Cannot Delete Trojan Virus

Jared · September 19, 2007

Hello, my computer recently started running really slow, I play online games and it has become impossible because my computer is lagging so much. Even as I type this the letters are appearing noticeably seconds later then that should be. I ran a virus check with Windows Live OneCare and it found three Trojans that it couldn't delete, I have done a scan with Hijackthis, this is my log, please help me

For some reason Hijackthis wont let me save a log file so ill show you a screen shot of what it comes up with. I would really appreciate any help, thank you.

Please help.

Andro1d · September 19, 2007

Hello and Welcome to BT.

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Since you are running Vista, you may need to right-click and run as an Administrator.

Download Deckard's System Scanner (DSS) to your Desktop.

Close all applications and windows.
Double-click on DSS.exe to run it, and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Jared · September 19, 2007

Thank you for you help, I ran DSS, here are the main.txt and extra.txt

MAIN

Deckard's System Scanner v20070905.67

Run by Grant on 2007-09-20 01:42:11

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --

12: 2007-09-19 10:40:50 UTC - RP159 - Microsoft OneCare Protection Checkpoint

11: 2007-09-19 05:32:25 UTC - RP157 - Microsoft OneCare Protection Checkpoint

10: 2007-09-19 02:10:11 UTC - RP155 - Microsoft OneCare Protection Checkpoint

9: 2007-09-18 11:17:10 UTC - RP153 - Installed Windows Live

8: 2007-09-18 10:55:22 UTC - RP152 - Installed Windows Live

-- First Restore Point --

1: 2007-09-18 01:46:25 UTC - RP144 - Microsoft OneCare Protection Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Grant.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:43:41 AM, on 20/09/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\PC Connectivity Solution\NclBTHandler.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe

C:\Users\Grant\Desktop\dss.exe

C:\Windows\system32\conime.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Grant.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - (no file)

O2 - BHO: (no name) - {5EF2B0B8-2EAD-490A-91D7-B8DDDAE91160} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {8071E65A-3F56-4426-8372-8667CD213057} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O20 - Winlogon Notify: wvwxw - C:\Windows\

O20 - Winlogon Notify: xxyxwvw - xxyxwvw.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--

End of file - 5476 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 16197 - \??\c:\windows\system32\16197.sys

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>

R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>

R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>

S4 LicCtrlService (LicCtrl Service) - c:\windows\runservice.exe

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Description: Nokia N73

Device ID: ROOT\WPD000

Manufacturer: Nokia

Name: Nokia N73

PNP Device ID: ROOT\WPD000

Service: WUDFRd

-- Scheduled Tasks -------------------------------------------------------------

2007-09-15 14:33:38 284 --a------ C:\Windows\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-08-20 and 2007-09-20 -----------------------------

2007-09-19 15:34:35 0 d-------- C:\75cf96a29f74c67ebc0686a23926

2007-09-19 08:37:16 0 d-------- C:\Program Files\Trend Micro

2007-09-18 20:44:57 0 d-------- C:\Program Files\Windows Live

2007-09-18 20:44:27 0 d-------- C:\Users\All Users\WLInstaller

2007-09-18 20:35:10 0 d-------- C:\Users\All Users\Avg7

2007-09-18 07:40:49 0 d-------- C:\Program Files\Microsoft Windows OneCare Live

2007-09-17 21:05:51 0 d-------- C:\Program Files\Windows Live Safety Center

2007-09-11 10:46:24 95744 --a------ C:\Windows\system32\msencode.dll

2007-09-11 10:46:24 4126 --a------ C:\Windows\system32\msdxmlc.dll

2007-09-11 10:46:24 311296 --a------ C:\Windows\system32\MSDBRPT.DLL <Not Verified; Microsoft Corporation; MSDataReport>

