1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

i surfed the net & now my pc has spyware pop ups,i copied the highjacker file for you to help me out

Discussion in 'Windows - Virus and spyware problems' started by engin123, Mar 28, 2008.

  1. engin123

    engin123 Guest

    here you are,i even had to clean it with mr sheens very own furniture polish,?joking

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:55:54, on 30/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\VM_STI.EXE
    C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\MemInfo\meminfo.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Kontiki\KService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
    O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
    O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [WinPatrol Helper DLL] C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
    O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MemInfo.lnk = C:\Program Files\MemInfo\meminfo.exe
    O4 - Startup: WordWeb.lnk = C:\Documents and Settings\EDDY\My Documents\WordWeb\wweb32.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1201727103468
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201727078062
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{99525DF8-A407-4756-8479-1E90AA2806D3}: NameServer = 62.30.112.39,194.117.134.19
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

    --
    End of file - 6276 bytes
     
  2. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Hey,

    Please read the entire instructions before commencing and ask if you have anything you are unsure of. Please pay close attention to what logs I am asking for in your next reply.

    1) Do a scan with SUPERAntiSpyware

    Download and scan with SUPERAntiSpyware

    [*]Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    [*]An icon will be created on your desktop. Double-click that icon to launch the program.
    [*]If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)

    [*]Under "Configuration and Preferences", click the Preferences button.
    [*]Click the Scanning Control tab.
    [*]Under Scanner Options make sure the following are checked (leave all others unchecked):

    [*]Close browsers before scanning.
    [*]Scan for tracking cookies.
    [*]Terminate memory threats before quarantining.

    [*]Click the "Close" button to leave the control center screen.
    [*]Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    [*]On the left, make sure you check C:\Fixed Drive.
    [*]On the right, under "Complete Scan", choose Perform Complete Scan.
    [*]Click "Next" to start the scan. Please be patient while it scans your computer.
    [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    [*]Make sure everything has a checkmark next to it and click "Next".
    [*]A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    [*]If asked if you want to reboot, click "Yes".
    [*]To retrieve the removal information after reboot, launch SUPERAntispyware again.

    [*]Click Preferences, then click the Statistics/Logs tab.
    [*]Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    [*]Please copy and paste the Scan Log results in your next reply.

    [*]Click Close to exit the program.

    --------------------------------------------------------------------------------

    2) Do a scan with MalwareBytes' Anti-Malware

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.

    [*]Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    [*]If an update is found, it will download and install the latest version.
    [*]Once the program has loaded, select "Perform Quick Scan", then click Scan.
    [*]The scan may take some time to finish,so please be patient.
    [*]When the scan is complete, click OK, then Show Results to view the results.
    [*]Make sure that everything is checked, and click Remove Selected.
    [*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    [*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    [*]Copy&Paste the entire report in your next reply.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

    ----------------------------------------------------------------------

    In your next reply (please include the following):

    Fresh HijackThis log
    SUPERAntispyware scan log
    MalwareBytes' Anti-Malware Scan log
    Tell me how your computer is doing


    Go!

    ~Ltangel~
     
  3. engin123

    engin123 Guest

    im at the stage where iv'e ticked the 3 items that you wanted me to tick,aka checked,but when i go to the next part where it says in red close browsers yes iv'e done that but the other two lines in red say scan for tracking cookies & the 3rd line in red saying terminate memory threats before quarentining how do you do that in the preferences section you have 7 buttons you can click

    on to do different things & you have another two buttons down bellow that says manage allowed items & manage exclusive folders but how tracking cookies & the 3rd line in red saying terminate memory threats before quarentining how do you do that in the preferences section
     
  4. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    It's under Scanning Control>Scanner Options, look carefully.
     
  5. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Time for me to go to bed again, just post all the logs I've asked you to post when you are done, I'll have a look tomorrow. :)

    ~Ltangel~
     
  6. engin123

    engin123 Guest

    well heres the log print you wanted from the superantispyware,
    what i would also like you to answer me bruce is would i have to delete them when we finish or can i please keep them,the items all that you have made me put onto my system they all are frre aint they bruce,

    i want to keep them if i ever get this problem again,& if i ever can get you to help me again in the future at least i would have all of the items of software on my desk top,

    do you also have a link to the best freeware sight where everything to do with pcs are all there,

    not no trial versions or buying versions please my pc gets a cold when they come on
    good night my brother,i will log back on with you uk time from 6am,god bless you your family & your friends

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 03/30/2008 at 03:49 PM

    Application Version : 4.0.1154

    Core Rules Database Version : 3427
    Trace Rules Database Version: 1419

    Scan type : Complete Scan
    Total Scan Time : 00:19:32

    Memory items scanned : 419
    Memory threats detected : 0
    Registry items scanned : 6201
    Registry threats detected : 31
    File items scanned : 23673
    File threats detected : 75

