Clean bill of Health?

Comments

• Veka Finland

  May 2008 edited May 2008

  Hi ntd69. Please post a fresh HijackThis log.

  0
• ntd69 Malmö, SWE

  May 2008 edited May 2008

  Heres the new log from Hijackthis...thanks for your attention in this matter
  Regards
  Nick
  
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 09:32, on 2008-05-17
  Platform: Windows Vista (WinNT 6.00.1904)
  MSIE: Internet Explorer v7.00 (7.00.6000.16643)
  Boot mode: Normal
  Running processes:
  C:\Windows\System32\smss.exe
  C:\Windows\system32\csrss.exe
  C:\Windows\system32\csrss.exe
  C:\Windows\system32\wininit.exe
  C:\Windows\system32\services.exe
  C:\Windows\system32\winlogon.exe
  C:\Windows\system32\lsass.exe
  C:\Windows\system32\lsm.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\SLsvc.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  C:\Windows\System32\spoolsv.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\taskeng.exe
  C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
  C:\Program Files\Spyware Doctor\pctsAuxs.exe
  C:\Program Files\Spyware Doctor\pctsSvc.exe
  C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
  C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\system32\SearchIndexer.exe
  C:\Windows\system32\DRIVERS\xaudio.exe
  C:\Windows\system32\WUDFHost.exe
  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
  C:\Windows\system32\taskeng.exe
  C:\Windows\system32\Dwm.exe
  C:\Windows\Explorer.EXE
  C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
  C:\Program Files\PestPatrol\PPControl.exe
  C:\Program Files\PestPatrol\CookiePatrol.exe
  C:\Program Files\PestPatrol\PPMemCheck.exe
  C:\Program Files\Spyware Doctor\pctsTray.exe
  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Program Files\Windows Media Player\wmpnetwk.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Windows\system32\taskeng.exe
  C:\Windows\servicing\TrustedInstaller.exe
  C:\Windows\system32\SearchProtocolHost.exe
  C:\Windows\system32\SearchFilterHost.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  C:\Windows\system32\wbem\wmiprvse.exe
  R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
  O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
  O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
  O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O13 - Gopher Prefix:
  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
  O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
  O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
  O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
  O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
  O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
  O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
  O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
  O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
  O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
  O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
  O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
  O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
  O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
  --
  End of file - 7118 bytes

  0
• Veka Finland

  May 2008 edited May 2008

  I don't see an antivirus running.
  
  If you don't have an antivirus program or your current subscription has run out, then download one of the following - they are free!
  
  AntiVir
  AVG Free Edition
  avast! 4 Home Edition
  
  Install and reboot.
  
  After that, please do an online scan with Kaspersky Online Scanner
  Click the Accept button at the end of the page.
  
  Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  

  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

  Copy and paste the report into your next reply

  0
• ntd69 Malmö, SWE

  May 2008 edited May 2008

  Hi Vekarppe
  Re No antivirus running...I have "pest patrol" , "spyware doctor" and Resident teatimer from Spybot S&D. I disabled Pest patrol before the Hijackthis scan...do I require AVG as well? Am saving it as we speak ready to run...furtehr scan to follow as requested,
  Mvh
  Nick

  0
• ntd69 Malmö, SWE

  May 2008 edited May 2008

  Heres the scan requested after AVG download. Will be away for the computer for till tomorrow now...hope this all helps,Mvh
  Nick
  
  KASPERSKY ONLINE SCANNER REPORT
  Saturday, May 17, 2008 12:23:02 PM
  Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
  Kaspersky Online Scanner version: 5.0.98.0
  Kaspersky Anti-Virus database last update: 17/05/2008
  Kaspersky Anti-Virus database records: 780501
  
  
  Scan Settings
  Scan using the following antivirus database extended
  Scan Archives true
  Scan Mail Bases true
  
  Scan Target My Computer
  B:\
  C:\
  D:\
  E:\
  F:\
  I:\
  
  Scan Statistics
  Total number of scanned objects 83621
  Number of viruses found 2
  Number of infected objects 2
  Number of suspicious objects 0
  Duration of the scan process 00:54:39
  
  Infected Object Name Virus Name Last Action
  B:\MUSIC Stuff\Steinberg\Wavelab\System\WAVES\PLUG-INS\C1.DLL Object is locked skipped
  
  B:\MUSIC Stuff\Steinberg\Wavelab\System\WAVES\PLUG-INS\IDR.DLL Object is locked skipped
  
  B:\MUSIC Stuff\Steinberg\Wavelab\System\WAVES\PLUG-INS\L1.DLL Object is locked skipped
  
  B:\MUSIC Stuff\Steinberg\Wavelab\System\WAVES\PLUG-INS\QN.DLL Object is locked skipped
  
  B:\MUSIC Stuff\Steinberg\Wavelab\System\WAVES\PLUG-INS\TV.DLL Object is locked skipped
  
  C:\Boot\BCD Object is locked skipped
  
  C:\Boot\BCD.LOG Object is locked skipped
  
  C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
  
  C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
  
  C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
  
  C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
  
  C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
  
  C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
  
  C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
  
  C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
  
  C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
  
  C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_361.trc Object is locked skipped
  
  C:\ProgramData\avg8\Log\avgcore.log Object is locked skipped
  
  C:\ProgramData\avg8\Log\avglng.log Object is locked skipped
  
  C:\ProgramData\avg8\Log\avgrs.log Object is locked skipped
  
  C:\ProgramData\avg8\Log\avgsched.log Object is locked skipped
  
  C:\ProgramData\avg8\Log\avgsrm.log Object is locked skipped
  
  C:\ProgramData\avg8\Log\avgwd.log Object is locked skipped
  
  C:\ProgramData\avg8\Log\avgwdsvc.log Object is locked skipped
  
  C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
  
  C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.162.Crwl Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.162.gthr Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.ci Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wsb Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010026.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002E.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002F.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010030.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010032.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010034.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010035.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010036.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010037.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010038.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010039.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003A.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003B.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003C.wid Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy347.gthr Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfD42F.tmp Object is locked skipped
  
