Description: msnmsgr (1132) \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db: Database recovery/restore failed with unexpected error -1022. Event Record #/Type58479 / Error Event Submitted/Written: 09/20/2007 00:36:54 AM Event ID/Source: 419 / ESENT Event Description: msnmsgr (1132) \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db: Unable to read page 143 of database \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db. Error -1022. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type65430 / Error Event Submitted/Written: 09/20/2007 01:37:03 AM Event ID/Source: 7 / disk Event Description: The device, \Device\Harddisk0\DR0, has a bad block. Event Record #/Type65429 / Error Event Submitted/Written: 09/20/2007 01:36:59 AM Event ID/Source: 7 / disk Event Description: The device, \Device\Harddisk0\DR0, has a bad block. Event Record #/Type65427 / Error Event Submitted/Written: 09/20/2007 00:36:54 AM Event ID/Source: 7 / disk Event Description: The device, \Device\Harddisk0\DR0, has a bad block. Event Record #/Type65426 / Error Event Submitted/Written: 09/20/2007 00:36:50 AM Event ID/Source: 7 / disk Event Description: The device, \Device\Harddisk0\DR0, has a bad block. Event Record #/Type65422 / Warning Event Submitted/Written: 09/20/2007 00:00:14 AM Event ID/Source: 1006 / OneCareMP Event Description: %GRANT-B3E9F098A29 scan has detected spyware or other potentially unwanted software. For more information please see the following: %GRANT-B3E9F098A295 Scan ID: {45E52CDF-CD44-42D4-882B-507375334443} Scan Type: %GRANT-B3E9F098A02 Scan Parameters: %GRANT-B3E9F098A08 User: GRANT-B3E9F098A\Grant Name: %GRANT-B3E9F098A291 ID: %GRANT-B3E9F098A292 Severity: 1.5.1937.05 Category: 1.5.1937.06 Path Found: %GRANT-B3E9F098A296 Detection Type: 1.5.1937.02 -- End of Deckard's System Scanner: finished at 2007-09-20 01:53:33 ------------
  19. Hello, my computer recently started running really slow, I play online games and it has become impossible because my computer is lagging so much. Even as I type this the letters are appearing noticeably seconds later then that should be. I ran a virus check with Windows Live OneCare and it found three Trojans that it couldn't delete, I have done a scan with Hijackthis, this is my log, please help me For some reason Hijackthis wont let me save a log file so ill show you a screen shot of what it comes up with. I would really appreciate any help, thank you. Please help.