Over 1 million tech questions and answers.

OH the Agony of pop-ups!

Q: OH the Agony of pop-ups!

Deckard's System Scanner v20070826.66
Run by Chad on 2007-08-31 01:43:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
31: 2007-08-31 05:44:01 UTC - RP188 - Deckard's System Scanner Restore Point
30: 2007-08-30 08:34:58 UTC - RP187 - Software Distribution Service 3.0
29: 2007-08-30 06:47:12 UTC - RP186 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
28: 2007-08-30 03:18:06 UTC - RP185 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
27: 2007-08-28 23:30:38 UTC - RP184 - System Checkpoint


-- First Restore Point --
1: 2007-08-07 21:29:00 UTC - RP158 - Installed Windows Media Player 10


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Chad.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:03 AM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\aspimgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\swkrojpy.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ServicePackFiles\winlogon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\ServicePackFiles\mmsx.exe
C:\WINDOWS\ServicePackFiles\free.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\Chad\Desktop\stinger3.exe
C:\Documents and Settings\Chad\Local Settings\Temporary Internet Files\Content.IE5\KAHWLN6F\dss[1].exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/0...ir.asp?Ext=pdf
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F3 - REG:win.ini: run=C:\WINDOWS\ServicePackFiles\winlogon.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {15CD9C30-672B-4739-88AA-2EC4AD7C7354} - C:\WINDOWS\system32\ddayw.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {5621007F-BBEE-4674-8077-94C3591DE7C3} - C:\WINDOWS\system32\ddcbcaa.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Editor plugin - {810C7383-C49D-40a8-AB80-59DBA271DAFA} - milis.dll (file missing)
O2 - BHO: HttpGuard - {98B822AD-6BE7-49BC-B773-97240B774080} - C:\WINDOWS\system32\AClient.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\IECodecPl.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\bcnmiilm.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\winlogon.exe
O4 - HKCU\..\Run: [xem] C:\WINDOWS\ServicePackFiles\winlogon.exe
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/ega...s4_1064_XP.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resourc...scbase3401.cab
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/ega...1068_em_XP.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1184222438420
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://us2-scripts.dlv4.com/binaries...s4_1061_XP.cab
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binari...SS_1074_XP.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {FA1D6D8F-C6ED-4752-8512-A33283240130} - http://scripts.dlv4.com/binaries/ega...s4_1066_XP.cab
O16 - DPF: {FBF65A16-C9AB-465E-AECE-D2D9D5AB5E60} - http://scripts.dlv4.com/binaries/ega...s4_1067_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{266FD8F0-9BCE-477D-A327-B36ABFB18BBB}: NameServer = 69.50.176.158,85.255.112.8
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: ddayw - C:\WINDOWS\system32\ddayw.dll
O20 - Winlogon Notify: ddcbcaa - C:\WINDOWS\SYSTEM32\ddcbcaa.dll
O20 - Winlogon Notify: winqgb32 - C:\WINDOWS\SYSTEM32\winqgb32.dll
O21 - SSODL: wmphost - {F82CA7E0-96FA-49C2-962A-0EA252B69555} - (no file)
O21 - SSODL: wmpdev - {4893C8AE-BFB1-42AD-B313-3039AD6862E8} - C:\WINDOWS\wmpdev.dll (file missing)
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe
O23 - Service: asurscsi - Unknown owner - C:\DOCUME~1\ANGELA~1\LOCALS~1\Temp\MSI1A.tmp (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\swkrojpy.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

--
End of file - 12005 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>

S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing)
S1 ensqio - c:\windows\system32\drivers\ensqio.sys (file missing)
S1 sbpcint4 (SB PCI128) - c:\windows\system32\drivers\sbpcint4.sys (file missing)
S1 vspf - c:\windows\system32\drivers\vspf5.sys (file missing)
S1 vspf_hk - c:\windows\system32\drivers\vspf_hk5.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aspimgr (Microsoft ASPI Manager) - c:\windows\system32\aspimgr.exe
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 DomainService - c:\windows\system32\swkrojpy.exe /service <Not Verified; ; DDC>

S2 asurscsi - c:\docume~1\angela~1\locals~1\temp\msi1a.tmp (file missing)
S2 MCVSRte (McAfee.com VirusScan Online Realtime Engine) - c:\progra~1\mcafee.com\vso\mcvsrte.exe /embedding (file missing)
S2 Network Monitor - c:\program files\network monitor\netmon.exe service (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_24CD&SUBSYS_53528086&REV_01\3&267A616A&0&EF
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_24CD&SUBSYS_53528086&REV_01\3&267A616A&0&EF
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-08-31 01:01:45 440 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2007-08-30 04:22:29 338 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-08-30 04:22:28 330 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-08-30 04:12:00 726 --a------ C:\WINDOWS\Tasks\McAfee Cleanup.job
2007-08-30 03:00:00 374 --a------ C:\WINDOWS\Tasks\RegCure.job
2007-08-27 14:18:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-03-11 16:47:41 436 --a------ C:\WINDOWS\Tasks\SpyWareKiller.job