  C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfD430.tmp Object is locked skipped
  
  C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped
  
  C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
  
  C:\Users\Nick and Erika\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
  
  C:\Users\Nick and Erika\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
  
  C:\Users\Nick and Erika\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
  
  C:\Users\Nick and Erika\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051720080518\index.dat Object is locked skipped
  
  C:\Users\Nick and Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
  
  C:\Users\Nick and Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
  
  C:\Users\Nick and Erika\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
  
  C:\Users\Nick and Erika\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
  
  C:\Users\Nick and Erika\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
  
  C:\Users\Nick and Erika\AppData\Local\Microsoft\Windows\UsrClass.dat{c2b5a8d4-9fa1-11dc-8e69-001a80455320}.TM.blf Object is locked skipped
  
  C:\Users\Nick and Erika\AppData\Local\Microsoft\Windows\UsrClass.dat{c2b5a8d4-9fa1-11dc-8e69-001a80455320}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
  
  C:\Users\Nick and Erika\AppData\Local\Microsoft\Windows\UsrClass.dat{c2b5a8d4-9fa1-11dc-8e69-001a80455320}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
  
  C:\Users\Nick and Erika\AppData\Local\Temp\~DFF061.tmp Object is locked skipped
  
  C:\Users\Nick and Erika\AppData\Local\Temp\~DFF066.tmp Object is locked skipped
  
  C:\Users\Nick and Erika\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
  
  C:\Users\Nick and Erika\NTUSER.DAT Object is locked skipped
  
  C:\Users\Nick and Erika\ntuser.dat.LOG1 Object is locked skipped
  
  C:\Users\Nick and Erika\ntuser.dat.LOG2 Object is locked skipped
  
  C:\Users\Nick and Erika\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
  
  C:\Users\Nick and Erika\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
  
  C:\Users\Nick and Erika\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
  
  C:\Windows\Debug\PASSWD.LOG Object is locked skipped
  
  C:\Windows\Debug\sam.log Object is locked skipped
  
  C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
  
  C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
  
  C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
  
  C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
  
  C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
  
  C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
  
  C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
  
  C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
  
  C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
  
  C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
  
  C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
  
  C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
  
  C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
  
  C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
  
  C:\Windows\SoftwareDistribution\EventCache\{DC9FBE12-C923-42E8-85C7-D5846E67EC77}.bin Object is locked skipped
  
  C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
  
  C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
  
  C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
  
  C:\Windows\System32\catroot2\edb.log Object is locked skipped
  
  C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
  
  C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
  
  C:\Windows\System32\config\COMPONENTS Object is locked skipped
  
  C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
  
  C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
  
  C:\Windows\System32\config\DEFAULT Object is locked skipped
  
  C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
  
  C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
  
  C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
  
  C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
  
  C:\Windows\System32\config\RegBack\SAM Object is locked skipped
  
  C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
  
  C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
  
  C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
  
  C:\Windows\System32\config\SAM Object is locked skipped
  
  C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
  
  C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
  
  C:\Windows\System32\config\SECURITY Object is locked skipped
  
  C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
  
  C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
  
  C:\Windows\System32\config\SOFTWARE Object is locked skipped
  
  C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
  
  C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
  
  C:\Windows\System32\config\SYSTEM Object is locked skipped
  
  C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
  
  C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
  
  C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
  
  C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
  
  C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
  
  C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
  
  C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
  
  C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
  
  C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
  
  C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
  
  C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
  
  C:\Windows\System32\flwrrhcp.exe Object is locked skipped
  
  C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
  
  C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTumstartup.etl Object is locked skipped
  
  C:\Windows\System32\LogFiles\WMI\WdiContextLog.etl.002 Object is locked skipped
  
  C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
  
  C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
  
  C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
  
  C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
  
  C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
  
  C:\Windows\System32\urqPfFvT.dll Object is locked skipped
  
  C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
  
  C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
  
  C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
  
  C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
  
  C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
  
  C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
  
  C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
  
  C:\Windows\System32\_Proxy.dll Infected: Trojan-Proxy.Win32.Agent.ahv skipped
  
  C:\Windows\System32\_ProxyM.dll Infected: Trojan-Proxy.Win32.Agent.ahg skipped
  
  C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
  
  C:\Windows\TEMP\07be30c7-29c4-4229-9fc7-253a5c054f4c.tmp Object is locked skipped
  
  C:\Windows\TEMP\2b6fb792-16c0-4352-9f8e-2d3892864ff7.tmp Object is locked skipped
  
  C:\Windows\TEMP\a55bfd79-d097-40a9-82fb-748da84fe148.tmp Object is locked skipped
  
  C:\Windows\WindowsUpdate.log Object is locked skipped
  
  Scan process completed.

  0
• Veka Finland

  May 2008 edited May 2008

  ntd69 wrote:

  I have "pest patrol" , "spyware doctor" and Resident teatimer from Spybot S&D. I disabled Pest patrol before the Hijackthis scan...do I require AVG as well?

  
  Yes, it is highly recommended.

  0
• ntd69 Malmö, SWE

  May 2008 edited May 2008

  Have installed AVG as per your recommendation...anything nasty in the scans that I can attend too?
  Ha det så bra.
  Nick

  0
• Veka Finland

  May 2008 edited May 2008

  Hi, ntd. Please remove these files
  
  C:\Windows\System32\_Proxy.dll
  C:\Windows\System32\_ProxyM.dll
  
  Let me know if problems occurs (e.g. you can't remove or see the files).
  
  After that, please post a fresh HijackThis log.