    Adware.Tracking Cookie
    C:\Documents and Settings\EDDY\Cookies\eddy@2643378[2].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@secure.advancedcleaner[1].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@server.iad.liveperson[1].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@tracking.summitmedia.co[1].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@advancedcleaner[1].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@indexstats[2].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@msnportal.112.2o7[1].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@adlegend[1].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@ad1.emediate[1].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@overture[1].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@statse.webtrendslive[1].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@rdr.hitmngr[1].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@revsci[2].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@antispykit[1].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@indextools[2].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@tracker.fullcontactzone[1].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@www.virusheat[1].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@www.malwarecore[1].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@counter.hitslink[1].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@setanta.112.2o7[1].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@winanonymous[1].txt
    C:\Documents and Settings\EDDY\Cookies\eddy@ads.pointroll[2].txt

    Malware.SpyShredder
    HKU\S-1-5-21-1659004503-813497703-682003330-1003\Software\SpyShredder
    HKU\S-1-5-21-1659004503-813497703-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run#SpyShredder [ C:\Program Files\SpyShredder\SpyShredder.exe ]
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0047604.EXE

    Rogue.ErrorFighter
    HKLM\Software\ugac
    HKLM\Software\ugac#DomainName

    Rogue.AntiSpyKit
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\byjegmgjS
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\cmnFMzkOEwg
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Control
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\gjsvniDt
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\HXAoo
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\InprocServer32
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\InprocServer32#ThreadingModel
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\InprocServer32#InprocServer32
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\MiscStatus
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\MiscStatus\1
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\nDuqNvLitg
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\ProgID
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Programmable
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\ToolboxBitmap32
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\TypeLib
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Version
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\VersionIndependentProgID
    HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\wotqycejlzDwp

    Malware.LocusSoftware Inc/WinSpyControl
    C:\Documents and Settings\EDDY\Application Data\WinSpyControl\Logs\threats.log
    C:\Documents and Settings\EDDY\Application Data\WinSpyControl\Logs\update.log
    C:\Documents and Settings\EDDY\Application Data\WinSpyControl\Logs
    C:\Documents and Settings\EDDY\Application Data\WinSpyControl
    C:\WinSpyControl\AVQuar
    C:\WINDOWS\..\WinSpyControl

    Rogue.WinPCDoctor
    C:\Program Files\Common Files\WinPCDoctor

    Rogue.VirusHeat
    C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\EDDY\LOCALS~1\TEMP\BR13D1.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046932.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP104\A0046971.EXE

    Rogue.WinPCDoctor-Installer
    C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\EDDY\LOCALS~1\TEMP\NI.UGDC_0001_N122M2603\SETUP.EXE
    C:\DOCUMENTS AND SETTINGS\EDDY\APPLICATION DATA\INSTALLER_EN[1].EXE

    Rogue.AdvancedCleaner
    C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\EDDY\LOCALS~1\TEMP\UADC_0001_D10M0502\INSTALLER.EXE

    Rogue.NetProject-Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046892.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046914.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046927.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046948.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP105\A0047325.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP105\A0047423.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP106\A0047442.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0047493.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0047503.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0047990.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0048193.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0048238.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0049238.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP109\A0049247.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP110\A0049541.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP110\A0049830.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP111\A0049881.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP116\A0050152.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP116\A0051140.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP117\A0051187.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP117\A0051197.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP118\A0051210.EXE

    Malware.VirusRanger
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046953.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046961.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046963.EXE

    Rogue.StorageProtector/Trace
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP104\A0046972.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP104\A0046973.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP48\A0012299.EXE

    Malware.MalwareStopper
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP104\A0046976.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP104\A0046977.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP104\A0046978.DLL

    Rogue.AVSystemCare/Component
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP113\A0049930.EXE

    Trojan.Unclassified/Rogue-Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP113\A0049931.EXE

    Rogue.LocusSoftware-Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP113\A0049932.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP116\A0050158.EXE

    Adware.E404 Helper/Variant-A
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP114\A0049941.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP114\A0049942.DLL

    Trojan.FakeAlert-Gen/Variant
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP118\A0051395.DLL

    Adware.Jraun/WinEssential
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP31\A0005308.EXE

     
  7. engin123

    engin123 Guest

    im enjoying this so much im getting the first plain out for you to teach me to be a profeeor in the science of the mind of a pc,joking,just to let you know here is your log from malwarebytes'anti-malware

    Malwarebytes' Anti-Malware 1.09
    Database version: 568

    Scan type: Quick Scan
    Objects scanned: 30086
    Time elapsed: 2 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 19
    Registry Values Infected: 3
    Registry Data Items Infected: 0
    Folders Infected: 7
    Files Infected: 11

