1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Most major search engines wont work, need help

Discussion in 'Virus & Other Malware Removal' started by Moots123, Apr 15, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Moots123

    Moots123 Thread Starter

    Joined:
    Apr 15, 2008
    Messages:
    2
    Almost all the major search engines wont work for me any more including google,yahoo,ask,answers, and alstavista. I have tried them all in 3 different browers including firefox,IE, and opera. I know it some kind of virus or spyware, but none of my scanners have gotten rid of it, ive tried spyware doctor and avg. Someone plz help me, i use google to answer all my questions! lol

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:18:10 AM, on 4/14/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Ventrilo\Ventrilo.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqRKbay.dll,#1
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [BMe1c760b6] Rundll32.exe "C:\Windows\system32\alehrkxc.dll",s
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WindowBlinds] C:\Program Files\AlienGUIse\wbload.exe auto
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 7204 bytes
     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, Moots123 :)

    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.

    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqRKbay.dll,#1
    O4 - HKLM\..\Run: [BMe1c760b6] Rundll32.exe "C:\Windows\system32\alehrkxc.dll",s


    Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

    Close Hijackthis.
    • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      [kill explorer]
      C:\Windows\system32\urqRKbay.dll
      C:\Windows\system32\alehrkxc.dll
      [start explorer]
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    [​IMG]Download Deckard's System Scanner (DSS) from here or here to your Desktop. Note: You must be logged onto an account with administrator privileges.
    1. Close all applications and windows.
    2. Double-click on dss.exe to run it, and follow the prompts.
    3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both, the main.txt and the extra.txt in your next reply.
    If the files are too long, attach them to a reply:
    1. Scroll down and click the [Manage Attachments] button
    2. Browse to the following folder:
      • C:\Deckard\System Scanner
    3. Click Upload to upload these files one by one
    4. Submit your reply
     
  3. Moots123

    Moots123 Thread Starter

    Joined:
    Apr 15, 2008
    Messages:
    2
    Here is the otmoveit results

    File/Folder not found.
    File/Folder C:\Windows\system32\urqRKbay.dll not found.
    DllUnregisterServer procedure not found in C:\Windows\system32\alehrkxc.dll
    C:\Windows\system32\alehrkxc.dll NOT unregistered.
    C:\Windows\system32\alehrkxc.dll moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04152008_092928


    And here is the main dss results

    Deckard's System Scanner v20071014.68
    Run by Drew on 2008-04-15 09:32:21
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- Last 5 Restore Point(s) --
    14: 2008-04-15 10:38:52 UTC - RP120 - Windows Update
    13: 2008-04-15 10:30:33 UTC - RP119 - Installed AVG 8.0
    12: 2008-04-15 10:27:48 UTC - RP118 - Removed AVG 8.0
    11: 2008-04-15 10:21:23 UTC - RP117 - Removed McAfee VirusScan Enterprise
    10: 2008-04-15 09:38:11 UTC - RP116 - Windows Update


    -- First Restore Point --
    1: 2008-04-14 07:06:00 UTC - RP109 - Last known good configuration


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 1022 MiB (1024 MiB recommended).


    -- HijackThis (run as Drew.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:33:42 AM, on 4/15/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\explorer.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Users\Drew\Desktop\dss.exe
    C:\Windows\system32\DllHost.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Drew.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WindowBlinds] C:\Program Files\AlienGUIse\wbload.exe auto
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 5583 bytes

    -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

    backup-20080415-092013-623 O4 - HKLM\..\Run: [BMe1c760b6] Rundll32.exe "C:\Windows\system32\alehrkxc.dll",s
    backup-20080415-092013-706 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqRKbay.dll,#1

    -- File Associations -----------------------------------------------------------

    .bat - batfile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\Alienware Invader Icon Packager\Alienware Invader.icl,43
    .inf - inffile - DefaultIcon - C:\Windows\system32\shell32.dll,69
    .ini - inifile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\Alienware Invader Icon Packager\Alienware Invader.icl,35
    .txt - txtfile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\Alienware Invader Icon Packager\Alienware Invader.icl,22


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    All drivers whitelisted.


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    All services whitelisted.