  0
• ntd69 Malmö, SWE

  May 2008 edited May 2008

  Hi Vekarppe,
  No luck in locating the two trojans on the log, ie
  
  C:\Windows\System32\_Proxy.dll
  C:\Windows\System32\_ProxyM.dll
  
  Not "seen" in the system32 file, nor on a search of that file.
  The online scan reported these two items found but as I recall, didnt offer a solution to remove them at that time.
  A scan with AVG comes up clear too.
  A little help needed with this step
  Thanks
  Nick
  
  
  
  

  0
• Veka Finland

  May 2008 edited May 2008

  Please do the following...
  [FONT=Verdana,Arial,Helvetica,sans serif][SIZE=-1]
  [/SIZE][/FONT]

  [FONT=Verdana,Arial,Helvetica,sans serif][SIZE=-1]
  [*]Click Start.
  [*]Open Computer.
  [*]Press the ALT key.
  [*]Select the Tools menu and click Folder Options.
  [*]Select the View Tab.
  [*]Under the Hidden files and folders heading select Show hidden files and folders.
  [*]Uncheck the Hide protected operating system files (recommended) option.
  [*]Click Yes to confirm.
  [*]Click OK.[/SIZE][/FONT]
  
  Can you see these files now?
  
  C:\Windows\System32\_Proxy.dll
  C:\Windows\System32\_ProxyM.dll
  
  If you can't, I believe they are gone.

  0
• ntd69 Malmö, SWE

  May 2008 edited May 2008

  Great tip Vekarppe,
  Found them after the changes you reccomended and deleted accordingly.
  Below is the new HJT log.
  Let me know the next step, if any,
  Regards
  Nick
  
  PS. Now that I have installed AVG, do I need all my other software (spybot, pest patrol, spyware doctor etc)? No risk of them interfering with each other?
  
  
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 09:02, on 2008-05-20
  Platform: Windows Vista (WinNT 6.00.1904)
  MSIE: Internet Explorer v7.00 (7.00.6000.16643)
  Boot mode: Normal
  Running processes:
  C:\Windows\System32\smss.exe
  C:\Windows\system32\csrss.exe
  C:\Windows\system32\csrss.exe
  C:\Windows\system32\wininit.exe
  C:\Windows\system32\winlogon.exe
  C:\Windows\system32\services.exe
  C:\Windows\system32\lsass.exe
  C:\Windows\system32\lsm.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\SLsvc.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  C:\Windows\System32\spoolsv.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\taskeng.exe
  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
  C:\PROGRA~1\AVG\AVG8\avgrsx.exe
  C:\Program Files\Spyware Doctor\pctsAuxs.exe
  C:\Program Files\Spyware Doctor\pctsSvc.exe
  C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
  C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\system32\SearchIndexer.exe
  C:\Windows\system32\WUDFHost.exe
  C:\Windows\system32\DRIVERS\xaudio.exe
  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
  C:\Windows\system32\taskeng.exe
  C:\Windows\system32\Dwm.exe
  C:\Windows\Explorer.EXE
  C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
  C:\Windows\system32\SearchProtocolHost.exe
  C:\Program Files\PestPatrol\PPControl.exe
  C:\Program Files\PestPatrol\CookiePatrol.exe
  C:\Program Files\PestPatrol\PPMemCheck.exe
  C:\Program Files\AVG\AVG8\avgtray.exe
  C:\Program Files\Spyware Doctor\pctsTray.exe
  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Program Files\Windows Media Player\wmpnetwk.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Windows\servicing\TrustedInstaller.exe
  C:\Windows\system32\SearchFilterHost.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  C:\Windows\system32\wbem\wmiprvse.exe
  R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
  O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
  O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
  O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O13 - Gopher Prefix:
  O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
  O20 - AppInit_DLLs: avgrsstx.dll
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
  O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
  O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
  O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
  O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
  O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
  O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
  O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
  O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
  O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
  O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
  O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
  O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
  O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
  --
  End of file - 7779 bytes

  0
• ntd69 Malmö, SWE

  May 2008 edited May 2008

  PS: And now the computer keeps shuting down out of the blue, and also going into sleep mode but not coming out on keyboard/mouse activation....please let me know what the scan has to say, if anything.
  Thanks
  Nick

  0
• Veka Finland

  May 2008 edited May 2008

  Hi ntd69, that might be a sign of malware issue. Not sure.
  
  Please download Deckard's System Scanner (DSS) and save it to your Desktop.

  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  0
• ntd69 Malmö, SWE

  May 2008 edited May 2008

  Good Morning Vekarppe,
  Here are the scans as requested....I seem to have cured its "sleeping sickness" by deleting all the personalised power savings and flashing the BIOS from the Vaio website....Happy reading
  NtD
  
  Deckard's System Scanner v20071014.68
  Run by Nick and Erika on 2008-05-23 09:27:44
  Computer is in Normal Mode.

  ---

  -- Last 3 Restore Point(s) --
  3: 2008-05-23 07:21:28 UTC - RP415 - Windows Update
  2: 2008-05-22 13:35:07 UTC - RP414 - Scheduled Checkpoint
  1: 2008-05-21 17:05:19 UTC - RP413 - Windows Vista Service Pack 1
  
  Backed up registry hives.
  Performed disk cleanup.
  
  -- HijackThis (run as Nick and Erika.exe)