2007-08-27 10:34:46 0 d-------- C:\Program Files\Common Files\NSV

-- Find3M Report ---------------------------------------------------------------

2007-09-19 11:44:02 2062 --a------ C:\Windows\bthservsdp.dat

2007-09-18 20:37:02 0 d-------- C:\Program Files\Image-Line

2007-09-18 08:27:59 0 d-------- C:\Program Files\AskPBar

2007-09-18 08:18:57 0 d-------- C:\Users\Grant\AppData\Roaming\Paltalk

2007-09-18 08:18:57 0 d-------- C:\Program Files\Paltalk Messenger

2007-09-18 07:57:10 0 d-------- C:\Program Files\VstPlugins

2007-09-17 14:35:41 0 d-------- C:\Program Files\LimeWire

2007-09-16 12:13:58 0 d-------- C:\Users\Grant\AppData\Roaming\uTorrent

2007-09-14 18:14:59 2910 --a------ C:\Users\Grant\AppData\Roaming\wklnhst.dat

2007-08-27 10:34:46 0 d-------- C:\Program Files\Common Files

2007-08-11 16:53:36 0 d-------- C:\Program Files\iTunes

2007-08-11 16:53:30 0 d-------- C:\Program Files\iPod

2007-08-11 16:44:57 0 d-------- C:\Program Files\QuickTime

2007-08-10 15:59:35 0 d-------- C:\Program Files\World of Warcraft

2007-07-31 19:00:00 0 d-------- C:\Program Files\Siemens Subscriber Networks

2007-07-30 16:44:20 0 d-------- C:\Program Files\ousbnic

2007-06-21 13:22:52 43520 --a------ C:\Windows\system32\CmdLineExt03.dll <CMDLIN~1.DLL>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5EF2B0B8-2EAD-490A-91D7-B8DDDAE91160}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8071E65A-3F56-4426-8372-8667CD213057}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06 AM]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/2007 03:10 PM]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/07/2007 01:28 PM]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 06:24 AM]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [31/07/2007 06:44 PM]

"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [01/08/2007 03:06 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"@"="" []

"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 04:19 PM]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 10:33 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvwxw]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxwvw]

xxyxwvw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Grant^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk]

path=C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk

backup=C:\Windows\pss\CCC.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

C:\Windows\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]

C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]

rundll32.exe "C:\Windows\system32\mfqdlycu.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]

"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]

C:\Program Files\Ascentive\Performance Center\APCMain.exe -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

%ProgramFiles%\Windows Defender\MSASCui.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]

rundll32.exe oobefldr.dll,ShowWelcomeCenter

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0612725f-e7c9-11db-b257-0015c5ba7ce8}]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {537DCF03-71F2-E659-C402-516AE3F1003F} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2007-09-20 01:53:33 ------------

EXTRA

Deckard's System Scanner v20070905.67

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

MicrosoftÂ® Windows Vistaâ„¢ Ultimate (build 6000)

Architecture: X86; Language: English

CPU 0: Intel® Core2 CPU T7200 @ 2.00GHz

Percentage of Memory in Use: 46%

Physical Memory (total/avail): 2045.82 MiB / 1101.88 MiB

Pagefile Memory (total/avail): 4312.68 MiB / 3248.64 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1929.17 MiB

C: is Fixed (NTFS) - 107.42 GiB total, 35.23 GiB free.

D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541612J9SA00 ATA Device - 111.79 GiB - 2 partitions

\PARTITION0 (bootable) - Installable File System - 107.42 GiB - C:

\PARTITION1 - Unknown - 1435.5 MiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

Windows Internal Firewall is disabled.

FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)

AV: Windows Live OneCare v1.0.0 (Microsoft Corporation)

AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Disabled Outdated

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled Outdated

AS: Windows Live OneCare v1.0.0 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:OTI@Home User Interface"

"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:ÂµTorrent"

"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData

APPDATA=C:\Users\Grant\AppData\Roaming

CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=GRANT-B3E9F098A

ComSpec=C:\Windows\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Users\Grant

LOCALAPPDATA=C:\Users\Grant\AppData\Local

LOGONSERVER=\\GRANT-B3E9F098A

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0f06

ProgramData=C:\ProgramData

ProgramFiles=C:\Program Files

PROMPT=$P$G

PUBLIC=C:\Users\Public

QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\

SystemDrive=C:

SystemRoot=C:\Windows

TEMP=C:\Users\Grant\AppData\Local\Temp

TMP=C:\Users\Grant\AppData\Local\Temp

USERDOMAIN=GRANT-B3E9F098A

USERNAME=Grant

USERPROFILE=C:\Users\Grant

windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

Grant

-- Add/Remove Programs ---------------------------------------------------------

-->

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7875FD9-6ADB-4D4B-A756-3A2306A3D5E1}\setup.exe" -l0x9 anything