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{14e6d991-db22-4661-981d-20c168d6847b} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2242513c-f5e9-41b3-bc89-4d9daf487450} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3b489b37-fc1b-45c8-b1ce-78d9aef5b336} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3d6a6e24-fdff-418e-a93d-9fbdcba377af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e318e44-0c35-4292-af91-18dd17795636} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{495349a3-3a35-465f-88df-6ccfc1348246} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{575e8879-d6cf-4992-a7fe-651da9277bcb} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{76a15001-ff88-47ee-9e34-9f68e34246af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{819a1c55-735f-4696-8727-3772ec87ad26} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8dc7e656-ffbc-4ba2-af81-1c6c4fe04407} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a86bed71-2b56-4778-9c48-829a3d01c687} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ae119e11-cf86-43cb-91aa-1acf2bbf9ec6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b5a1ce7f-011d-4475-98db-076aaf3b1d18} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b667f141-171c-4ac6-bd2b-8e0c646fb920} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{da4f8351-05ef-4956-b9ab-1093b732436f} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e1e4e46d-53b8-45dc-abf0-3e7adef79012} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{83b0cadc-ea64-4ac6-822a-3ece95f44da6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\WinAnonymous (Rogue.WinAnonymous) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{8113b5de-f7eb-4154-a311-497fb80d8bd0} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\Common Files\SecurePCCleaner (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Yourprivacyguard (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\EDDY\Application Data\SpywareRemover (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Settings (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Documents and Settings\All Users\Application Data\Yourprivacyguard\Abbr (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Yourprivacyguard\prod_code (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\ac (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\em (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\oid (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\user (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\WinPCDoctor.exe.cer (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\EDDY\Application Data\SpywareRemover\rs.dat (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Log\2008 Feb 02 - 05_13_12 PM_578.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Log\2008 Feb 02 - 05_13_16 PM_875.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Settings\ScanResults.pie (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
     
  8. engin123

    engin123 Guest

    heres the last log is itthe same log you will know once you read it now,thank you i think maybe by monday we might be able to complete it all then on the small remanding issues i you can just help me with them that would be great,as im no longer talking to my so called friend who did't want to help me with the pc nomore i don't have anyone left to help me out,plus im house bound most of the times being the fact that im disabled & have acute memory loss & learning difficulties,thank you for being patient with me,we have done so well,is there two logs mabe its the same one i just sent it to you twice

    Malwarebytes' Anti-Malware 1.09
    Database version: 568

    Scan type: Quick Scan
    Objects scanned: 30086
    Time elapsed: 2 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 19
    Registry Values Infected: 3
    Registry Data Items Infected: 0
    Folders Infected: 7
    Files Infected: 11

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{14e6d991-db22-4661-981d-20c168d6847b} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2242513c-f5e9-41b3-bc89-4d9daf487450} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3b489b37-fc1b-45c8-b1ce-78d9aef5b336} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3d6a6e24-fdff-418e-a93d-9fbdcba377af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e318e44-0c35-4292-af91-18dd17795636} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{495349a3-3a35-465f-88df-6ccfc1348246} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{575e8879-d6cf-4992-a7fe-651da9277bcb} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{76a15001-ff88-47ee-9e34-9f68e34246af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{819a1c55-735f-4696-8727-3772ec87ad26} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8dc7e656-ffbc-4ba2-af81-1c6c4fe04407} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a86bed71-2b56-4778-9c48-829a3d01c687} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ae119e11-cf86-43cb-91aa-1acf2bbf9ec6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b5a1ce7f-011d-4475-98db-076aaf3b1d18} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b667f141-171c-4ac6-bd2b-8e0c646fb920} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{da4f8351-05ef-4956-b9ab-1093b732436f} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e1e4e46d-53b8-45dc-abf0-3e7adef79012} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{83b0cadc-ea64-4ac6-822a-3ece95f44da6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\WinAnonymous (Rogue.WinAnonymous) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{8113b5de-f7eb-4154-a311-497fb80d8bd0} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\Common Files\SecurePCCleaner (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Yourprivacyguard (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\EDDY\Application Data\SpywareRemover (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Settings (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Documents and Settings\All Users\Application Data\Yourprivacyguard\Abbr (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Yourprivacyguard\prod_code (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\ac (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\em (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\oid (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\user (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\WinPCDoctor.exe.cer (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\EDDY\Application Data\SpywareRemover\rs.dat (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Log\2008 Feb 02 - 05_13_12 PM_578.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Log\2008 Feb 02 - 05_13_16 PM_875.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Settings\ScanResults.pie (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
     
  9. engin123

    engin123 Guest

    im ready bruce if you are,have you got all the details that you ned if so lets start from where we left off to you i should now be saying good afternoon
     
  10. engin123

    engin123 Guest

    im ready bruce if you are,have you got all the details that you ned if so lets start from where we left off to you i should now be saying good afternoon also avg is doing a scan now saying i threat trojan horse downloader.Generic7.CRX,ITS SCANNING NOW,& WHEN I MOVE FROM PAGE TO PAGE ON AFTERDAWN.COM,MY EXPLORER 7 IS MAKING a squeeky sound,from any page that sound is coming on
     
  11. engin123

    engin123 Guest

    hi bruce the avg has finished its scan & it has treated the trojan now there is o errors,googdie goodie,but only when im on atfterdawn.com im getting this whistling sound its anoying me,i hope you are ok i have not heard from you yet which is not like you,you usually first thing send me a reply to be repling to my messages that you wanted the results,by the fact that i thought that iv'e sent you all the infomation,maybe you are working today or busy,all then i can do is patiently wait until you reply im home all day,im going out after 4pm uk,thats after your bed time so i should here from you long before then i hope,until i fix this problem i cant use my pc to download & do what i usually do,i did download a codecs video audio k-lite codecs pack full from your web site,& i downloaded a boxing streming setup for streming boxing fights live for free from all around the world called how to box,this is there web site link http://how-to-box.com/boxing/content/how-to-box-tv
     
  12. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Hey,

    I just got back from school, sorry for the late reply. Sorry to hear about your health condition, please take care of you health, as it is the most important thing in your life. No worries, I'll help you fix your problem. :)

    Besides the squeaky sound on IE7, are there any problems with your computer?