-- Files created between 2007-07-31 and 2007-08-31 -----------------------------

2007-08-31 01:08:51 125504 --a------ C:\WINDOWS\system32\rdivktxn.dll
2007-08-31 01:03:23 75328 --a------ C:\WINDOWS\system32\hsxoxtub.exe <Not Verified; ; DDC>
2007-08-30 10:19:42 0 d-------- C:\Documents and Settings\Angela.ANGELAHOME\Application Data\COMCASTTOOLBAR
2007-08-30 06:14:21 0 d-------- C:\Program Files\ComcastToolbar
2007-08-30 06:14:21 0 d-------- C:\Documents and Settings\Chad\Application Data\ComcastToolbar
2007-08-30 04:28:42 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2007-08-30 04:21:41 0 d-------- C:\Program Files\McAfee.com
2007-08-30 04:20:44 0 d-------- C:\Program Files\Common Files\McAfee
2007-08-30 04:20:21 0 d-------- C:\Program Files\McAfee
2007-08-30 04:13:12 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-08-30 03:12:42 0 d-------- C:\WINDOWS\privacy_danger
2007-08-30 02:48:39 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-08-30 02:22:10 0 d-------- C:\Documents and Settings\Chad\www.google.com
2007-08-29 23:18:34 0 d-------- C:\Program Files\STOPzilla!
2007-08-29 23:18:32 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-08-29 23:04:57 14336 --a------ C:\WINDOWS\winvip.exe
2007-08-29 22:22:46 0 d-------- C:\Webcam Live!
2007-08-29 22:04:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2007-08-29 22:01:52 125504 --a------ C:\WINDOWS\system32\brtmaccb.dll
2007-08-29 21:56:08 70208 --a------ C:\WINDOWS\system32\bcnmiilm.dll
2007-08-29 21:52:48 75328 --a------ C:\WINDOWS\system32\swkrojpy.exe <Not Verified; ; DDC>
2007-08-29 21:50:05 0 --a------ C:\WINDOWS\system32\nftiduhj.exe
2007-08-29 21:50:04 1705135 ---hs---- C:\WINDOWS\system32\wyadd.bak2
2007-08-28 23:25:33 20464 --a------ C:\WINDOWS\system32\3253360941.dll
2007-08-28 23:00:31 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-28 23:00:31 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-28 23:00:31 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-28 23:00:31 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-08-28 23:00:31 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-28 23:00:31 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-28 23:00:31 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-08-28 23:00:31 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-28 23:00:31 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-08-28 23:00:31 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-28 23:00:31 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-08-28 23:00:31 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-28 23:00:31 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-28 23:00:30 262144 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-08-28 18:03:52 0 --a------ C:\WINDOWS\system32\gtv_sd.bin
2007-08-28 17:59:01 0 d--hs---- C:\found.000
2007-08-28 17:52:20 20464 --a------ C:\WINDOWS\system32\21522034241.dll
2007-08-28 17:52:07 61440 --a------ C:\WINDOWS\system32\aspimgr.exe
2007-08-28 17:51:40 0 --a------ C:\WINDOWS\retadpu27.exe
2007-08-28 17:51:38 0 --a------ C:\WINDOWS\system32\wvlvmaac.exe
2007-08-28 17:51:38 155648 --a------ C:\WINDOWS\system32\GoogleBot.exe
2007-08-28 17:50:54 31010 --a------ C:\WINDOWS\system32\spoolsvv.exe
2007-08-28 17:50:30 31010 --a------ C:\WINDOWS\system32\vedxga4m1et4.exe
2007-08-28 17:50:29 5922 --a------ C:\WINDOWS\system32\vedxg6ame4.exe
2007-08-28 17:50:28 0 --a------ C:\WINDOWS\system32\vedxga5me3.exe
2007-08-28 17:50:27 5632 --a------ C:\WINDOWS\system32\vedxga3me2.exe
2007-08-28 17:50:27 7970 --a------ C:\WINDOWS\system32\vedxg4am1et2.exe
2007-08-28 17:50:27 13824 --a------ C:\WINDOWS\system32\max1d1164v.exe
2007-08-28 17:50:26 0 --a------ C:\WINDOWS\system32\vedxga4me1.exe
2007-08-28 17:50:26 0 --a------ C:\WINDOWS\system32\vedxga1me4t1.exe
2007-08-28 17:50:25 1 --a------ C:\i
2007-08-28 17:50:08 932 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-08-28 17:50:05 8856 --a------ C:\WINDOWS\system32\dllh8jkd1q7.exe
2007-08-28 17:50:02 8856 --a------ C:\WINDOWS\system32\dllh8jkd1q6.exe
2007-08-28 17:49:54 1174840 --a------ C:\Documents and Settings\NetworkService\Application Data\Install.dat
2007-08-28 17:49:54 1174840 --a------ C:\Documents and Settings\LocalService\Application Data\Install.dat
2007-08-28 17:49:53 8856 --a------ C:\WINDOWS\system32\dllh8jkd1q5.exe
2007-08-28 17:49:51 23192 --a------ C:\WINDOWS\system32\dllh8jkd1q2.exe