ÂµTorrent --> "C:\Program Files\uTorrent\uninstall.exe"

Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}

Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Photoshop CS2 -->

Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}

Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}

Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log

Apple Mobile Device Support --> MsiExec.exe /I{967D588C-9B96-40C9-A222-DCD6922563CA}

Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}

ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe

ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Branding -->

Broadcom 440x 10/100 Integrated Controller --> MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}

Canon iP4300 --> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300 /L0x0009

Canon Setup Utility 2.3 --> "C:\Program Files\Canon\Canon Setup Utility 2.3\Maint.exe" /Uninstall C:\Program Files\Canon\Canon Setup Utility 2.3\uninst.ini

Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini

Canon Utilities Easy-PrintToolBox --> C:\Program Files\Canon\Easy-PrintToolBox\uninst.exe uninst.ini

Catalyst Control Center Core Implementation -->

Catalyst Control Center Graphics Full Existing -->

Catalyst Control Center Graphics Full New -->

Catalyst Control Center Graphics Light -->

Catalyst Control Center Graphics Previews Vista -->

ccc-core-static -->

ccc-core-update1 -->

ccc-utility -->

CCC Help English -->

CD-LabelPrint --> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application

DawnOfWar -->

DawnOfWar --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{362D5167-9716-44BE-89FD-BF9EB6EF814B}

Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}

Dell Resource CD --> MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0}

Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"

DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"

e-tax 2007 --> C:\etax2007\e-tax 2007_uninstall.exe

HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe

iTunes --> MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9}

Java SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}

Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe"

mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}

mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}

mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}

mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}

Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"

Microsoft Protection Service --> MsiExec.exe /I{A9475612-7515-4532-B59C-06689088F5E0}

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Windows Live OneCare Resources v1.6.2111.32 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}

Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{5F9E8613-C1A5-4995-8E8B-3F178F439B6C}

Microsoft Windows OneCare Live v1.6.2111.32 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}

Microsoft Windows OneCare Live v1.6.2111.32 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}

Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}

mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}

mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}

mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}

Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe

mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}

mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}

mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}

MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}

MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}

mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}

mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}

mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}

mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}

Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}

Nokia Lifeblog 2.1 --> MsiExec.exe /I{EE565795-2776-415A-B31C-EB3A8D7C6FA4}

Nokia MTP driver --> MsiExec.exe /I{59359B3D-ABE7-46BF-AB55-43B67A64DC68}

Nokia N73 highlights --> MsiExec.exe /I{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}

Nokia Nseries Skin for Microsoft Windows Media Player --> MsiExec.exe /I{73E30715-9EC4-4DAE-BE67-64500AEB8012}

Nokia PC Suite --> C:\ProgramData\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_eng.exe

Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}

Nokia Software Updater --> MsiExec.exe /X{F1C1272D-FEE6-4B24-862C-01F4959997E2}

Nokia themes for your device --> MsiExec.exe /I{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}

PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}

PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

Prism --> C:\Program Files\NCH Software\Prism\uninst.exe

PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}

QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}

RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Roxio DVDit Pro HD --> MsiExec.exe /I{353073E8-1185-4823-8F3A-A1F4AF6DD2CD}

SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly

Skins -->

Sonic Audio module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}

Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}

Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}

Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}

Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe

VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe

WebFldrs XP -->

WIDCOMM Bluetooth Software 6.0.1.3100 --> MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}

Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"

Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccswpddriver.inf_a419b392\pccswpddriver.inf

Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_51d2d3e1\pccs_bluetooth.inf

Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_e5643fdd\nokbtmdm.inf

Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7dedec2f\nokbtmdm.inf

Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rimsptsk_469677EEC4F8D39ABD61046D242B2A1651DE8AEF\rimsptsk.inf

Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rimmptsk_EA24AF82DAB6BA6CF6FB1A3004EE91F51D3FDCF9\rimmptsk.inf

Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rixdptsk_30B42BE4DA4D11DB80E5D3DD10180621BA0A53DD\rixdptsk.inf

Windows Live installer --> MsiExec.exe /X{7BC43F11-02C8-45FA-ABDC-E2F9FF31F825}

Windows Live Mail --> MsiExec.exe /I{EDB619FD-4E71-403C-8E99-DFC9CF9DD345}

Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}

Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u

Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}

Windows Live Sign-in Assistant --> MsiExec.exe /I{CB5EA99C-8A5B-49F2-9A1A-2EF78BE4DB41}

Windows Movie Maker 2.6 --> MsiExec.exe /X{B3DAF54F-DB25-4586-9EF1-96D24BB14088}

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe

XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type58486 / Error

Event Submitted/Written: 09/20/2007 01:37:04 AM

Event ID/Source: 454 / ESENT

Event Description:

msnmsgr (1132) \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db: Database recovery/restore failed with unexpected error -1022.