  ---

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 09:29, on 2008-05-23
  Platform: Windows Vista SP1 (WinNT 6.00.1905)
  MSIE: Internet Explorer v7.00 (7.00.6001.18000)
  Boot mode: Normal
  Running processes:
  C:\Windows\System32\smss.exe
  C:\Windows\system32\csrss.exe
  C:\Windows\system32\csrss.exe
  C:\Windows\system32\wininit.exe
  C:\Windows\system32\winlogon.exe
  C:\Windows\system32\services.exe
  C:\Windows\system32\lsass.exe
  C:\Windows\system32\lsm.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\SLsvc.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  C:\Windows\System32\spoolsv.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\taskeng.exe
  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
  C:\PROGRA~1\AVG\AVG8\avgrsx.exe
  C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
  C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\system32\SearchIndexer.exe
  C:\Windows\system32\DRIVERS\xaudio.exe
  C:\Windows\system32\WUDFHost.exe
  C:\Windows\system32\taskeng.exe
  C:\Windows\system32\Dwm.exe
  C:\Windows\Explorer.EXE
  C:\Program Files\Apoint\Apoint.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Program Files\Apoint\ApMsgFwd.exe
  C:\Program Files\Windows Media Player\wmpnetwk.exe
  C:\Program Files\Apoint\Apntex.exe
  C:\Windows\System32\svchost.exe
  C:\Users\Nick and Erika\Desktop\dss.exe
  C:\Windows\system32\wbem\wmiprvse.exe
  C:\Windows\system32\vssvc.exe
  C:\Windows\system32\conime.exe
  C:\PROGRA~1\TRENDM~1\HIJACK~1\Nick and Erika.exe
  C:\Windows\system32\SearchProtocolHost.exe
  C:\Windows\system32\SearchFilterHost.exe
  R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
  O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
  O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
  O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
  O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
  O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
  O13 - Gopher Prefix:
  O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
  O20 - AppInit_DLLs: avgrsstx.dll
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
  O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
  O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
  O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
  O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
  O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
  O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
  O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
  O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
  O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
  O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
  O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
  O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
  --
  End of file - 6865 bytes
  -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\)

  ---

  backup-20080510-182311-826 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqPfFvT.dll,#1
  -- File Associations

  ---

  .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
  
  -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

  ---

  R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
  R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
  R3 RegKill - c:\windows\system32\drivers\regkill.sys <Not Verified; Elaborate Bytes; DVD Region Killer>
  S3 UKS11LDR (Midiman USB Keystation Loader) - c:\windows\system32\drivers\uks11ldr.sys <Not Verified; MIDIMAN; Midiman USB Keystation Loader>
  S3 USBKS1X1 (Midiman USB Keystation USB Driver) - c:\windows\system32\drivers\usbks1x1.sys <Not Verified; Doug Fetter Software Wizardry; Midiman USB Keystation Midi Interface>
  S3 USBMIDIM (Midiman USB MidiSport Midi Kernel Driver) - c:\windows\system32\drivers\usbmidim.sys <Not Verified; Doug Fetter Software Wizardry; USB MidiSport Midi Interface>
  
  -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

  ---

  R2 QBCFMonitorService (QuickBooks Database Manager Service) - "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe"
  S3 PACSPTISVR - c:\program files\common files\sony shared\avlib\pacsptisvr.exe <Not Verified; ; PACSPTISVR Module>
  S3 QBFCService (Intuit QuickBooks FCS) - "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe" <Not Verified; Intuit Inc.; QuickBooks 2007>
  
  -- Device Manager: Disabled

  ---

  No disabled devices found.
  
  -- Scheduled Tasks

  ---

  2008-05-23 09:18:17 456 --a

  ---

  C:\Windows\Tasks\RegCure Program Check.job
  2008-05-23 09:15:40 468 --a

  ---

  C:\Windows\Tasks\Vaio Service Utility.job
  2008-01-31 05:44:28 390 --a

  ---

  C:\Windows\Tasks\RegCure.job
  
  -- Files created between 2008-04-23 and 2008-05-23

  ---

  2008-05-21 19:58:39 0 dr

  ---

  C:\Users\Nick and Erika\Contacts
  2008-05-19 11:41:08 408576 --a

  ---

  C:\Windows\system32\Smab.dll
  2008-05-19 11:41:07 719872 --a

  ---

  C:\Windows\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
  2008-05-19 11:41:06 318976 --a

  ---

  C:\Windows\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
  2008-05-19 11:41:04 66560 --a

  ---

  C:\Windows\MOTA113.exe
  2008-05-19 11:41:03 70656 --a

  ---

  C:\Windows\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
  2008-05-19 11:41:03 27648 --a

  ---

  C:\Windows\system32\AVSredirect.dll
  2008-05-19 11:41:02 70656 --a

  ---

  C:\Windows\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
  2008-05-19 11:40:58 217073 --a

  ---

  C:\Windows\meta4.exe
  2008-05-19 11:40:57 0 d

  ---

  C:\Program Files\AviSynth 2.5
  2008-05-19 11:40:48 27648 ---hs---- C:\Windows\system32\Smab0.dll
  2008-05-19 11:40:47 31232 -r-hs---- C:\Windows\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
  2008-05-19 11:40:47 163328 -r-hs---- C:\Windows\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
  2008-05-19 11:40:44 0 d

  ---

  C:\Program Files\eRightSoft
  2008-05-18 17:20:01 383238 --a

  ---

  C:\Windows\system32\libmp3lame-0.dll
  2008-05-17 12:43:12 0 d--h

  ---

  C:\$AVG8.VAULT$
  2008-05-17 10:43:43 0 d

  ---

  C:\Windows\system32\Kaspersky Lab
  2008-05-17 10:33:35 0 d

  ---

  C:\Windows\system32\drivers\Avg
  2008-05-17 10:33:31 0 d

  ---

  C:\Program Files\AVG
  2008-05-11 17:41:06 118784 --a

  ---

  C:\Windows\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
  2008-05-11 17:41:06 0 d

  ---

  C:\Program Files\SpywareBlaster
  2008-05-11 10:59:28 0 d

  ---

  C:\Program Files\Lavasoft
  2008-05-11 10:58:22 0 d

  ---

  C:\Program Files\Common Files\Wise Installation Wizard
  2008-05-10 18:21:19 0 d

  ---

  C:\Program Files\Trend Micro
  2008-05-10 16:05:23 68096 --a

  ---

  C:\Windows\zip.exe
  2008-05-10 16:05:23 49152 --a

  ---

  C:\Windows\VFind.exe
  2008-05-10 16:05:23 136704 --a

  ---

  C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
  2008-05-10 16:05:23 161792 --a

  ---

  C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
  2008-05-10 16:05:23 98816 --a