2007-08-28 17:49:50 1 --a------ C:\WINDOWS\system32\ps.dat
2007-08-28 17:49:50 6442 --a------ C:\WINDOWS\system32\dllh8jkd1q1.exe
2007-08-28 17:49:50 1 --a------ C:\WINDOWS\system32\cookie.dat
2007-08-28 17:49:49 16 --a------ C:\WINDOWS\system32\dllh8jkd1q8.exe
2007-08-28 17:49:12 11554 --a------ C:\WINDOWS\system32\kernelwind32.exe
2007-08-28 17:48:24 0 d-------- C:\WINDOWS\system32\f06WtR
2007-08-28 17:48:24 57354 --a------ C:\WINDOWS\system32\dwdsrngt.exe
2007-08-28 17:47:31 21504 --a------ C:\WINDOWS\system32\mstdmc.exe
2007-08-28 17:47:31 111 --a------ C:\WINDOWS\system32\drivers\fee
2007-08-28 17:47:26 59392 --a------ C:\epulp.exe
2007-08-28 17:47:22 15360 --a------ C:\WINDOWS\system32\drvjudr.dll
2007-08-28 17:47:22 93696 --a------ C:\WINDOWS\system32\drvjud.dll
2007-08-28 17:47:21 43542 --a------ C:\WINDOWS\system32\iifccya.dll
2007-08-28 17:46:03 15360 --a------ C:\WINDOWS\system32\drvmadr.dll
2007-08-28 17:46:03 93696 --a------ C:\WINDOWS\system32\drvmad.dll
2007-08-28 17:45:56 43542 --a------ C:\WINDOWS\system32\fcccbcd.dll
2007-08-28 17:45:43 0 --a------ C:\WINDOWS\system32\stani.dll
2007-08-28 17:45:39 1600719 ---hs---- C:\WINDOWS\system32\wyadd.bak1
2007-08-28 17:45:31 298080 --a------ C:\WINDOWS\system32\ddayw.dll
2007-08-28 17:43:54 0 d-------- C:\Program Files\WinPop
2007-08-28 17:43:54 0 d-------- C:\Program Files\InetGet2
2007-08-28 17:40:38 2 --a------ C:\-262391314
2007-08-28 17:40:32 0 --a------ C:\WINDOWS\retadpu2000352.exe
2007-08-28 17:40:30 15360 --a------ C:\WINDOWS\system32\drvgosr.dll
2007-08-28 17:40:30 93696 --a------ C:\WINDOWS\system32\drvgos.dll
2007-08-28 17:40:28 43542 --a------ C:\WINDOWS\system32\ddcbcaa.dll
2007-08-28 17:24:38 0 d-------- C:\Program Files\RegCure
2007-08-28 05:09:39 50688 --a------ C:\WINDOWS\main_uninstaller.exe
2007-08-28 05:08:16 0 d-------- C:\Program Files\VideoAccessCodec
2007-08-27 14:01:09 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-08-27 13:44:22 0 d-------- C:\Program Files\Common Files\PocketSoft
2007-08-27 13:44:15 0 d-------- C:\Program Files\RedlightCenter
2007-08-21 01:44:32 0 d-------- C:\Program Files\PC Wizard 2007
2007-08-20 03:53:57 0 d-------- C:\Program Files\midi2wav
2007-08-20 03:39:21 0 d-------- C:\Program Files\MIDI TO WAV 1.0 DEMO
2007-08-14 14:27:00 0 d-------- C:\Documents and Settings\Chad\Application Data\Garritan
2007-08-14 14:11:17 0 d-------- C:\Program Files\Garritan Personal Orchestra
2007-08-13 19:18:18 0 d-------- C:\Program Files\Veoh Networks
2007-08-12 23:58:39 0 d-------- C:\Program Files\Finale NotePad 2007
2007-08-12 23:21:27 0 d-------- C:\Program Files\eMule
2007-08-12 21:30:28 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2007-08-12 21:29:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-12 21:29:17 0 d-------- C:\Psfonts
2007-08-12 21:26:46 0 d-------- C:\Program Files\Finale 2006
2007-08-12 19:45:36 0 d-------- C:\Program Files\Audacity
2007-08-09 20:13:30 0 dr-h----- C:\MSOCache
2007-08-09 19:26:32 20002 --a------ C:\WINDOWS\system\Windows32.dll
2007-08-09 19:26:31 0 d-------- C:\Program Files\DesktopUSArmyBFC
2007-08-09 19:25:47 0 d-------- C:\Program Files\Common Files\Download Manager
2007-08-07 17:35:25 0 d-------- C:\Program Files\Windows Media Connect 2
2007-08-07 17:31:35 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-07 17:26:45 0 d-------- C:\Documents and Settings\Angela.ANGELAHOME\Application Data\WinRAR
2007-08-05 20:42:11 0 d-------- C:\Program Files\Common Files\SupportSoft
2007-08-05 02:41:17 22585 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys <Not Verified; Adaptec; Adaptec's CDRAL>
2007-08-05 02:41:12 206240 --a------ C:\WINDOWS\system32\drivers\UdfReadr.sys <Not Verified; Adaptec; UDF Reader Driver>
2007-08-05 02:41:12 52720 --a------ C:\WINDOWS\system32\drivers\cdr4_2K.sys <Not Verified; Adaptec; Adaptec's CD-R Helper Drivers>
2007-08-05 02:41:12 45056 --a------ C:\WINDOWS\system32\cdrtc.dll <Not Verified; Adaptec; Adaptec's CD-R Helper Drivers>
2007-08-02 14:50:47 0 d-------- C:\Documents and Settings\Angela.ANGELAHOME\Application Data\Mozilla
2007-08-02 14:50:02 0 d-------- C:\Documents and Settings\Angela.ANGELAHOME\Application Data\SecondLife
2007-08-02 14:11:21 0 d-------- C:\The Lord of the Rings- The Fellowship of the Ring
2007-08-02 14:09:14 0 d-------- C:\Documents and Settings\Angela.ANGELAHOME\Application Data\.BitZip