    Please download Deckard's System Scanner (DSS) and save it to your Desktop.

    [*]Close all other windows before proceeding.
    [*]Double-click on dss.exe and follow the prompts.
    [*]When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

    Go!

    ~Ltangel~
     
  13. engin123

    engin123 Guest

    i don't understand what am i supose to do now,i thought you would be giving me information now on what to do now,if you give up on me now then how would i know what to do,by reading your message it sounded to me as if you saw a message & you just reply saying hi then bye,i wont be able to use my pc then if we cant finish off what we have started even on the reboot its slow it shouldn't be is it still in safe mode the back ground is all blue,my plcture i had on there before is not on my desktop,

    & i wanted help with the whisterling sound when ever im going from page to page on your site,at the end i just would have asked you to send me a list so that in future i can try to combat it myself,

    i don't think i can but thats why i wanted you to be as patient as me,i told you already that my so called friend has let me down big time so i have no one left to help me,if you are giving up on me have i done something to afend you if so please tell me,haven;t i got that already on my system,

    its just that like in marriages & friendships people just give up on each other to quickly & for the silliest of things so i feel that way to because its happened to me ,i always say if it wasn't for bad luck i wouldn't have any luck at all
     
  14. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    I never say I'm giving up on you. You said your computer has a squeaky sound, that's why I ask you to download Deckard's system scan and let me see what's wrong with your computer.

    Also, please tell me if there are any other problems you are having with your computer, so I can help you in a better way.

     
  15. engin123

    engin123 Guest

    this is the main txt -notepad i don't know about the second one

    Deckard's System Scanner v20071014.68
    Run by EDDY on 2008-03-31 09:27:00
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as EDDY.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:27:03, on 31/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\VM_STI.EXE
    C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\MemInfo\meminfo.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Kontiki\KService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\EDDY\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\EDDY.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
    O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
    O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [WinPatrol Helper DLL] C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MemInfo.lnk = C:\Program Files\MemInfo\meminfo.exe
    O4 - Startup: WordWeb.lnk = C:\Documents and Settings\EDDY\My Documents\WordWeb\wweb32.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1201727103468
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201727078062
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{99525DF8-A407-4756-8479-1E90AA2806D3}: NameServer = 62.30.112.39,194.117.134.19
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