  ---

  C:\Windows\sed.exe
  2008-05-10 16:05:23 80412 --a

  ---

  C:\Windows\grep.exe
  2008-05-10 16:05:23 73728 --a

  ---

  C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
  2008-05-10 10:54:33 0 d

  ---

  C:\Program Files\Spyware Doctor
  2008-04-27 12:58:34 0 d

  ---

  C:\Program Files\Microsoft CAPICOM 2.1.0.2
  
  -- Find3M Report

  ---

  2008-05-23 09:18:08 0 d

  ---

  C:\Program Files\PestPatrol
  2008-05-22 23:35:28 0 d

  ---

  C:\Users\Nick and Erika\AppData\Roaming\BitTorrent
  2008-05-22 18:23:59 0 d

  ---

  C:\Users\Nick and Erika\AppData\Roaming\Skype
  2008-05-22 16:05:35 0 d

  ---

  C:\Users\Nick and Erika\AppData\Roaming\skypePM
  2008-05-21 19:56:38 174 --ahs---- C:\Program Files\desktop.ini
  2008-05-21 19:36:04 0 d

  ---

  C:\Program Files\Windows Calendar
  2008-05-21 19:36:03 0 d

  ---

  C:\Program Files\Windows Sidebar
  2008-05-21 19:36:03 0 d

  ---

  C:\Program Files\Movie Maker
  2008-05-21 19:35:59 0 d

  ---

  C:\Program Files\Windows Mail
  2008-05-21 19:35:55 0 d

  ---

  C:\Program Files\Windows Photo Gallery
  2008-05-21 19:35:46 0 d

  ---

  C:\Program Files\Windows Defender
  2008-05-19 13:10:00 0 d--h

  ---

  C:\Program Files\InstallShield Installation Information
  2008-05-19 13:05:45 0 d

  ---

  C:\Program Files\Common Files
  2008-05-18 17:16:00 0 d

  ---

  C:\Users\Nick and Erika\AppData\Roaming\STOIK
  2008-05-10 10:54:33 0 d

  ---

  C:\Users\Nick and Erika\AppData\Roaming\PC Tools
  2008-05-09 09:52:08 0 d

  ---

  C:\Program Files\dvdSanta
  2008-04-27 13:01:07 0 d

  ---

  C:\Program Files\Microsoft SQL Server
  2008-04-18 10:06:16 0 d

  ---

  C:\Program Files\MetaTrader 4
  2008-03-25 23:11:51 0 d

  ---

  C:\Users\Nick and Erika\AppData\Roaming\Personal
  2008-03-25 23:08:49 0 d

  ---

  C:\Users\Nick and Erika\AppData\Roaming\Netscape
  2008-03-25 23:08:49 0 d

  ---

  C:\Users\Nick and Erika\AppData\Roaming\Mozilla
  2008-03-25 23:08:49 0 d

  ---

  C:\Program Files\Personal
  
  -- Registry Dump

  ---

  *Note* empty entries & legit default entries are not shown
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 12:49]
  "CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 10:35]
  "PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 09:53]
  "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-17 10:33]
  "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2006-11-13 15:32]
  "RtHDVCpl"="RtHDVCpl.exe" [2007-02-05 15:22 C:\Windows\RtHDVCpl.exe]
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  "ConsentPromptBehaviorAdmin"=2 (0x2)
  "EnableLUA"=0 (0x0)
  "HideLegacyLogonScripts"=0 (0x0)
  "HideLogoffScripts"=0 (0x0)
  "RunLogonScriptSync"=1 (0x1)
  "RunStartupScriptSync"=1 (0x1)
  "HideStartupScripts"=0 (0x0)
  "DisableRegistryTools"=0 (0x0)
  "EnableUIADesktopToggle"=0 (0x0)
  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
  "HideLegacyLogonScripts"=0 (0x0)
  "HideLogoffScripts"=0 (0x0)
  "RunLogonScriptSync"=1 (0x1)
  "RunStartupScriptSync"=1 (0x1)
  "HideStartupScripts"=0 (0x0)
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
  VESWinlogon.dll 2007-02-14 01:19 98304 C:\Windows\System32\VESWinlogon.dll
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
  "appinit_dlls"=avgrsstx.dll
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
  @=&quot;Service"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
  @=&quot;Service"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
  @=&quot;Service"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
  @=&quot;Service"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
  @=&quot;Service"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
  @=&quot;Service"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
  @=&quot;Service"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
  @=&quot;Service"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
  @=&quot;Service"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
  @=&quot;Service"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
  @=&quot;Service"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
  @=&quot;Driver"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
  @=&quot;Driver"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
  @=&quot;Volume shadow copy"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
  @=&quot;IEEE 1394 Bus host controllers"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
  @=&quot;SBP2 IEEE 1394 Devices"
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
  @=&quot;SecurityDevices"
  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
  "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
  "AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
  "ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
  "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
  "<NO NAME>"=
  "NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  "Apoint"=C:\Program Files\Apoint\Apoint.exe
  "BMc9b11c37"=Rundll32.exe "C:\Windows\system32\ifvumgbc.dll",s
  "ca822fab"=rundll32.exe "C:\Windows\system32\blmjnojc.dll",b
  "MSServer"=rundll32.exe C:\Windows\system32\fccDwXpq.dll,#1
  "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe"
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
  LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
  
  [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
  C:\Windows\system32\unregmp2.exe /ShowWMP
  [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
  %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
  
  -- Hosts

  ---

  127.0.0.1 007guard.com
  127.0.0.1 www.007guard.com
  127.0.0.1 008i.com
  127.0.0.1 008k.com
  127.0.0.1 www.008k.com
  127.0.0.1 00hq.com
  127.0.0.1 www.00hq.com
  127.0.0.1 010402.com
  127.0.0.1 032439.com
  127.0.0.1 www.032439.com
  8378 more entries in hosts file.
  
  -- End of Deckard's System Scanner: finished at 2008-05-23 09:32:15

  ---

  0
• ntd69 Malmö, SWE

  May 2008 edited May 2008

  and the "Extra" one....
  
  Deckard's System Scanner v20071014.68
  Extra logfile - please post this as an attachment with your post.

  ---

  -- System Information

  ---

  Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
  Architecture: X86; Language: English
  CPU 0: Intel(R) Core(TM) Duo CPU T2450 @ 2.00GHz
  Percentage of Memory in Use: 39%
  Physical Memory (total/avail): 2037.45 MiB / 1240.92 MiB
  Pagefile Memory (total/avail): 3494.72 MiB / 2667.06 MiB
  Virtual Memory (total/avail): 2047.88 MiB / 1905.99 MiB
  B: is Fixed (NTFS) - 49.32 GiB total, 41.39 GiB free.
  C: is Fixed (NTFS) - 55.86 GiB total, 23.92 GiB free.
  D: is Removable (No Media)
  E: is Removable (No Media)
  F: is CDROM (No Media)
  I: is CDROM (No Media)
  [URL="file://\\.\PHYSICALDRIVE1"]\\.\PHYSICALDRIVE1[/URL] - MemoryStick0 Device
  [URL="file://\\.\PHYSICALDRIVE2"]\\.\PHYSICALDRIVE2[/URL] - SD1 Device
  [URL="file://\\.\PHYSICALDRIVE0"]\\.\PHYSICALDRIVE0[/URL] - FUJITSU MHW2120BH ATA Device - 111.79 GiB - 3 partitions
  \PARTITION0 - Unknown - 6.61 GiB
  \PARTITION1 (bootable) - Installable File System - 55.86 GiB - C:
  \PARTITION2 - Installable File System - 49.32 GiB - B:
  
  -- Security Center

  ---

  AUOptions is scheduled to auto-install.
  Windows Internal Firewall is enabled.
  AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
  AS: Spyware Doctor v5.5.0.212 (PC Tools) Disabled
  AS: AVG Anti-Virus Free v8.0 (AVG Technologies) Disabled
  AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.)
  AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
  [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
  [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
  "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
  
  -- Environment Variables

  ---

  ALLUSERSPROFILE=C:\ProgramData
  APPDATA=C:\Users\Nick and Erika\AppData\Roaming
  CommonProgramFiles=C:\Program Files\Common Files
  COMPUTERNAME=NICKSLAPTOP
  ComSpec=C:\Windows\system32\cmd.exe
  FP_NO_HOST_CHECK=NO
  HOMEDRIVE=C:
  HOMEPATH=\Users\Nick and Erika
  LOCALAPPDATA=C:\Users\Nick and Erika\AppData\Local
  LOGONSERVER=\\NICKSLAPTOP
  NUMBER_OF_PROCESSORS=2
  OS=Windows_NT
  Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
  PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
  PROCESSOR_ARCHITECTURE=x86
  PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
  PROCESSOR_LEVEL=6
  PROCESSOR_REVISION=0e0c
  ProgramData=C:\ProgramData
  ProgramFiles=C:\Program Files
  PROMPT=$P$G
  PUBLIC=C:\Users\Public
  SESSIONNAME=Console
  SystemDrive=C:
  SystemRoot=C:\Windows
  TEMP=C:\Users\NICKAN~1\AppData\Local\Temp
  TMP=C:\Users\NICKAN~1\AppData\Local\Temp
  USERDOMAIN=Nickslaptop
  USERNAME=Nick and Erika
  USERPROFILE=C:\Users\Nick and Erika
  windir=C:\Windows
  
  -- User Profiles

  ---

  Nick and Erika (admin)
  
  -- Add/Remove Programs

  ---

  Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
  Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
  Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
  Alps Pointing-device for VAIO --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
  AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe"
  AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
  BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe
  CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
  DivxToDVD 0.5.2b --> "C:\Program Files\vso\DivxToDVD\unins000.exe"
  DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
  DVD Region Killer --> "C:\Program Files\Elaborate Bytes\DVD Region Killer\regkill-uninst.exe" /D="C:\Program Files\Elaborate Bytes\DVD Region Killer"
  DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
  dvdSanta 4.50 --> "C:\Program Files\dvdSanta\unins000.exe"
  ffdshow (remove only) --> "C:\Program Files\ffdshow\uninstall.exe"
  HDAUDIO SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200\HXFSETUP.EXE -U -ISnSZIRXz.inf
  HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
  Intel(R) Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
  Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
  Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
  Marvell Miniport Driver --> C:\Program Files\Marvell\Miniport Driver\Uninst.exe
  MetaTrader 4.00 --> "C:\Program Files\MetaTrader 4\Uninstall.exe" "C:\Program Files\MetaTrader 4\install.log"
  Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
  Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
  Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
  Microsoft SQL Server 2005 --> "C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
  Microsoft SQL Server 2005 Express Edition (VAIO_VEDB) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
  Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
  Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
  Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
  Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
  Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
  MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
  MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
  MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
  OpenMG Limited Patch 4.7-07-13-24-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-13-24-01\HotFixSetup\setup.exe /u
  OpenMG Secure Module 4.7.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
  Personal 4.5.2 --> "C:\Program Files\Personal\bin\persinst.exe" -u
  QuickBooks Product Listing Service --> MsiExec.exe /I{91208A47-5D08-4C79-986F-1931940F51BB}
  Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
  RegCure 1.3.0.2 --> C:\Program Files\RegCure\uninst.exe
  Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
  Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
  Setting Utility Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59452470-A902-477F-9338-9B88101681BD}\SETUP.exe" -l0x9 UNINSTALL -removeonly
  Simple Start Entice --> MsiExec.exe /I{337CBC16-F6F3-411A-9A3F-DB21C57BFDFD}
  Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
  Sony Utilities DLL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\SETUP.exe" -l0x9 -removeonly
  Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
  SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
  SUPER © Version 2008.bld.30 (Mar 22, 2008) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
  VAIO Help And Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D716354-2C08-48DC-9AC5-957348048817}\SETUP.exe" -l0x9 -removeonly
  VAIO Media 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}\setup.exe" -l0x9 UNINSTALL -removeonly
  VAIO Media AC3 Decoder 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x9 UNINSTALL
  VAIO Media Content Collection 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{500162A0-4DD5-460A-BAFD-895AAE48C532}\setup.exe" -l0x9 UNINSTALL -removeonly
  VAIO Media Integrated Server 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{785EB1D4-ECEC-4195-99B4-73C47E187721}\setup.exe" -l0x9 UNINSTALL -removeonly
  VAIO Media Redistribution 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}\setup.exe" -l0x9 UNINSTALL -removeonly
  VAIO Media Registration Tool 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x9 UNINSTALL -removeonly
  VAIO OOBE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B500D37-E7CF-480B-8054-8A563594EC4E}\SETUP.exe" -l0x9 -removeonly
  VAIO Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E319E96-ED8E-4B01-9775-C521A1869A25}\SETUP.exe" -l0x9 UNINSTALL -removeonly
  VAIO Security Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}\setup.exe" -l0x9 -removeonly
  VAIO Service Utility --> C:\Program Files\Sony\VAIO Service Utility\uninstall.exe
  VAIO Video & Photo Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}\setup.exe" -l0x9 -removeonly
  VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
  WinDVD for VAIO --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
  WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
  Wireless Switch Setting Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}\setup.exe" -l0x9 -removeonly
  
  -- Application Event Log

  ---

  Event Record #/Type119328 / Success
  Event Submitted/Written: 05/23/2008 09:16:09 AM
  Event ID/Source: 5617 / WinMgmt
  Event Description:
  
  Event Record #/Type119327 / Success
  Event Submitted/Written: 05/23/2008 09:16:04 AM
  Event ID/Source: 5615 / WinMgmt
  Event Description:
  
  Event Record #/Type119324 / Warning
  Event Submitted/Written: 05/23/2008 09:16:04 AM
  Event ID/Source: 3 / SQLBrowser
  Event Description:
  The configuration of the AdminConnection\TCP protocol in the SQL instance VAIO_VEDB is not valid.
  Event Record #/Type119301 / Error
  Event Submitted/Written: 05/23/2008 09:15:56 AM
  Event ID/Source: 3409 / MSSQL$VAIO_VEDB
  Event Description:
  Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.
  Event Record #/Type119300 / Error
  Event Submitted/Written: 05/23/2008 09:15:56 AM
  Event ID/Source: 8315 / MSSQL$VAIO_VEDB
  Event Description:
  SQL Server performance counter 'Logreaderdelivered Trans/sec' not found in registry. SQL Server performance counters are disabled.
  
  -- Security Event Log

  ---

  No Errors/Warnings found.
  
  -- System Event Log

  ---

  Event Record #/Type134082 / Error
  Event Submitted/Written: 05/23/2008 09:16:51 AM
  Event ID/Source: 7000 / Service Control Manager
  Event Description:
  Parallel port driver%%1058
  Event Record #/Type134044 / Error
  Event Submitted/Written: 05/23/2008 09:15:40 AM
  Event ID/Source: 15016 / HTTP
  Event Description:
  \Device\Http\ReqQueueKerberos
  Event Record #/Type134041 / Error
  Event Submitted/Written: 05/23/2008 09:15:07 AM
  Event ID/Source: 49 / volmgr
  Event Description:
  Configuring the Page file for crash dump failed. Make sure there is a page
  file on the boot partition and that is large enough to contain all physical
  memory.
  Event Record #/Type134032 / Error
  Event Submitted/Written: 05/23/2008 09:14:55 AM
  Event ID/Source: 49 / volmgr
  Event Description:
  Configuring the Page file for crash dump failed. Make sure there is a page
  file on the boot partition and that is large enough to contain all physical
  memory.
  Event Record #/Type134027 / Warning
  Event Submitted/Written: 05/22/2008 11:36:18 PM
  Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
  Event Description:
  
  
  -- End of Deckard's System Scanner: finished at 2008-05-23 09:32:15

  ---

  Happy reading,
  Regards
  NtD

  0
• Veka Finland

  May 2008 edited May 2008

  Hello,
  
  Please download the OTMoveIt2 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    

    C:\Windows\system32\ifvumgbc.dll
    C:\Windows\system32\blmjnojc.dll
    C:\Windows\system32\fccDwXpq.dll
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\BMc9b11c37
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\ca822fab
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\MSServer
    

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2

  If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  
  ==================================
  
  Please download and run HostsXpert
  Click the "Restore MS Hosts" -button.
  
  This will restore your Hosts file.
  
  After that, you can remove HostsXpert.

  0
• ntd69 Malmö, SWE

  May 2008 edited May 2008

  Hi Vekarppe,
  Heres the Movit log as per request.
  
  File/Folder C:\Windows\system32\ifvumgbc.dll not found.
  File/Folder C:\Windows\system32\blmjnojc.dll not found.
  File/Folder C:\Windows\system32\fccDwXpq.dll not found.
  < HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\BMc9b11c37 >
  Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\BMc9b11c37 deleted successfully.
  < HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\ca822fab >
  Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\ca822fab deleted successfully.
  < HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\MSServer >
  Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\MSServer deleted successfully.
  
  OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05262008_152315
  Looks like it couldnt find the first 3.
  
  Re: HostsXpert. on pressing the restore MSHost button I get the error message "Cannot create file
  C:\\Windows\system32\DRIVERS\ETC\hosts...hope this isnt a problem for later!
  
  Let me know whats next and thanks again for your time on this.
  Regards
  Nick

  0
• Veka Finland

  May 2008 edited May 2008

  Hello.
  
  
  Please temporarily turn off the UAC
  
  http://www.petri.co.il/disable_uac_in_windows_vista.htm
  
  Use method 4 (Using Control Panel)
  
  Remember reboot!
  
  
  After that open your hosts file in Notepad by doing following
  
  Click Start (Windows button) and write Run
  
  Copy & paste into text box
  
  notepad C:\Windows\System32\drivers\etc\hosts
  
  Hit OK
  
  Hosts file shoud open now. Using copy & paste, replace its contents with one below:
  

  # Copyright (c) 1993-2006 Microsoft Corp.
  #
  # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
  #
  # This file contains the mappings of IP addresses to host names. Each
  # entry should be kept on an individual line. The IP address should
  # be placed in the first column followed by the corresponding host name.
  # The IP address and the host name should be separated by at least one
  # space.
  #
  # Additionally, comments (such as these) may be inserted on individual
  # lines or following the machine name denoted by a '#' symbol.
  #
  # For example:
  #
  #      102.54.94.97     rhino.acme.com          # source server
  #       38.25.63.10     x.acme.com              # x client host
  
  127.0.0.1       localhost
  ::1             localhost
  

  Save the file
  Please let me know if any problems occurs.
  
  Turn the UAC on (see the link above).

  0
• ntd69 Malmö, SWE

  May 2008 edited May 2008

  Hi Vekarppe,
  No luck I am afraid.....opened up the hostfile, removed contents and replaced as per your instruction but would not save.....box with "Cant save the file.....C:\\Windows\system32\DRIVERS\ETC\hosts".
  What shall we do now?
  Regards
  Nick

  0
• Veka Finland

  June 2008 edited June 2008

  Please re-run HostsXpert, but this time as administrator. Right click the icon and select Run as Administrator. Click the "Restore MS Hosts" -button. Does it works now?

  0
• ntd69 Malmö, SWE

  June 2008 edited June 2008

  Hi Vekarppe
  Still no joy re changing/restoring host as per your methods. Same problem as the first time you asked me to do this step; on pressing the restore MSHost button I still get the error message "Cannot create file
  C:\\Windows\system32\DRIVERS\ETC\hosts...even as run as administrator.
  Also, no joy still re the cut and paste idea you had a couple of days ago
  Any other approach to cure my ills?
  Thanks again for your time
  Regards
  Nick

  0
• ntd69 Malmö, SWE

  June 2008 edited June 2008

  PS An update...
  Have now managed to save the text file that you provided in the the drivers\etc\hosts.txt. BUT still cant restore MS host using the HostXpert as it states that it cannot create file C:\\Windows\system32\DRIVERS\ETC\hosts....The actual windows file is saved as small letters ie "drivers\etc\hosts" but the programme says it cant create create file "DRIVERS\ETC\hosts" ie with capital letters...not sure why...is this the root of the problem here?
  Regards
  NtD

  0
• Veka Finland

  June 2008 edited June 2008

  I hope this helps
  
  How to edit the HOSTS file in Vista?
  
  Q: I have been trying to edit my HOSTS file to stop certain advertisements from showing, however, when I try to save it, I receive a message that states I do not have permission to edit this file. I am the administrator, so how can I successfully edit this file in Windows Vista?
  
  A: You will have to run the text editor (NOTEPAD) as administrator. Simply right click the program and select "Run as administrator" from the resulting menu. Now you can edit the HOSTS file.

  0
• ntd69 Malmö, SWE

  June 2008 edited June 2008

  Hi Verkarppe,
  As per my last post (1st June 7.35pm) , I have already successfully edited my HOSTS file and restored it to normal again. What I would like is to know if I now have a "clean bill of health"....would you like me to rescan or is this now over?
  regards
  Nick

  0
• Veka Finland

  June 2008 edited June 2008

  Oh my mistake :P
  
  Please do an re-scan with Kaspersky Online Scanner
  Click the Accept button at the end of the page.
  
  Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  
  

  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

  
  Copy and paste the report into your next reply

  0
• ntd69 Malmö, SWE

  June 2008 edited June 2008

  Hi
  No joy with the scan..it fails to "update" the the virus database...have tried on 9 different occasions, having uninstalled the scanner after the first time we used it...any other tools you can recommend to check if clean?
  NtD

  0
• ntd69 Malmö, SWE

  June 2008 edited June 2008

  PS Furthermore...
  SKYPE when opening was stateing some sort of error which I had never seen before, so I unistalled Skype completely with a view to reinstalling....No joy with that either, Skpe cant install with a message "not enough room on disk"....theres 30Gbs space on C drive alone!
  Confused now...is this and above all linked somehow?
  Regards
  NtD

  0
• ntd69 Malmö, SWE

  June 2008 edited June 2008

  Even furthermore....
  Managed to actually download all compontents of Kaspersky scanner, run the scan but it would NOT let me save it to any folder other than the temp internet files folder "for my computers safety". BUT nothing saved in that file at all-tried several times with no success.
  Things just dont seem to be running smoothly anymore.
  What can I do?
  Regards
  Nick

  0
• Nuppi South Ostrobothnia (Finland)

  June 2008 edited June 2008

  Hi ntd69
  
  Vekarppe is away some time and he ask me to help you
  
  However, your problem is new to me, so I have to ask some friends if they knows
  
  Tell is problem stil there ?
  
  Have you tried to run hard drive defagmentation ?

  0
• ntd69 Malmö, SWE

  June 2008 edited June 2008

  Hi Nuppi
  Yeah the computer does seem to be behaving rather erratically....programmes that once ran smoothly dont even open, for example.
  I had a Virtumonde (?) system 32.dll infection (huge cPUsage and very slow internet) that I thought I had ressolved but want reassurance that all was clean from you guys.
  Ran the usual pre thread scans and several steps later, things seem to be more erratic than when I started.
  I can seem to down load the Online kaspersky scanner at all now, and skype doesnt function either.
  Been getting strange shutdowns too....all in all, am thinking of a re-install if things dont improve.
  Fragment every week...the last time yesturday (to answer your Q)-do let me know if theres any logs etc I can supply at this time to aid you diagnosis.
  Mvh
  NtD

  0