-- Find3M Report ---------------------------------------------------------------

2007-08-31 01:48:15 0 d-------- C:\Program Files\Network Monitor
2007-08-31 01:47:31 0 d-------- C:\Program Files\Trend Micro
2007-08-30 06:14:24 0 d-------- C:\Program Files\Common Files\Scanner
2007-08-30 06:11:29 423424 --a------ C:\WINDOWS\system32\AClient.dll
2007-08-30 04:20:44 0 d-a------ C:\Program Files\Common Files
2007-08-29 00:27:45 245248 --a------ C:\WINDOWS\system32\mswsock.dll <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
2007-08-28 17:40:29 5594 --a------ C:\WINDOWS\system32\qgfyhgxs.dat
2007-08-28 03:29:22 0 d-------- C:\Documents and Settings\Chad\Application Data\uTorrent
2007-08-27 13:44:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-14 23:46:25 0 d-------- C:\Program Files\Vstplugins
2007-08-12 21:38:01 0 d-------- C:\Program Files\Java
2007-08-08 03:29:49 0 d-------- C:\Program Files\IrfanView
2007-08-07 21:49:32 0 d-------- C:\Program Files\SecondLife
2007-08-07 17:02:10 265497 --a------ C:\WINDOWS\system32\qgfyhgxs_nav.dat
2007-08-05 20:46:36 0 d-------- C:\Program Files\support.com
2007-08-05 02:08:28 0 d-------- C:\Program Files\NoteWorthy Composer
2007-08-04 20:47:26 0 d-------- C:\Documents and Settings\Chad\Application Data\Adobe
2007-07-30 22:25:00 0 d-------- C:\Program Files\QuickTime
2007-07-30 22:19:29 0 d-------- C:\Program Files\Apple Software Update
2007-07-28 00:09:23 0 d-------- C:\Documents and Settings\Chad\Application Data\SecondLife
2007-07-28 00:07:51 0 d-------- C:\Documents and Settings\Chad\Application Data\Mozilla
2007-07-27 14:50:58 0 d-------- C:\Program Files\Runtime Software
2007-07-27 14:43:20 0 d-------- C:\Program Files\HDD Recovery Pro
2007-07-26 18:13:28 0 d-------- C:\Program Files\Data Doctor Recovery FAT+NTFS (Demo)
2007-07-26 12:18:38 0 d-------- C:\Program Files\The KMPlayer
2007-07-26 11:51:31 0 d-------- C:\Program Files\MP4 Video Player
2007-07-26 11:48:09 0 d-------- C:\Program Files\Microsoft Games
2007-07-26 11:28:47 164980 --a------ C:\WINDOWS\Video Cleaner Uninstaller.exe
2007-07-26 11:28:44 0 d-------- C:\Documents and Settings\Chad\Application Data\River Past G5
2007-07-26 11:28:43 0 d-------- C:\Program Files\River Past
2007-07-26 11:28:43 0 d-------- C:\Program Files\Common Files\River Past
2007-07-23 22:51:02 0 d-------- C:\Program Files\AGEIA Technologies
2007-07-23 22:49:47 0 d-------- C:\Program Files\Kuma Games
2007-07-21 03:56:12 0 d-------- C:\Program Files\MSXML 4.0
2007-07-21 01:00:26 925696 --a------ C:\WINDOWS\Flight Simulator Screensaver.scr
2007-07-21 01:00:25 0 d-------- C:\Program Files\Longgame
2007-07-21 00:53:16 0 d-------- C:\Program Files\The Weather Channel FW
2007-07-21 00:50:15 0 d-------- C:\Program Files\Freeze.com
2007-07-21 00:50:10 0 d-------- C:\Program Files\Free Offers from Freeze.com
2007-07-20 02:32:22 0 d-------- C:\Documents and Settings\Chad\Application Data\Talkback
2007-07-20 02:29:20 0 d-------- C:\Program Files\DivX
2007-07-20 02:07:06 0 d-------- C:\Program Files\Hotbar
2007-07-20 01:21:20 0 d-------- C:\Documents and Settings\Chad\Application Data\.BitZip
2007-07-20 01:08:48 0 d-------- C:\Program Files\BitZip
2007-07-20 00:16:36 0 d-------- C:\Documents and Settings\Chad\Application Data\Yahoo!
2007-07-19 23:38:49 0 d-------- C:\Program Files\Yahoo!
2007-07-18 14:42:54 0 d-------- C:\Program Files\Common Files\Java
2007-07-17 00:58:55 0 d-------- C:\Program Files\Virtual Earth 3D
2007-07-15 04:16:54 0 d-------- C:\Program Files\Creative
2007-07-14 03:14:50 0 d-------- C:\Program Files\Messenger
2007-07-14 02:34:32 0 d-------- C:\Program Files\AWC
2007-07-14 02:29:23 0 d-------- C:\Program Files\Desktop Wallpaper Timer
2007-07-14 01:57:13 0 d-------- C:\Program Files\Bonjour
2007-07-14 01:57:08 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-14 01:33:31 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-14 00:14:28 0 d-------- C:\Program Files\Movie Maker
2007-07-14 00:09:11 0 d-------- C:\Program Files\Windows NT
2007-07-13 17:51:53 0 d-------- C:\Documents and Settings\Chad\Application Data\WinRAR
2007-07-13 16:27:41 0 d-------- C:\Program Files\utorrent
2007-07-13 02:56:56 0 d-------- C:\Program Files\BitTorrent
2007-07-12 20:25:47 0 d-------- C:\Documents and Settings\Chad\Application Data\Viewpoint
2007-07-12 03:48:09 0 d-------- C:\Documents and Settings\Chad\Application Data\BitTorrent
2007-07-12 01:41:53 0 d-------- C:\Program Files\AIM6
2007-07-12 01:34:39 0 d-------- C:\Documents and Settings\Chad\Application Data\Google
2007-07-12 01:34:29 0 d-------- C:\Program Files\Google
2007-07-12 01:30:07 0 d-------- C:\Documents and Settings\Chad\Application Data\IrfanView
2007-07-12 00:42:03 0 d-------- C:\Program Files\Common Files\AOL
2007-07-12 00:38:04 0 d-------- C:\Documents and Settings\Chad\Application Data\AOL