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Hamachi Network Interface
    Device ID: ROOT\NET\0000
    Manufacturer: LogMeIn, Inc.
    Name: Hamachi Network Interface
    PNP Device ID: ROOT\NET\0000
    Service: hamachi


    -- Files created between 2008-03-15 and 2008-04-15 -----------------------------

    2008-04-15 03:30:49 0 d-------- C:\Users\All Users\Avg8
    2008-04-15 02:16:33 1495552 --a------ C:\Windows\system32\epoPGPsdk.dll <Not Verified; PGP Corporation; PGPsdk>
    2008-04-15 02:16:32 0 d-------- C:\Program Files\Common Files\Cisco Systems
    2008-04-15 00:40:54 0 d-a------ C:\Users\All Users\TEMP
    2008-04-15 00:40:36 0 d-------- C:\Program Files\Spyware Doctor
    2008-04-14 20:34:37 0 d-------- C:\Program Files\AVG
    2008-04-14 19:24:45 0 d-------- C:\Users\All Users\Azureus
    2008-04-14 19:24:08 0 d-------- C:\Program Files\Azureus
    2008-04-14 12:07:18 96320 --a------ C:\Windows\system32\xxglnrpw.dll
    2008-04-14 05:59:37 0 d-------- C:\Program Files\SystemRequirementsLab
    2008-04-14 05:17:32 0 d-------- C:\Program Files\Trend Micro
    2008-04-14 04:30:09 0 d-------- C:\Program Files\Microsoft Silverlight
    2008-04-14 03:56:36 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-04-13 23:39:05 119808 --a------ C:\Windows\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
    2008-04-13 23:39:05 208896 --a------ C:\Windows\system32\ConTest.dll <Not Verified; Ascentive; ConnectionTester>
    2008-04-13 01:01:47 0 d-------- C:\Windows\Sun
    2008-04-10 19:04:02 0 d-------- C:\Program Files\Stardock
    2008-04-10 19:01:03 2560 --a------ C:\Windows\_MSRSTRT.EXE
    2008-04-05 20:20:27 0 d-------- C:\Windows\system32\URTTEMP
    2008-04-05 19:55:33 0 d-------- C:\Program Files\Turbine
    2008-03-19 20:56:29 0 d-------- C:\Program Files\Disney


    -- Find3M Report ---------------------------------------------------------------

    2008-04-15 03:25:52 0 d-------- C:\Program Files\Common Files
    2008-04-15 00:40:36 0 d-------- C:\Users\Drew\AppData\Roaming\PC Tools
    2008-04-15 00:35:39 0 d-------- C:\Users\Drew\AppData\Roaming\Azureus
    2008-04-14 05:59:37 0 d-------- C:\Users\Drew\AppData\Roaming\SystemRequirementsLab
    2008-04-14 05:47:18 53948 --a------ C:\Users\Drew\AppData\Roaming\nvModes.dat
    2008-04-14 05:47:18 53948 --a------ C:\Users\Drew\AppData\Roaming\nvModes.001
    2008-04-14 04:39:01 174 --ahs---- C:\Program Files\desktop.ini
    2008-04-14 04:36:29 0 d-------- C:\Program Files\Windows Calendar
    2008-04-14 04:36:25 0 d-------- C:\Program Files\Windows Mail
    2008-04-14 04:36:25 0 d-------- C:\Program Files\Windows Defender
    2008-04-14 04:02:22 0 d-------- C:\Program Files\Windows Sidebar
    2008-04-14 00:03:53 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-04-14 00:03:06 0 d-------- C:\Program Files\Bridge Building Game
    2008-04-11 16:39:45 0 d-------- C:\Users\Drew\AppData\Roaming\Thinstall
    2008-04-10 19:02:01 0 d-------- C:\Program Files\AlienGUIse
    2008-04-10 13:58:52 0 d-------- C:\Users\Drew\AppData\Roaming\Adobe
    2008-04-08 06:26:14 0 d-------- C:\Program Files\Soulseek
    2008-04-05 21:23:56 0 d-------- C:\Users\Drew\AppData\Roaming\Turbine
    2008-04-01 10:06:58 0 d-------- C:\Program Files\World of Warcraft <WORLDO~1>
    2008-03-18 09:38:42 0 d-------- C:\Users\Drew\AppData\Roaming\GarageGames
    2008-03-14 19:03:43 0 d-------- C:\Program Files\Java
    2008-03-14 18:58:03 0 d-------- C:\Program Files\Common Files\Java
    2008-03-12 13:00:37 724992 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
    2008-03-07 15:23:45 0 d-------- C:\Users\Drew\AppData\Roaming\Hamachi
    2008-03-03 10:58:27 0 d-------- C:\Program Files\BitComet
    2008-03-03 10:46:07 0 d-------- C:\Program Files\Hamachi
    2008-03-03 10:39:10 2560 --a------ C:\Windows\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
    2008-02-27 16:52:56 0 d-------- C:\Program Files\Realtek AC97
    2008-02-16 16:40:37 0 d-------- C:\Program Files\Delta
    2008-01-25 17:37:50 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
    2008-01-25 15:25:31 0 --a------ C:\Windows\nsreg.dat
    2008-01-15 12:26:18 4874240 --a------ C:\Windows\RtHDVCpl.exe <Not Verified; Realtek Semiconductor; HD Audio Control Panel>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/16/2007 08:02 PM]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 05:33 PM]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 05:37 PM]
    "RtHDVCpl"="RtHDVCpl.exe" [01/15/2008 12:26 PM C:\Windows\RtHDVCpl.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [05/22/2007 08:35 PM]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [05/22/2007 08:35 PM]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [05/22/2007 08:35 PM]
    "Performance Center"="C:\Program Files\Ascentive\Performance Center\APCMain.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [04/14/2008 03:45 AM]
    "WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]
    "WindowBlinds"="C:\Program Files\AlienGUIse\wbload.exe" []