    --
    End of file - 6465 bytes

    -- Files created between 2008-02-29 and 2008-03-31 -----------------------------

    2008-03-31 07:17:37 0 d-------- C:\Program Files\SopCast
    2008-03-31 03:22:01 164352 --a------ C:\WINDOWS\system32\unrar.dll
    2008-03-31 03:21:59 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
    2008-03-31 03:21:59 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2008-03-31 03:21:59 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
    2008-03-31 03:21:58 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-03-31 03:21:58 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-03-31 03:21:58 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
    2008-03-31 03:21:57 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2008-03-31 03:21:56 0 d-------- C:\Program Files\K-Lite Codec Pack
    2008-03-30 16:24:00 0 d-------- C:\Documents and Settings\EDDY\Application Data\Malwarebytes
    2008-03-30 16:23:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-03-30 16:23:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-03-30 14:41:23 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-03-30 14:41:08 0 d-------- C:\Program Files\SUPERAntiSpyware
    2008-03-30 14:41:07 0 d-------- C:\Documents and Settings\EDDY\Application Data\SUPERAntiSpyware.com
    2008-03-30 10:41:23 924 --a------ C:\WINDOWS\system32\tmp.reg
    2008-03-30 09:32:05 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-03-30 09:32:05 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2008-03-30 09:32:05 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
    2008-03-30 09:32:05 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2008-03-30 09:32:05 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2008-03-30 09:32:05 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
    2008-03-30 09:32:05 51200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-03-29 16:49:23 0 d-------- C:\y
    2008-03-29 13:46:19 0 d-------- C:\Program Files\DS Clock
    2008-03-29 11:50:59 0 d-------- C:\cmdcons
    2008-03-29 04:07:56 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
    2008-03-28 19:38:26 68096 --a------ C:\WINDOWS\system32\zip.exe
    2008-03-28 19:38:26 98816 --a------ C:\WINDOWS\system32\sed.exe
    2008-03-28 19:38:26 80412 --a------ C:\WINDOWS\system32\grep.exe
    2008-03-28 19:38:26 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-03-28 15:12:33 0 dr-h----- C:\$VAULT$.AVG
    2008-03-28 14:15:54 0 d-------- C:\Documents and Settings\EDDY\Application Data\AVG7
    2008-03-28 14:15:46 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-03-28 14:15:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-28 14:15:30 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2008-03-28 08:45:57 0 d-------- C:\UBCD4Win
    2008-03-28 02:46:19 0 d-------- C:\Program Files\Trend Micro
    2008-03-28 02:37:46 0 d-------- C:\Program Files\Microsoft Silverlight
    2008-03-28 01:57:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-28 00:01:14 0 d-------- C:\WINDOWS\system32\299914
    2008-03-27 21:40:55 0 d-------- C:\Program Files\Lavasoft
    2008-03-27 21:40:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-27 21:40:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-27 19:48:55 0 dr-h----- C:\Documents and Settings\EDDY\Recent
    2008-03-27 13:00:09 0 d-------- C:\Program Files\CCleaner
    2008-03-24 12:22:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    2008-03-23 15:11:22 0 d-------- C:\Documents and Settings\EDDY\Application Data\MozillaControl
    2008-03-23 11:24:49 0 d-------- C:\Documents and Settings\EDDY\Application Data\Opera
    2008-03-22 22:16:04 0 d-------- C:\Documents and Settings\EDDY\AbiSuite
    2008-03-22 19:30:41 0 d-------- C:\Program Files\LingvoSoft
    2008-03-22 19:13:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Transparent
    2008-03-20 13:58:30 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
    2008-03-19 01:32:46 81984 --a------ C:\WINDOWS\system32\bdod.bin
    2008-03-19 01:27:21 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
    2008-03-19 00:36:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
    2008-03-19 00:36:12 216576 --a------ C:\WINDOWS\system32\monln.dll <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
    2008-03-15 20:34:08 0 d-------- C:\Program Files\DivX
    2008-03-15 20:28:29 36734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
    2008-03-15 20:04:51 0 d-------- C:\Program Files\Common Files\xing shared
    2008-03-11 13:09:41 0 d-------- C:\Program Files\Kontiki
    2008-03-11 13:09:41 0 d-------- C:\logs3
    2008-03-11 13:09:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
    2008-03-11 13:09:23 0 d-------- C:\WINDOWS\Downloaded Installations
    2008-03-06 01:05:37 0 d-------- C:\Documents and Settings\EDDY\Application Data\Real
    2008-03-02 07:54:26 56832 --a------ C:\WINDOWS\system32\Iyvu9_32.dll
    2008-03-02 07:54:26 27648 --a------ C:\WINDOWS\system32\ir50_lcs.dll <Not Verified; Intel Corporation.; Intel Indeo® video 5.0 LC>
    2008-03-02 07:54:09 305152 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
    2008-03-02 07:51:00 0 d-------- C:\Program Files\LEAD Technologies, Inc
    2008-03-02 07:35:04 62464 --a------ C:\WINDOWS\system32\cygz.dll
    2008-03-02 07:35:04 1208320 --a------ C:\WINDOWS\system32\cygxml2-2.dll
    2008-03-02 07:35:04 1153417 --a------ C:\WINDOWS\system32\cygwin1.dll <Not Verified; Red Hat; Cygwin>
    2008-03-02 07:35:04 980992 --a------ C:\WINDOWS\system32\cygiconv-2.dll
    2008-03-02 07:33:57 57344 --a------ C:\WINDOWS\system32\WNASPINT.DLL <Not Verified; NexiTech, Inc.; NexiTech ASPI for Win32>
    2008-03-01 19:34:45 0 d-------- C:\Program Files\iPod


    -- Find3M Report ---------------------------------------------------------------

    2008-03-30 16:31:21 0 d-------- C:\Program Files\Common Files
    2008-03-29 21:13:24 0 d-------- C:\Documents and Settings\EDDY\Application Data\Azureus
    2008-03-28 10:28:06 0 d-------- C:\Documents and Settings\EDDY\Application Data\Vso
    2008-03-28 10:28:05 668 --a------ C:\Documents and Settings\EDDY\Application Data\vso_ts_preview.xml
    2008-03-27 21:30:25 0 d-------- C:\Program Files\Windows Media Connect 2
    2008-03-27 03:40:00 6397 --a------ C:\Documents and Settings\EDDY\Application Data\update.log
    2008-03-25 22:39:00 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-03-25 14:04:56 0 d-------- C:\Program Files\Azureus
    2008-03-25 10:57:13 0 d-------- C:\Documents and Settings\EDDY\Application Data\uTorrent
    2008-03-24 17:02:39 0 d-------- C:\Program Files\IObit
    2008-03-24 11:35:11 0 d-------- C:\Documents and Settings\EDDY\Application Data\CopyToDvd
    2008-03-20 13:58:54 0 d-------- C:\Documents and Settings\EDDY\Application Data\Mozilla
    2008-03-19 02:05:13 0 d-------- C:\Program Files\XP Smoker
    2008-03-17 23:31:51 0 d-------- C:\Documents and Settings\EDDY\Application Data\BSplayer PRO
    2008-03-15 20:10:00 0 d-------- C:\Documents and Settings\EDDY\Application Data\DivX
    2008-03-14 23:48:10 0 d-------- C:\Documents and Settings\EDDY\Application Data\DVD Flick
    2008-03-02 07:36:17 0 d-------- C:\Program Files\Cucusoft
    2008-03-01 19:34:56 0 d-------- C:\Program Files\iTunes
    2008-02-21 03:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-02-21 03:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2008-02-21 03:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 03:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 03:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-02-18 14:13:14 0 d-------- C:\Program Files\NCH Swift Sound
    2008-02-15 03:44:08 0 d-------- C:\Program Files\Driver Magician
    2008-02-15 02:19:03 0 d-------- C:\Documents and Settings\EDDY\Application Data\Help
    2008-02-10 19:29:35 0 d-------- C:\Documents and Settings\EDDY\Application Data\ImgBurn
    2008-02-10 19:29:11 0 d-------- C:\Program Files\ImgBurn
    2008-02-10 01:00:44 0 d-------- C:\Program Files\Alwil Software
    2008-02-09 21:03:52 0 d-------- C:\Documents and Settings\EDDY\Application Data\Any DVD Converter Professional
    2008-02-09 21:00:49 0 d-------- C:\Program Files\Any DVD Converter Professional
    2008-02-09 20:53:20 0 d-------- C:\Documents and Settings\EDDY\Application Data\Media Player Classic
    2008-02-09 20:51:54 680 --a------ C:\Documents and Settings\EDDY\Application Data\coreavc.ini
    2008-02-08 23:50:25 0 d-------- C:\Program Files\iSofter
    2008-02-06 22:29:10 0 d-------- C:\Documents and Settings\EDDY\Application Data\Nero
    2008-02-05 23:05:06 0 d-------- C:\Program Files\VSO
    2008-02-05 16:19:29 0 d-------- C:\Documents and Settings\EDDY\Application Data\NCH Swift Sound
    2008-02-05 11:43:54 0 d-------- C:\Documents and Settings\EDDY\Application Data\Launchy
    2008-02-05 10:30:17 0 d-------- C:\Documents and Settings\EDDY\Application Data\VSO_HWE
    2008-02-04 21:51:15 0 d-------- C:\Documents and Settings\EDDY\Application Data\Ahead
    2008-02-04 21:18:29 0 d-------- C:\Program Files\MSECache
    2008-02-04 20:59:33 0 d-------- C:\Program Files\Microsoft DirectX SDK (November 2007)
    2008-02-04 19:04:39 0 d-------- C:\Program Files\Noël Danjou
    2008-02-04 08:20:46 0 d-------- C:\Program Files\MemInfo
    2008-02-02 20:55:19 0 d-------- C:\Documents and Settings\EDDY\Application Data\IObit
    2008-02-02 19:18:36 0 d-------- C:\Program Files\Common Files\Adobe
    2008-02-02 18:08:34 0 d-------- C:\Documents and Settings\EDDY\Application Data\Avant Profiles
    2008-02-02 18:08:31 0 d-------- C:\Program Files\Avant Browser
    2008-02-02 17:59:45 0 d-------- C:\Program Files\Citi-Software
    2008-02-02 17:17:06 0 d-------- C:\Program Files\NCH Software
    2008-02-02 00:01:14 0 d-------- C:\Program Files\Cool PDF Reader
    2008-02-01 23:32:14 0 d-------- C:\Program Files\Machinist2DLL
    2008-02-01 22:49:28 0 d-------- C:\Program Files\007DVD
    2008-02-01 10:31:39 0 dr------- C:\Documents and Settings\EDDY\Application Data\Brother
    2008-02-01 10:17:42 50 --a------ C:\WINDOWS\system32\bridf07a.dat
    2008-02-01 10:17:29 0 d-------- C:\Program Files\Brother
    2008-02-01 10:15:57 0 d-------- C:\Documents and Settings\EDDY\Application Data\InstallShield
    2008-02-01 10:14:56 0 d-------- C:\Program Files\Nuance
    2008-02-01 10:13:42 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
    2008-02-01 10:13:38 0 d-------- C:\Program Files\Common Files\InstallShield
    2008-02-01 10:13:24 0 d-------- C:\Program Files\ScanSoft
    2008-02-01 09:05:19 0 d-------- C:\Program Files\uTorrent
    2008-02-01 02:00:58 0 d-------- C:\Program Files\Real
    2008-02-01 01:42:44 0 d-------- C:\Program Files\AC3Filter
    2008-02-01 01:18:46 0 d-------- C:\Program Files\coverXP
    2008-02-01 01:07:28 0 d-------- C:\Program Files\DVDFab Gold 4
    2008-02-01 00:56:41 34 --a------ C:\Documents and Settings\EDDY\Application Data\pcouffin.log
    2008-02-01 00:56:36 47360 --a------ C:\Documents and Settings\EDDY\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
    2008-02-01 00:56:36 1144 --a------ C:\Documents and Settings\EDDY\Application Data\pcouffin.inf
    2008-02-01 00:56:36 7887 --a------ C:\Documents and Settings\EDDY\Application Data\pcouffin.cat
    2008-02-01 00:56:35 0 d-------- C:\Program Files\DVDFab Platinum 4
    2008-02-01 00:50:08 0 d-------- C:\Documents and Settings\EDDY\Application Data\Apple Computer
    2008-02-01 00:49:35 0 d-------- C:\Program Files\Bonjour
    2008-02-01 00:48:29 0 d-------- C:\Program Files\Apple Software Update
    2008-02-01 00:48:05 0 d-------- C:\Program Files\Common Files\Apple
    2008-02-01 00:34:38 0 d-------- C:\Documents and Settings\EDDY\Application Data\WinPatrol
    2008-02-01 00:34:30 0 d-------- C:\Program Files\BillP Studios
    2008-02-01 00:17:33 0 d-------- C:\Documents and Settings\EDDY\Application Data\Adobe
    2008-01-31 23:42:23 0 d-------- C:\Program Files\Windows Live
    2008-01-31 23:40:15 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-01-31 23:20:31 0 d-------- C:\Program Files\Messenger
    2008-01-31 22:07:37 0 d-------- C:\Documents and Settings\EDDY\Application Data\LimeWire
    2008-01-31 22:04:37 0 d-------- C:\Program Files\LimeWire
    2008-01-31 21:35:27 0 d-------- C:\Program Files\Vimicro
    2008-01-31 21:32:04 0 d-------- C:\Program Files\Xvid
    2008-01-31 03:31:12 0 d-------- C:\Program Files\Microsoft Works
    2008-01-31 03:30:57 0 d-------- C:\Program Files\MSBuild
    2008-01-31 03:29:23 0 d-------- C:\Program Files\Microsoft.NET
    2008-01-31 03:27:38 0 d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-01-31 00:41:23 0 d-------- C:\Program Files\Common Files\Ahead
    2008-01-31 00:34:49 0 d-------- C:\Program Files\Nero
    2008-01-31 00:31:15 0 d-------- C:\Documents and Settings\EDDY\Application Data\vlc
    2008-01-31 00:28:39 0 d-------- C:\Program Files\VideoLAN
    2008-01-31 00:26:52 1167 --a------ C:\WINDOWS\mozver.dat
    2008-01-31 00:23:17 0 d-------- C:\Documents and Settings\EDDY\Application Data\Macromedia
    2008-01-31 00:12:31 0 d-------- C:\Documents and Settings\EDDY\Application Data\Sun
    2008-01-31 00:03:20 0 d-------- C:\Program Files\Java
    2008-01-31 00:01:58 0 d-------- C:\Program Files\Common Files\Java
    2008-01-30 03:48:09 25004 --a------ C:\WINDOWS\system32\tcpipbak.reg
    2008-01-30 03:34:19 0 --a------ C:\WINDOWS\nsreg.dat
    2008-01-30 02:18:49 0 -rahs---- C:\MSDOS.SYS
    2008-01-30 02:18:49 0 -rahs---- C:\IO.SYS
    2008-01-30 02:18:49 0 --a------ C:\CONFIG.SYS
    2008-01-30 02:18:49 0 --a------ C:\AUTOEXEC.BAT
    2008-01-30 02:15:33 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2008-01-30 02:07:28 62 --ahs---- C:\Documents and Settings\EDDY\Application Data\desktop.ini


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
    "BigDogPath"="C:\WINDOWS\VM_STI.exe" [09/06/2004 16:37]
    "SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [08/01/2008 00:29]
    "SM_IAN"="C:\Program Files\AdvancedCleaner Free\ian_monitor.exe" []
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [28/03/2008 14:15]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinPatrol Helper DLL"="C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll" [27/01/2008 06:38]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
    "kdx"="C:\Program Files\Kontiki\KHost.exe" [27/02/2008 18:56]
    "DS Clock"="C:\Program Files\DS Clock\dsclock.exe" []
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [29/02/2008 16:03]

    C:\Documents and Settings\EDDY\Start Menu\Programs\Startup\
    MemInfo.lnk - C:\Program Files\MemInfo\meminfo.exe [13/01/2008 18:16:32]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=1 (0x1)
    "HideStartupScripts"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=1 (0x1)
    "HideStartupScripts"=0 (0x0)
    "disableregistrytools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)
    "NoResolveSearch"=1 (0x1)
    "NoStartMenuEjectPC"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDFSTab"=0 (0x0)
    "NoSecurityTab"=0 (0x0)
    "NoHardwareTab"=0 (0x0)
    "NoToolbarCustomize"=1 (0x1)
    "NoBandCustomize"=0 (0x0)
    "NoFileMenu"=0 (0x0)
    "NoPropertiesMyComputer"=0 (0x0)
    "NoFileAssociate"=0 (0x0)
    "NoLowDiskSpaceChecks"=1 (0x1)
    "NoInstrumentation"=1 (0x1)
    "LinkResolveIgnoreLinkInfo"=0 (0x0)
    "ClearRecentDocsOnExit"=0 (0x0)
    "NoDesktopCleanupWizard"=1 (0x1)
    "NoRecentDocsHistory"=1 (0x1)
    "NoRecycleFiles"=1 (0x1)
    "NoWelcomeScreen"=1 (0x1)
    "NoStartMenuEjectPC"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
    C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    *Newly Created Service* - SASDIFSV