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15CD9C30-672B-4739-88AA-2EC4AD7C7354}]
08/28/2007 05:45 PM 298080 --a------ C:\WINDOWS\system32\ddayw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5621007F-BBEE-4674-8077-94C3591DE7C3}]
08/28/2007 05:40 PM 43542 --a------ C:\WINDOWS\system32\ddcbcaa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{810C7383-C49D-40a8-AB80-59DBA271DAFA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98B822AD-6BE7-49BC-B773-97240B774080}]
08/30/2007 06:11 AM 423424 --a------ C:\WINDOWS\system32\AClient.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}]
07/20/2006 05:41 PM 111616 --a------ C:\WINDOWS\IECodecPl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
08/29/2007 09:56 PM 70208 --a------ C:\WINDOWS\system32\bcnmiilm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xem"="C:\WINDOWS\ServicePackFiles\winlogon.exe" [08/28/2007 11:11 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xem"="C:\WINDOWS\ServicePackFiles\winlogon.exe" [08/28/2007 11:11 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5621007F-BBEE-4674-8077-94C3591DE7C3}"= C:\WINDOWS\system32\ddcbcaa.dll [08/28/2007 05:40 PM 43542]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wmpdev"= {4893C8AE-BFB1-42AD-B313-3039AD6862E8} - C:\WINDOWS\wmpdev.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayw]
C:\WINDOWS\system32\ddayw.dll 08/28/2007 05:45 PM 298080 C:\WINDOWS\system32\ddayw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbcaa]
ddcbcaa.dll 08/28/2007 05:40 PM 43542 C:\WINDOWS\system32\ddcbcaa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winqgb32]
winqgb32.dll 08/28/2003 05:48 PM 19968 C:\WINDOWS\system32\winqgb32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= c:\windows\system32\ldcore.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - MFERKDK

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}]
C:\WINDOWS\system32\nusrmgr.exe



-- End of Deckard's System Scanner: finished at 2007-08-31 01:51:09 ------------

RELEVANCY SCORE 200
Preferred Solution: OH the Agony of pop-ups!

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: OH the Agony of pop-ups!

Please download SmitfraudFix
Extract the files to the Desktop

~~~~
Now, start the computer in Safe Mode:When the machine first starts again, tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Press Enter to boot into Safe Mode.
Open SmitfraudFix Double-click smitfraudfix.cmd
Select Option 2 - Clean by typing 2 and press Enter (Deletes infected files)
You are prompted: Do you want to clean the registry? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool also checks if a relevant file, wininet.dll, is infected.
You may be prompted to replace the infected file (if found).
Replace infected file? Answer Y (yes) and hit Enter to restore a clean file.

~~~~
Restart the computer to complete the removal process.

~~~~
Also download ComboFix
Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Please run HijackThis once again to obtain a new log.

~~~~
Please post the SmitFraudFix report located at C:\rapport.txt , the ComboFix.txt, and a new HijackThis log.

Read other 1 answers
RELEVANCY SCORE 46.8

I ran chkdsk when starting windows and it has been running for two days and no end in sight at all! What to do? And i desperately need a laptop.

Please help!

Read other answers
RELEVANCY SCORE 46.8

Despite my efforts to maintain a clean and safe computer, something miserable has bitten me. I'm not entirely sure what the issue is, but I know something unusual is going on.

Here are some signs and symptoms ...

Recently, after periods of unattended downloading, I would lose internet connectivity. The only way I could regain connectivity would be to reboot. Reboot would take what felt like forever. Sometimes there would be a windows dialogue box asking for login credentials for dial-up, which is odd considering I am not on dial. Recently, it has been discovered that all boot ups are agonizingly slow with apparent lengthy periods of inactivity (ie hard disk activity, or even a signal being sent to the monitor) On average, 4-5 minutes to boot up.

Today, while surfing, my AVG anti-virus went crazy picking up immediate virii from websites that were appearing out of know where. Bam Bam Bam Bam! A new virus infected webpage auto opens and is caught by AVG. There was also an unusual blue webpage titled windows critical update that could not be closed. I use Firefox, not IE, but if I recall, these websites may have been hosted by IE.

I have randomly been asked on occasion to shut down.

I have lost ability to access regedit (says the administrator has removed privledges, even in safe mode as the administrator). Even known workarounds commonly available on the internet have failed.

I am unable to run Adaware ... it says it's already running, when it's not ... that I ... Read more

A:Agony With wmpscfgs.exe

Kaspersky Labs Online file scanner has identified the file wmpscfgs.exe as being infected with Trojan-Dropper.Win32.Agent.bsmw .

There is very little reference material online regarding this virus.

Since posting original message, I have scanned again with onboard AVG virus can, and online Housecall scan. Both identified several other virii, but not the one in question. These secondary virii were removed as part of the scan process.

Read other 6 answers
RELEVANCY SCORE 46.8

I hope someone out there will help me! I have this Movieland thing going on and it's driving me nuts. I read Jelly_tots post earlier today and followed the advice as far as the HijackThis log, but now I need to know what to do from here!! Please help me! The log is below:
Thank you!!

Logfile of HijackThis v1.99.1
Scan saved at 5:00:19 PM, on 11/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MediaPipe\MPTray.exe
C:\Program Files\AltPayments\AltPayments.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\Program Files\MediaPipe\DownloadManager.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hewlett-Pack... Read more

A:Movieland agony

Read other 7 answers
RELEVANCY SCORE 46.4

Hello Peeps,    I just received T520 package today and my excitement suddenly turned to grief when I saw a bright glowing red dot on my screen. OMG... a dead pixel right out of the box! Did I just drop my hard earned grand that I have been saving for months on something that would bug me for the rest of the products life?    I quickly searched Lenovo's dead pixel policy and almost fainted when I found out the unit has to have at least 3 dead pixels to be considered for replacement noooooooo...wahhhh....boohohoho..sob       Why did they ship out a unit with dead pixel??? I'm pretty sure it was NOT missed by QA because it glows like a laser beam in the dark and a dead pixel would not develop while in transit!           I'm going to contact Lenovo post sales tomorrow and really hoping something can be done. I know some of you will consider this as another guy who got a dead pixel rant, but man, when someone spend this amount of cash, and I'm not rich, I would at least expect to receive a non-defective product. Oh Lordy, I should have trusted my instinct and buy something of this value in a brick and mortar store. Hoping for the best but this night would not be a pleasant one. Sigh,Jason   













Solved!

Go to Solution.

A:Dead Pixel Agony

You just got it and you're not satisfied you can return it.So return it.The End





T520 Model 4239 Intel(R) Core(TM) i7-2860QMbr>; Nvidia NVS 4200M Win 10 64bitZ70-80 I7 - 5500U 16GB GB - 1TB HD Win 10 64bit FHD 17.3", G840 w/2GB

Read other 9 answers
RELEVANCY SCORE 46.4

can anyone tell me if sound card drivers exist for a sbt-sp6c 6 channel 5.1 surround sound audio card to run in vista x64? the card has two chips on it. the large one is a forte media fm 801-au. the small chip is a realtek alc650.

i have not been able to find the correct drivers to install the card in my pc. i have tried many different drivers and none have worked. i've tried all the realtek sound drivers. none have worked. i have downloaded the latest forte media drivers i can find. they don't work with vista x64.

please, help if you can. it's very frustrating not being able to install the sound card.

thanks in advance.

A:sound card agony 2

Originally Posted by glennpalmore


can anyone tell me if sound card drivers exist for a sbt-sp6c 6 channel 5.1 surround sound audio card to run in vista x64? the card has two chips on it. the large one is a forte media fm 801-au. the small chip is a realtek alc650.

i have not been able to find the correct drivers to install the card in my pc. i have tried many different drivers and none have worked. i've tried all the realtek sound drivers. none have worked. i have downloaded the latest forte media drivers i can find. they don't work with vista x64.

please, help if you can. it's very frustrating not being able to install the sound card.

thanks in advance.



Hi Glenn, Welcome to the Forum.

The best answer here is probably to buy a new sound card

Pooch

Read other 2 answers
RELEVANCY SCORE 46.4

Hi Everyone,

Here is the dilemma that I am currently in. I just installed XP on a WD 40GB hard drive. I have been using a maxtor 80GB up till now for storage. Well, I want to transfer all the digital photos and files (Which I have yet to burn, by the way). and put them onto the 40GB. I see both HDs on bios. I see both HDs in device manager. I dont see BOTH hard drives in MY COMPUTER!!! From what I keep reading, the only way windows will see the 80GB is if I partition/format it. There is one problem with that: I will lose all of my files if I partition/format it. Is there a way I can transfer these much needed files over??? PLEASE HELP!!!!

Thanks,
JGC77
 

A:Hard drive agony -- please help

Why can't you use the Data Lifeguard Tools diskette that came with you WD HD? I just put a new WD in last month and I only formatted the new drive before copying over data.
 

Read other 2 answers
RELEVANCY SCORE 46.4

Hi all, after loosing my desktop Medion PC - maybe consecutive to audio folder downloaded + win media player plugin download (post in Vista forum)- now the VAIO lapton win can't start windows. Can't remember how to satrt in safe mode and then what should I do. PLEASE HELP, urgent all my work is stock in these 2 PCs. I only got one PC left.
Thanks Thanks Thans for URGENT HELP>
 

A:Solved: laptop in agony

Read other 7 answers
RELEVANCY SCORE 46.4

MS Update installed a Realtek driver that really does not agree with my system. I'm fine with the MS 5 High Def version.

Ever time I g to device manager and programs & features and delete it and spec the MS generic version I'm good for about a minute then the Realtek gets installed. Even after I delete the folder in programs. I am totally stumped here as this version MS is pushing out is really having problems and I cant make it go away.

I have gone to advanced settings and set it to prevent downloading ANY driver updates at all. It keeps coming back.

I've tried just about everything I can find on Google. I'd really appreciate some help on this. It began happening after this past Tuesdays update. I had other issues (now solved) with that update

A:MS Realtek driver agony - please help

The following steps worked for me...
First uninstall the faulty driver, but do not restart your machine until you do the following:

Type"Device Installation Settings" in your Windows search box. A result named "Change device installation settings" should show up.

?Choose No

Once that's done, you have to go into the Windows Update Settings and change it to "Notify Schedule a restart".

Now go ahead and do a restart.

At this point, the driver won't automatically install, but will be listed in Windows Update. Microsoft expects you to install it anyways. What you need to do is hide it from Windows Update. Download the "Show or hideupdates" troubleshooter package

https://support.microsoft.com/en-us/kb/3073930

That tool will then let you see what's in Windows update and you can then hide it from Windows update.

Read other 0 answers
RELEVANCY SCORE 46.4

Hi Everyone,

Here is the dilemma that I am currently in. I just installed XP on a WD 40GB hard drive. I have been using a maxtor 80GB up till now for storage. Well, I want to transfer all the digital photos and files (Which I have yet to burn, by the way). and put them onto the 40GB. I see both HDs on bios. I see both HDs in device manager. I dont see BOTH hard drives in MY COMPUTER!!! From what I keep reading, the only way windows will see the 80GB is if I partition/format it. There is one problem with that: I will lose all of my files if I partition/format it. Is there a way I can transfer these much needed files over??? PLEASE HELP!!!!

Thanks,
JGC77
 

A:hard drive agony -- please help!!

I had a Western digital and a Maxtor HDD together in a system a few years ago. I can remember that they didn't both work together. Since then, I have sort of become brand loyal and only use Maxtor (Western digital and most others are just as good)-I don't mix hard drives. Most drives will work together but occasionally you get two that don't and you can avoid the possibility of this by just using one brand. If this is the case, then you might be able to put them both on different IDE channels long enough to transfer files.
If it isn't brand compatability, then check to see (in cmos) that your unrecognised drive is using the same access mode as it was before when it worked, probably LBA. If it is somehow set to a different mode, then what you described is exactly what happens.
In event of a corrupted partition, you may need to buy some partition salvaging software. One peice of software you can get for free usually on the Maxtor site is Maxblast, which runs on DR. DOS (one comes with each new boxed HDD too, if you still have it somewhere). If you download this HDD installation disc, and put it on a floppy it will give you a lot of great utilities to install and troubleshoot Maxtor hard drives.
One more thing to check is the cable. I have had ribbon cables that had one wire break somewhere and even though the drive continued to work, funny things would happen. You do have the proper 80 pin (not 40 pin) IDE cables, right?
 

Read other 2 answers
RELEVANCY SCORE 46.4

I have read other forum topics about the problem I am having (a blinking red icon in my windows quickstart menu). I continually have the process cool.exe popping up and it's making a strange "clicky" sound from my cpu-- sort of like the sound you get when you're about to access dialup.Anyhow, I'm a Master's student at a major Canadian university and it's not helping my thesis that I have these constant ads popping up and these malware problems.Any help would be appreciated greatly! Thanks!Logfile of HijackThis v1.99.1Scan saved at 7:05:19 PM, on 18/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\crypserv.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Prevx1\PXAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ishost.exeC:\Program Files\ATI Technol... Read more

A:The Agony Of My Malware Infections

You have no active AntiVirus!Get the free AVG 7 install it, check for updates and run a full scanAVG 7 - http://free.grisoft.com/freeweb.php/doc/2/========================Add remove programs - remove logitech desktop messenger==================You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typi... Read more

Read other 11 answers
RELEVANCY SCORE 46

Please help me with this infection! I have run the following programs with no luck to remove the infection: HitmanPro (Kickstart), Malware Bytes Anti-Rootkit, JRT, ADWcleaner, SuperAntiSpyware, Malware Bytes Anti-Malware and Dr Web Cureit.
 
Any assistance would be greatly appreciated!
 
Here is my DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17037
Run by Mayra at 8:11:46 on 2014-01-30
Microsoft® Windows Vista™ Home Basic   6.0.6000.0.1252.1.1033.18.445.63 [GMT -6:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\AOL\1173975032\ee\aolsoftware.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PR... Read more

A:AGONY - wininit.sys - NTRootKit-K - infection!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/522612 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 25 answers
RELEVANCY SCORE 46

Okay quick run up on how XP boots Boot.ini file loads windows. Most experienced users know the way to check a boot path is the msconfig option from run that is on every windows except win 2000. Start>Run>msconfig>boot.ini. You can change some boot options here and get rid of os's that were deleted with their boot path. But you know what not so on Vista, it uses a whole new system called bcdedit.exe I believe that boot.ini doesn't even see or acknowledge. So to bring you up to speed here's what happened:

I was on the release candidates with build 2600 I tried to install it to my 2nd spindled drive. A totally seperate physical drive I labeled as F:. It wouldn't work it would give the black screen of death with no blinking cursor, no nothing, just my monitor looking at me saying "I'm glowing amber on my led what are you going to do?". Obviously install Norton Partition Magic and make room for it on the main drive.

So now I stretch out room on my C: for two more partitions. Another Primary I label G: and an extended volume I label as H:. Guess what Vista RC1 build 2600 works great! I get a dual boot option after the motherboard logo goes away and it will default to Vista but I can also choose Vista...... for about 2 weeks then the same pill looking icon Windows says to install for protection starts causing problems, I think the thing was PC Chillin or something like that. I uninstall it, RC1 kind of works but inevitably something is ... Read more

A:Dual Booting and the agony of Vista

Read other 14 answers
RELEVANCY SCORE 45.2

A client brought in his laptop a few days back saying it wouldn't start up anymore. I took a look..

When turning on the laptop, I am presented with a HP login screen requesting a fingerprint or password. This password is known, we type it in and get a windows error stating that the bootloader is corrupt.

I figured this would be easy enough - simply repair the bootloader. I booted off of the windows 8 disk and tried startup repair. Startup repair failed, because it could not access the drive the OS is installed on.

I decide to look up what the HP login screen post-bios is all about. It turns out HP Protect Tools was used to encrypt the partition the OS and my clients (important!) data is on. I later found out that messing with the bootloader on a drive encrypted with HP's software can mess things up further, so I'm glad in a way that the windows DVD repair options didn't function.

I searched online for ways to recover the data and found a way to perhaps rescue the files here:
ftp://ftp.hp.com/ftp1/pub/caps-softpaq/TCE&Q/
However, this method requires the backup encryption key (typcially saved to usb) to work.

Now here comes the fun stuff. The guy this laptop belongs was not aware that his drive was encrypted and didn't even know it was installed.. His laptop was originally installed at his companies main office, so we turned there to get the key file required to unlock the files on the drive. They don't have the backup encryption key. Brilliant.

Oh, did I mention tha... Read more

A:Hp Protect tools plus corrupt bootloader = agony

Any settings in BIOS for this HP Protect Tools?
Would a Live Linux see the data? You can try Linux Mint MATE for this purpose.

Read other 6 answers