Event Record #/Type58485 / Error

Event Submitted/Written: 09/20/2007 01:37:03 AM

Event ID/Source: 419 / ESENT

Event Description:

msnmsgr (1132) \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db: Unable to read page 143 of database \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db. Error -1022.

Event Record #/Type58484 / Error

Event Submitted/Written: 09/20/2007 01:37:03 AM

Event ID/Source: 481 / ESENT

Event Description:

msnmsgr (1132) \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db: An attempt to read from the file "\\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db" at offset 1179648 (0x0000000000120000) for 8192 (0x00002000) bytes failed after msnmsgr0 seconds with system error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation will fail with error -1022 (0xfffffc02). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Event Record #/Type58480 / Error

Event Submitted/Written: 09/20/2007 00:36:54 AM

Event ID/Source: 454 / ESENT

Event Description:

msnmsgr (1132) \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db: Database recovery/restore failed with unexpected error -1022.

Event Record #/Type58479 / Error

Event Submitted/Written: 09/20/2007 00:36:54 AM

Event ID/Source: 419 / ESENT

Event Description:

msnmsgr (1132) \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db: Unable to read page 143 of database \\.\C:\Users\Grant\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_10D0_259E_D025_8AD4\dfsr.db. Error -1022.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type65430 / Error

Event Submitted/Written: 09/20/2007 01:37:03 AM

Event ID/Source: 7 / disk

Event Description:

The device, \Device\Harddisk0\DR0, has a bad block.

Event Record #/Type65429 / Error

Event Submitted/Written: 09/20/2007 01:36:59 AM

Event ID/Source: 7 / disk

Event Description:

The device, \Device\Harddisk0\DR0, has a bad block.

Event Record #/Type65427 / Error

Event Submitted/Written: 09/20/2007 00:36:54 AM

Event ID/Source: 7 / disk

Event Description:

The device, \Device\Harddisk0\DR0, has a bad block.

Event Record #/Type65426 / Error

Event Submitted/Written: 09/20/2007 00:36:50 AM

Event ID/Source: 7 / disk

Event Description:

The device, \Device\Harddisk0\DR0, has a bad block.

Event Record #/Type65422 / Warning

Event Submitted/Written: 09/20/2007 00:00:14 AM

Event ID/Source: 1006 / OneCareMP

Event Description:

%GRANT-B3E9F098A29 scan has detected spyware or other potentially unwanted software.

For more information please see the following:

%GRANT-B3E9F098A295

Scan ID: {45E52CDF-CD44-42D4-882B-507375334443}

Scan Type: %GRANT-B3E9F098A02

Scan Parameters: %GRANT-B3E9F098A08

User: GRANT-B3E9F098A\Grant

Name: %GRANT-B3E9F098A291

ID: %GRANT-B3E9F098A292

Severity: 1.5.1937.05

Category: 1.5.1937.06

Path Found: %GRANT-B3E9F098A296

Detection Type: 1.5.1937.02

-- End of Deckard's System Scanner: finished at 2007-09-20 01:53:33 ------------

Andro1d · September 20, 2007

Hey Jared,

Step 1

Please download DAFT and save it to your desktop:

Double-click the daft.exe icon. Read the disclaimer and click OK.
Click on the Scan button.
If it finds faulty file associations, they will appear in red beside a checkbox. If this occurs, just place a tick in the boxes in question.
Click the Fix button.
Re-scan and save a logfile. By default, it will save as daft.txt.

Post the contents of that logfile and a fresh HJT log with your next reply.

Step 2

Please download VundoFix.exe to your desktop

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Jared · September 20, 2007

Hey, thanks for the help.

Daft:

DAFT Log saved on 2007-09-20 23:24:27

-----------------------------------------------------------------------

All associations okay!

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:25:52 PM, on 20/09/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe

C:\Windows\system32\conime.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\PC Connectivity Solution\NclBTHandler.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe