System Alert: Trojan-Spy.Win32@mx

Neal · #11 (**permalink**) 16-06-2007, 01:13 AM

Just run in normal mode please. Nothing but trouble lately with AVG all over the place.

HappyBlonde · #12 (**permalink**) 16-06-2007, 02:08 AM

Hi this is the avg report. I hope I have done this right!

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 01:05:08 16/06/2007

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{3820350F-5092-2ADD-8A4C-8DE2C609FAE5} -> Adware.Generic : Ignored.
HKU\S-1-5-21-823518204-838170752-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{B8C5186E-EC37-4889-9C2E-F73649FFB7BB} -> Adware.Generic : Ignored.
C:\Program Files\SpyCrush 3.2\Lang\English.ini -> Adware.Qworke : Ignored.
C:\System Volume Information\_restore{A3C7055D-F709-4C76-834D-44EBBA12F930}\RP194\A0064433.exe -> Downloader.Zlob : Ignored.
C:\System Volume Information\_restore{A3C7055D-F709-4C76-834D-44EBBA12F930}\RP195\A0064534.dll -> Downloader.Zlob.awv : Ignored.
C:\System Volume Information\_restore{A3C7055D-F709-4C76-834D-44EBBA12F930}\RP195\A0064539.exe -> Downloader.Zlob.awv : Ignored.
C:\System Volume Information\_restore{A3C7055D-F709-4C76-834D-44EBBA12F930}\RP194\A0064411.exe -> Downloader.Zlob.btj : Ignored.
C:\System Volume Information\_restore{A3C7055D-F709-4C76-834D-44EBBA12F930}\RP195\A0064536.exe -> Downloader.Zlob.btj : Ignored.
C:\System Volume Information\_restore{A3C7055D-F709-4C76-834D-44EBBA12F930}\RP194\A0064409.dll -> Downloader.Zlob.btq : Ignored.
C:\System Volume Information\_restore{A3C7055D-F709-4C76-834D-44EBBA12F930}\RP194\A0064410.exe -> Downloader.Zlob.btq : Ignored.
C:\System Volume Information\_restore{A3C7055D-F709-4C76-834D-44EBBA12F930}\RP195\A0064537.exe -> Downloader.Zlob.btq : Ignored.
C:\System Volume Information\_restore{A3C7055D-F709-4C76-834D-44EBBA12F930}\RP195\A0064538.dll -> Downloader.Zlob.btq : Ignored.
C:\System Volume Information\_restore{A3C7055D-F709-4C76-834D-44EBBA12F930}\RP195\A0064540.exe -> Downloader.Zlob.btq : Ignored.
C:\System Volume Information\_restore{A3C7055D-F709-4C76-834D-44EBBA12F930}\RP195\A0064541.exe -> Downloader.Zlob.btq : Ignored.
C:\System Volume Information\_restore{A3C7055D-F709-4C76-834D-44EBBA12F930}\RP195\A0064542.exe -> Downloader.Zlob.btq : Ignored.
C:\System Volume Information\_restore{A3C7055D-F709-4C76-834D-44EBBA12F930}\RP195\A0064535.exe -> Downloader.Zlob.bvj : Ignored.
:mozilla.12:C:\Documents and Settings\James.SAMANTHA-8125A3\Application Data\Mozilla\Firefox\Profiles\se796v34.default\coo kies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.13:C:\Documents and Settings\James.SAMANTHA-8125A3\Application Data\Mozilla\Firefox\Profiles\se796v34.default\coo kies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.15:C:\Documents and Settings\James.SAMANTHA-8125A3\Application Data\Mozilla\Firefox\Profiles\se796v34.default\coo kies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.17:C:\Documents and Settings\James.SAMANTHA-8125A3\Application Data\Mozilla\Firefox\Profiles\se796v34.default\coo kies.txt -> TrackingCookie.Adrevolver : Ignored.
C:\Documents and Settings\James.SAMANTHA-8125A3\Cookies\james@advertising[2].txt -> TrackingCookie.Advertising : Ignored.
:mozilla.21:C:\Documents and Settings\James.SAMANTHA-8125A3\Application Data\Mozilla\Firefox\Profiles\se796v34.default\coo kies.txt -> TrackingCookie.Atdmt : Ignored.
:mozilla.26:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\bytpyd0i.default\coo kies.txt -> TrackingCookie.Atdmt : Ignored.
C:\Documents and Settings\James.SAMANTHA-8125A3\Cookies\james@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Ignored.
C:\Documents and Settings\James.SAMANTHA-8125A3\Cookies\james@burstnet[2].txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.21:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\bytpyd0i.default\coo kies.txt -> TrackingCookie.Clickbank : Ignored.
C:\Documents and Settings\James.SAMANTHA-8125A3\Cookies\james@connextra[3].txt -> TrackingCookie.Connextra : Ignored.
:mozilla.14:C:\Documents and Settings\James.SAMANTHA-8125A3\Application Data\Mozilla\Firefox\Profiles\se796v34.default\coo kies.txt -> TrackingCookie.Doubleclick : Ignored.
:mozilla.15:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\bytpyd0i.default\coo kies.txt -> TrackingCookie.Doubleclick : Ignored.
C:\Documents and Settings\James.SAMANTHA-8125A3\Cookies\james@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored.
C:\Documents and Settings\James.SAMANTHA-8125A3\Cookies\james@search.live[2].txt -> TrackingCookie.Live : Ignored.
C:\Documents and Settings\James.SAMANTHA-8125A3\Cookies\james@server.lon.liveperson[1].txt -> TrackingCookie.Liveperson : Ignored.
:mozilla.28:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\bytpyd0i.default\coo kies.txt -> TrackingCookie.Netflame : Ignored.
C:\Documents and Settings\James.SAMANTHA-8125A3\Cookies\james@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.36:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\bytpyd0i.default\coo kies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.37:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\bytpyd0i.default\coo kies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.38:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\bytpyd0i.default\coo kies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.39:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\bytpyd0i.default\coo kies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.40:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\bytpyd0i.default\coo kies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.41:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\bytpyd0i.default\coo kies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.30:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\bytpyd0i.default\coo kies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.31:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\bytpyd0i.default\coo kies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.32:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\bytpyd0i.default\coo kies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.33:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\bytpyd0i.default\coo kies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.34:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\bytpyd0i.default\coo kies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.35:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\bytpyd0i.default\coo kies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.14:C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\bytpyd0i.default\coo kies.txt -> TrackingCookie.Tribalfusion : Ignored.
C:\Documents and Settings\James.SAMANTHA-8125A3\Cookies\james@m.webtrends[1].txt -> TrackingCookie.Webtrends : Ignored.
:mozilla.27:C:\Documents and Settings\James.SAMANTHA-8125A3\Application Data\Mozilla\Firefox\Profiles\se796v34.default\coo kies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.28:C:\Documents and Settings\James.SAMANTHA-8125A3\Application Data\Mozilla\Firefox\Profiles\se796v34.default\coo kies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.29:C:\Documents and Settings\James.SAMANTHA-8125A3\Application Data\Mozilla\Firefox\Profiles\se796v34.default\coo kies.txt -> TrackingCookie.Yieldmanager : Ignored.
C:\System Volume Information\_restore{A3C7055D-F709-4C76-834D-44EBBA12F930}\RP195\A0064528.dll -> Trojan.Hoax.renos.nbk : Ignored.

::Report end

Neal · #13 (**permalink**) 16-06-2007, 03:31 AM

Let me see a new hijackthis log and maybe we can rap this up. Thanks.

HappyBlonde · #14 (**permalink**) 16-06-2007, 08:50 AM

Hi thanks very much for helping me with this...

Here is my hijackthis report

Logfile of HijackThis v1.99.1
Scan saved at 07:47:56, on 16/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\VdCap03C\StillMnt.exe
C:\Program Files\SilvercrestOffice\KMaestro.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier. exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.co.uk/broadband
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [StillMnt] WCamRmv.exe /StartStillMnt
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\SilvercrestOffice\KMaestro.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier. exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.co.jp/download...rolLite_JP.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/preq...ivePreQual.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Neal · #15 (**permalink**) 16-06-2007, 05:18 PM

Run hijackthis and click on scan only button and put checks next to these:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Close all windows and browsers even this one and click on fix checked

Reboot

Please download Deckard's System Scanner (DSS) to your desktop.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - Main.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
Please go to that FOLDER and also copy the contents of Extra.txt to your post as well.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

Quote:

What DSS will do:

Create a new System Restore point in Windows XP and Vista.
Clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
Check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed.

Post Logs:

DSS Scan Results: contents of 1) Main.txt and 2) Extra.txt

HappyBlonde · #16 (**permalink**) 16-06-2007, 09:31 PM

Hi thanks for getting back to me. Here is the DSS report you asked for..

Deckard's System Scanner v20070611.50
Run by Samantha on 2007-06-16 at 20:26:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
46: 2007-06-16 19:26:51 UTC - RP196 - Deckard's System Scanner Restore Point
45: 2007-06-15 14:20:50 UTC - RP195 - System Checkpoint
44: 2007-06-12 21:39:28 UTC - RP194 - Software Distribution Service 2.0
43: 2007-06-12 20:00:42 UTC - RP193 - Software Distribution Service 2.0
42: 2007-06-11 10:13:42 UTC - RP192 - Removed Google Earth.

-- First Restore Point --
1: 2007-03-18 22:59:03 UTC - RP151 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Samantha.exe) --------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:27:48, on 16/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\VdCap03C\StillMnt.exe
C:\Program Files\SilvercrestOffice\KMaestro.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier. exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Samantha\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Samantha.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.co.uk/broadband
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [StillMnt] WCamRmv.exe /StartStillMnt
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\SilvercrestOffice\KMaestro.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier. exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.co.jp/download...rolLite_JP.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/preq...ivePreQual.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20061117-225831-888 O15 - Trusted Zone: *.moove.com
backup-20061203-223646-222 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
backup-20061203-223647-114 O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
backup-20061203-223647-180 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
backup-20061203-223647-430 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
backup-20061203-223647-447 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
backup-20061203-223647-542 O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
backup-20061203-223647-596 O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
backup-20061203-223647-679 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
backup-20061203-223647-813 O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
backup-20061203-223647-888 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
backup-20061203-223647-972 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZS
backup-20070616-201444-822 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 KeyMaestro - c:\windows\system32\drivers\maestro1.sys <Not Verified; BTC; Multimedia Keyboard>
R3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>

S3 alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 alcaudsl (SpeedTouch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Not Verified; THOMSON; SpeedTouch USB>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Files created between 2007-05-16 and 2007-06-16 -----------------------------

2007-06-16 13:06:17 0 d-------- C:\Program Files\FMC
2007-06-16 13:06:10 0 d-------- C:\Program Files\FMC_Partner
2007-06-15 21:58:30 0 d-------- C:\Documents and Settings\Samantha\Application Data\Grisoft
2007-06-15 21:47:53 0 dr-h----- C:\Documents and Settings\Samantha\Recent
2007-06-14 23:22:07 2590 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-14 23

44 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-06-14 23

44 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-06-14 23

44 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-14 22:54:47 7799 --a------ C:\dnsbak.reg
2007-06-14 01:22:10 0 d-------- C:\Program Files\SpyCrush 3.2
2007-06-13 16:45:01 0 d-------- C:\Documents and Settings\James.SAMANTHA-8125A3\Application Data\Mozilla
2007-06-09 22:34:01 0 d-------- C:\Documents and Settings\Samantha\Application Data\Mozilla
2007-06-09 00:51:45 0 d-------- C:\Documents and Settings\Samantha\Application Data\Leadertech
2007-06-06 23:46:06 0 dr-h----- C:\$VAULT$.AVG
2007-05-29 18:57:46 0 d-------- C:\Documents and Settings\Samantha\Application Data\Google
2007-05-27 19:24:09 0 d-------- C:\Documents and Settings\James.SAMANTHA-8125A3\Application Data\Lavasoft
2007-05-23 20:00:44 0 d-------- C:\Documents and Settings\James.SAMANTHA-8125A3\Application Data\AVG7

-- Find3M Report ---------------------------------------------------------------

2007-06-16 13:05:53 0 d-------- C:\Documents and Settings\Samantha\Application Data\AVG7
2007-06-15 21:45:01 0 d-------- C:\Program Files\CCleaner
2007-06-11 12:11:56 0 d-------- C:\Program Files\MSN Games
2007-06-08 21:24:04 0 d-------- C:\Program Files\HP
2007-05-09 23:02:17 0 d-------- C:\Documents and Settings\Samantha\Application Data\Lavasoft
2007-05-09 23:01:51 0 d-------- C:\Program Files\Lavasoft
2007-05-09 22:17:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-09 21:40:32 0 d-------- C:\Program Files\Symantec
2007-05-09 21:40:32 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-05-09 21:40:31 0 d-------- C:\Program Files\Yahoo!
2007-05-09 20:26:41 0 d-------- C:\Program Files\Motive
2007-05-09 20:26:41 0 d-------- C:\Program Files\Common Files\Motive
2007-05-09 20:26:37 0 d-------- C:\Program Files\Motive(2)
2007-05-09 20:26:32 0 d-------- C:\Program Files\BT Broadband Desktop Help
2007-05-09 20:22:04 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-02 19:37:54 0 d-------- C:\Documents and Settings\Samantha\Application Data\FloodLightGames
2007-05-01 00:31:59 0 d-------- C:\Documents and Settings\Samantha\Application Data\Motive
2007-04-25 22:59:09 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-18 08:00:11 0 d-------- C:\Program Files\MSN Messenger
2007-04-16 21:49:01 0 d-------- C:\Documents and Settings\Samantha\Application Data\Real
2007-04-16 21:47:44 0 d-------- C:\Program Files\Common Files\xing shared
2007-04-16 21:47:39 0 d-------- C:\Program Files\Common Files\Real
2007-04-16 21:46:34 0 d-------- C:\Program Files\Real

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\Program Files\Yahoo!\Common\yiesrvc.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NeroCheck"="C:\\WINDOWS\\system32\\\\NeroCheck.ex e"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"StillMnt"="WCamRmv.exe /StartStillMnt"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"BtcMaestro"="C:\\Program Files\\SilvercrestOffice\\KMaestro.exe"
"NapsterShell"="C:\\Program Files\\Napster\\napster.exe /systray"
"btbb_wcm_McciTrayApp"="C:\\Program Files\\btbb_wcm\\McciTrayApp.exe"
"YBrowser"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwico n.exe"
"Motive SmartBridge"="C:\\PROGRA~1\\BTHOME~1\\Help\\SMARTB ~1\\BTHelpNotifier.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc. exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
"eyeBeam SIP Client"="\"C:\\Program Files\\BT Broadband Talk Softphone\\BTSoftphone.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run\BtcMaestro]
"ModelName"="Anubis 9128CRF"
"Version"="2.1.U-134AC MUL"
"Language"=dword:00000000
"KeyboardID"=dword:00000000
"MouseID"=dword:00000000
"KeyboardSID"=dword:00000000
"MouseSID"=dword:00000000
"RxSecret"=dword:00000000
"RMenuSel"=dword:00000000
"AddMouse"=dword:00000001
"JumpPickLevel"=dword:00000000
"KeyboardBat"=dword:00000000
"MouseBat"=dword:00000000
"KeyboardCh"=dword:00000000
"MouseCh"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run\BtcMaestro\Config]
"DisplayLabel"=dword:00000001
"TaskbarIcon"=dword:00000001
"Autoplay"=dword:00000001
"F091"="0Q;my music"
"L091"="My Music"
"F090"="0P;my pictures"
"L090"="My Pictures"
"F089"="0J;joystick on"
"L089"="Joy Stick ON"
"F088"="0J;joystick off"
"L088"="Joy Stick OFF"
"F087"="F;next track"
"L087"="Next Track"
"F086"="G;previous track"
"L086"="Previous Track"
"F085"="E;stop"
"L085"="Stop"
"F084"="0H;mouse fifth button"
"L084"="Mouse 5th Button"
"F083"="C;volume down"
"L083"="Volume Down"
"F082"="B;volume up"
"L082"="Volume Up"
"F081"="D;play"
"L081"="Play/Pause"
"F080"="0G;mouse fourth button"
"L080"="Mouse 4th Button"
"F079"="0F;scroll right"
"L079"="Middle + Wheel Down"
"F078"="0E;scroll left"
"L078"="Middle + Wheel Up"
"F077"="J;www(AC)"
"L077"="www"
"F076"="0I;quick jump"
"L076"="Mouse Middle Button"
"F075"="0F;scroll right"
"L075"="Middle + Right"
"F074"="0E;scroll left"
"L074"="Middle + Left"
"F073"="m;scroll down"
"L073"="Scroll Wheel Uown"
"F072"="l;scroll up"
"L072"="Scroll Wheel Up"
"F071"="0I;quick jump"
"L071"="Quick Jump"
"F070"="0F;scroll right"
"L070"="Scroll Right"
"F069"="0E;scroll left"
"L069"="Scroll Left"
"F068"="0D:set SID final"
"L068"="Set SID Final"
"F067"="0C

aint"
"L067"="Paint"
"F066"="0B;mouse middle button"
"L066"="Mouse Middle Button"
"F065"="0A;europe dollar(OF)"
"L065"="Europe Dollar"
"F064"="0-;reply all(OF)"
"L064"="Reply All"
"F063"="09;eject 2"
"L063"="Eject/Close 2"
"F062"="08:help(OF)"
"L062"="Help"
"F061"="07;redo(OF)"
"L061"="Redo"
"F060"="06;undo(OF)"
"L060"="Undo"
"F059"="05;task pane(OF)"
"L059"="Task pane"
"F058"="04;send(OF)"
"L058"="Send"
"F057"="03;f'ward(OF)"
"L057"="F'ward"
"F056"="02;reply(OF)"
"L056"="Reply"
"F055"="01;bullets(OF)"
"L055"="Bullets"
"F054"="00;spell(OF)"
"L054"="Spell"
"F053"="z;bold(OF)"
"L053"="Bold"
"F052"="y;replace(OF)"
"L052"="Replace"
"F051"="x;save(OF)"
"L051"="Save"
"F050"="w;open(OF)"
"L050"="Open"
"F049"="v;new(OF)"
"L049"="New"
"F048"="u;copy(OF)"
"L048"="Copy"
"F047"="t;cut(OF)"
"L047"="Cut"
"F046"="s;mark(OF)"
"L046"="Mark"
"F045"="r;paste(OF)"
"L045"="Paste"
"F044"="q;calendar(OF)"
"L044"="Calendar"
"F043"="p;power point(OF)"
"L043"="Power Point"
"F042"="o;excel(OF)"
"L042"="Excel"
"F041"="n;word(OF)"
"L041"="Word"
"F040"="m;scroll down"
"L040"="Scroll Down"
"F039"="l;scroll up"
"L039"="Scroll Up"
"F038"="k;Configure"
"L038"="Configure"
"F037"="j;keyboard and mouse battery low"
"L037"="SilvercrestOffice Keyboard and Mouse Battery Low"
"F036"="i;mouse battery low"
"L036"="SilvercrestOffice Mouse Battery Low"
"F035"="h;keyboard battery low"
"L035"="SilvercrestOffice Keyboard Battery Low"
"F034"="g;keyboard and mouse battery OK"
"L034"=""
"F033"="f:wake up"
"L033"="Wake Up"
"F032"="e:sleep"
"L032"="Sleep"
"F031"="d;power off"
"L031"="Power Off"
"F030"="c;mf"
"L030"="F-Lock"
"F029"="b;app. close"
"L029"="App. Close"
"F028"="a;app. switch"
"L028"="App. Switch"
"F027"="Z;log off"
"L027"="Log Off"
"F026"="Y;my computer"
"L026"="My Computer"
"F025"="X;refresh(AC)"
"L025"="www Refresh"
"F024"="W;print(OF)"
"L024"="Print"
"F023"="V;notepad"
"L023"="Notepad"
"F022"="U;explorer"
"L022"="Explorer"
"F021"="T;mediaplayer"
"L021"="Mediaplayer"
"F020"="S;my documents"
"L020"="My Documents"
"F019"="R;calculator"
"L019"="Calculator"
"F018"="Q;help(manual)"
"L018"="KeyMaestro Help"
"F017"="P;help(OS)"
"L017"="OS Help"
"F016"="O;favorite(AC)"
"L016"="www Favorite"
"F015"="N;search(AC)"
"L015"="www Search"
"F014"="M;forward(AC)"
"L014"="www Forward"
"F013"="L;back(AC)"
"L013"="www Back"
"F012"="K;stop(AC)"
"L012"="www Stop"
"F011"="J;www(AC)"
"L011"="www"
"F010"="I;email(AL)"
"L010"="Email"
"F009"="H;eject"
"L009"="Eject/Close"
"F008"="G;previous track"
"L008"="Previous Track"
"F007"="F;next track"
"L007"="Next Track"
"F006"="E;stop"
"L006"="Stop"
"F005"="D;play"
"L005"="Play/Pause"
"F004"="C;volume down"
"L004"="Volume Down"
"F003"="B;volume up"
"L003"="Volume Up"
"F002"="A;mute"
"L002"="Mute"
"F001"="-;none"
"L001"="None"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Guard

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

-- End of Deckard's System Scanner: finished at 2007-06-16 at 20:28:17 ---------

HappyBlonde · #17 (**permalink**) 16-06-2007, 09:36 PM

And the extra text DSS file...

Deckard's System Scanner v20070611.50
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron(tm) 2500+
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 255.48 MiB / 79.45 MiB
Pagefile Memory (total/avail): 619.09 MiB / 295.93 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1971.69 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.32 GiB total, 63.65 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: AVG 7.5.472 v7.5.472 (GRISOFT)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe:*:Enabled:Yah oo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avgine t.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgam svr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.ex e"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc. exe"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"="C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe:*:Enabled:Yah oo! Browser"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Samantha\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SAMANTHA-8125A3
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Samantha
LOGONSERVER=\\SAMANTHA-8125A3
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Samantha\LOCALS~1\Temp
TMP=C:\DOCUME~1\Samantha\LOCALS~1\Temp
USERDOMAIN=SAMANTHA-8125A3
USERNAME=Samantha
USERPROFILE=C:\Documents and Settings\Samantha
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Samantha (admin)
James.SAMANTHA-8125A3

-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\BTHOME~1\Help\Uninstall.exe btbb
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Agatha Christie Death on the Nile --> "C:\Program Files\MSN Games\Agatha Christie Death on the Nile\Uninstall.exe" "C:\Program Files\MSN Games\Agatha Christie Death on the Nile\install.log"
Ahead InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Bookworm Adventures --> "C:\Program Files\MSN Games\Bookworm Adventures\Uninstall.exe" "C:\Program Files\MSN Games\Bookworm Adventures\install.log"
Boom Voyage --> "C:\Program Files\MSN Games\Boom Voyage\Uninstall.exe" "C:\Program Files\MSN Games\Boom Voyage\install.log"
BT Broadband Desktop Help --> C:\WINDOWS\Motive\btbb\MCCUninst.exe
BT Home Hub --> C:\Program Files\BT Home Hub\Uninstall.exe
BT Softphone 1.5.3.6 --> "C:\Program Files\BT Broadband Talk Softphone\unins000.exe"
BT Wireless Connection Manager --> C:\Program Files\Common Files\Motive\InstallHelper.exe /dir=C:\Program Files\Common Files\Motive /uninstallvendor=btbb_wcm /uninstallkey=BT Wireless Connection Manager
BT Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CXT10B6 - HCF PCI Modem --> C:\UIU\CXT10B6\HXFSETUP.EXE -U -IVEN_14F1&DEV_10B6&SUBSYS_351716C5
FMC --> MsiExec.exe /I{FBFDEBCC-5018-47FE-AC6A-9ED61E78DAD9}
Hardware Doctor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A83008C-1F8B-46B8-850A-0123479C2344}\SETUP.EXE" -l0x9
Hidden Expedition Titanic --> "C:\Program Files\MSN Games\Hidden Expedition Titanic\Uninstall.exe" "C:\Program Files\MSN Games\Hidden Expedition Titanic\install.log"
HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe"
HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
IExplorer Security Plug-in --> "C:\Program Files\Video ActiveX Access\iesunst.exe"
Internet Explorer Secure Bar --> "C:\Program Files\Video ActiveX Access\iesbunst.exe"
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Magic Academy --> "C:\Program Files\MSN Games\Magic Academy\Uninstall.exe" "C:\Program Files\MSN Games\Magic Academy\install.log"
Messenger Service --> "C:\Program Files\Video ActiveX Access\imsunst.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst .exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe"
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Rainbow Mystery --> "C:\Program Files\MSN Games\Rainbow Mystery\Uninstall.exe" "C:\Program Files\MSN Games\Rainbow Mystery\install.log"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SAMSUNG PC Studio 2.0.9 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\ID river.exe /M{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}
Samsung USB Driver (MCCI 4.24) --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{77F09242-A107-4CB6-A295-D8656C2C3795}
Silvercrest Office Desktop Set Input Device Driver V2.1.U-134AC MUL --> C:\WINDOWS\system32\KmRemove.exe
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Travelogue 360 Paris --> "C:\Program Files\MSN Games\Travelogue 360 Paris\Uninstall.exe" "C:\Program Files\MSN Games\Travelogue 360 Paris\install.log"
VIA Rhine-Family Fast-Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VideoCAM Slim USB2 --> C:\WINDOWS\System\WCamRmv.EXE
VideoCAM Slim USB2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C289041A-3F52-4728-A65C-49DE1F67D7A8}\Setup.exe" -l0x9
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}

-- End of Deckard's System Scanner: finished at 2007-06-16 at 20:28:17 ---------

Sorry about this when you asked me to press the run scan only on the hijackthis. I pressed the other button and deleted it by mistake. I hope this is ok to do?

Neal · #18 (**permalink**) 17-06-2007, 07:19 AM

The only thing I see that is bad is that your sunjava is out of date and really does need to be taken care of pretty quick as the vundo trojan does exploit that and seems to be the number 1 infection these days, and here is how you do that:

Update Java:

* Go to Start > Control Panel double-click on the Software icon > add/remove programs.
* Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

It should have next icon next to it:

Select it and click Remove.
* The current version can be downloaded from Sun here: http://java.sun.com/javase/downloads/index.jsp Scroll down the page to 'Java Runtime Environment (JRE) 6u1 and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.

So tell me how things are doing now please, if good will have some tips and free programs for your consideration in helping to keep your PC safer while on the net. According to the last scan you did you have windows firewall as your firewall, it only protects on incoming problems not out going problems and you are urged to get a free firewall that protects from both directions and are included in my closeing comments if all things are well.

HappyBlonde · #19 (**permalink**) 18-06-2007, 05:18 PM

Hi I have downloaded Java and the virus I think has finally gone! But my speakers are a bit distorted. I seem to remember that one of the programmes I can't remember which one had to delete something from Audio? so I deleted it.. is there any way in which I can install it again?

Just to say a big thankyou for helping me to remove the nasty bug out of my system!

I have as promised made a donation for all the help and support that you have given me...

Many thanks!

Neal · #20 (**permalink**) 18-06-2007, 10:43 PM

You think it was with hijackthis something got fixed that shouldn't of. If that is the case, hijackthis makes backups in the backup folder and can be put back, if that is the case.

Thank you for the donation, D_A_L needs all it can get to keep this stuff free for folks.