    -- End of Deckard's System Scanner: finished at 2008-03-31 09:27:25 ------------

     
  16. engin123

    engin123 Guest

    ok i will ive sent you the log but there is not another one,i will contact you in 25 minutes so any repies just send them thanks
     
  17. engin123

    engin123 Guest

    this link has just come to me bout avg free 8.0,shall i download it im back & ready as ever now,i think where we should start would be yes to solve that prom of them scans you looked at with the highjacker this log but were at that stage where i need to open my pc to you to allow you to also know what i have installed on my pc in my add & remove,

    & for what i have in my programs in the c:/ drive,what do you think then you can tell me what i need to delete & what is harmfull to me & what is safe for me to keep then you can ask me what is it that i use the pc for mainly then we will have a great understanding of you knowing what iv'e got so you then are not working blindly with me,do you agree how can we do it,

    are you allowed to do that thing that windows give you a free trial go where you can take over my pc from where you are & you then can see what is what its much less work plus i can see what you are also doing,or can you tell me how to step by step on how to copy & paste all what i have in add & remove & all that i have in programs in c:/drive,not al things can be copied or pasted but for those with the know how they do know iv'e

    always needed that type of know how so that it helps me help the expert to know what problem im suffering with is there a free software for this i believe bruce this is the best way forward,
    Your AVG Anti-Virus Free 7.5 AVG Internet Security 8.0

    Anti-Virus
    Anti-Spyware
    Anti-Rootkit
    Anti-Spam
    Firewall
    Safe Search
    Safe Surf
    Safe Downloads
    Safe Instant Messaging
    AVG 8.0 offers a winning combination
    Virus Bulletin reviews the new AVG 8.0
    "The combination of a wide range of features – including some nice innovations – with much improved design and usability, stability, unexceptionable system impact and highly impressive detection, seems like a winning one."
    - Virus Bulletin, March 2008

    Trusted by millions of users
    AVG products are running on over 70 million computers worldwide.

     
  18. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Hey,

    Please follow my instructions closely.

    1. Fix with HijackThis

    Please reopen HijackThis, and "Do a system scan only" and put a check to the entries below:

    O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe


    Now close all other windows and browsers, and click "Fix checked". Close HijackThis.

    Please go to Add or Remove Programs and remove the following program (if present):

    AdvancedCleaner Free
    SopCast
    uTorrent
    LimeWire

    Then, please use Windows Explorer and search and delete the following folder/files (if present):

    c:\program files\AdvancedCleaner Free\
    c:\program files\SopCast\
    c:\program files\uTorrent\
    c:\program files\LimeWire\
    C:\WINDOWS\system32\299914\
    C:\Documents and Settings\EDDY\Application Data\uTorrent\
    C:\WINDOWS\system32\bdod.bin


    After that, Reboot, and post a new HijackThis log here in a reply.

    ------------------------------------------------------------------------

    2. Update your Java

    Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:

    * Download the latest version of Java here.
    * Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java (they begin with "J2SE Runtime Environment or Java (tm)...").
    * It may prompt you to reboot once you have removed previous versions, please click "Yes" if the prompt comes up.
    * Finally, install the latest version of Java you have downloaded earlier.

    ------------------------------------------------------------------------

    3. Do an online scan with Panda Active Scan

    Please go HERE to run Panda's TotalScan
    • Select the bubble for Full scan
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • Then the scan will begin
    • When the scan completes, click the Save button on the right of Scan details
    • Save it to a convenient location. Post the contents of the TotalScan report.

      ------------------------------------------------------------------------

      In your next reply (please include):

      Fresh HijackThis log
      ActiveScan report


      Go!

      ~Ltangel~
     
  19. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    I don't need an uninstall list, just follow my intructions above will do. Your PC is almost done with the cleaning. :)

    ~Ltangel~
     
  20. engin123

    engin123 Guest

    ok i will do that now you can answer the questions later on my last message i sent to yo,i mainly use the pc for surfing the net & for downloading music now & again & for movies boxing,

    i have got u-torrents i use that as my downloading platform if you can advise me with a better bug free & privacy free one that would be good i use azureuz to,lime wire i use it for music its the only one i have for music if you can also get me a free bug free one but a different name,

    & if you can also explain whats wrong with these 4 or 5 items that need to be deleted,i do also use a few different software that i use frequently for converting & making it a dvd to be conbatale with all uk dvd players,so them items are so important to me plus my itunes,

    plus i have installed some different types of video & audio codecs wich i need to do these convertions,but the audio is not always in sync,with this new hd,then you hd246 or something like that when i do them sometimes im getting crackling sounds,

    i need an audio codecs that can do all up to date audios as well as all the older ones,to me this is very important i hope you can try to understand me,being im house bound most of the time what else is there to do,thank you
     

Share This Page