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2/2/2008 12:17:02 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)
    "EnableLUA"=0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\Windows\system32\ljJBQifC

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
    LocalServiceNoNetwork PLA DPS BFE mpssvc


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-04-15 09:34:56 ------------



    and here is the extra dss results

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft® Windows Vista™ Home Basic (build 6000)
    Architecture: X86; Language: English

    CPU 0: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz
    Percentage of Memory in Use: 53%
    Physical Memory (total/avail): 1021.56 MiB / 477.54 MiB
    Pagefile Memory (total/avail): 2295.5 MiB / 1493.9 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1925.31 MiB

    C: is Fixed (NTFS) - 74.53 GiB total, 22.56 GiB free.
    D: is CDROM (CDFS)

    \\.\PHYSICALDRIVE0 - FUJITSU MHW2080BH ATA Device - 74.53 GiB - 1 partition
    \PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:



    -- Security Center -------------------------------------------------------------

    AUOptions is set to notify before download.
    Windows Internal Firewall is enabled.

    AS: Spyware Doctor v5.5.0.212 (PC Tools) Disabled
    AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\Drew\AppData\Roaming
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=DREW-PC
    ComSpec=C:\Windows\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users\Drew
    LOCALAPPDATA=C:\Users\Drew\AppData\Local
    LOGONSERVER=\\DREW-PC
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0f06
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    PUBLIC=C:\Users\Public
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\Drew\AppData\Local\Temp
    TMP=C:\Users\Drew\AppData\Local\Temp
    USERDOMAIN=Drew-PC
    USERNAME=Drew
    USERPROFILE=C:\Users\Drew
    windir=C:\Windows


    -- User Profiles ---------------------------------------------------------------

    Drew (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
    Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
    Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
    BitComet 0.98 --> C:\Program Files\BitComet\uninst.exe
    DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
    Logitech QuickCam Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
    Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
    Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
    Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
    Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
    REALTEK RTL8187 Wireless LAN Driver --> C:\Program Files\InstallShield Installation Information\{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}\SETUP.EXE -v"ISSCRIPTCMDLINE=\"-d -zREMOVE\"" -l0x0009 -removeonly
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
    Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
    System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
    The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.54 --> "C:\Program Files\Turbine\The Lord of the Rings Online\unins000.exe"
    Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
    Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
    Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
    Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
    Wow Web Stats Client --> C:\Windows\system32\javaws.exe -uninstall -prompt "http://wowwebstats.com/wwsc/wws.jnlp"


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type5155 / Error
    Event Submitted/Written: 04/14/2008 05:08:09 AM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application WLLoginProxy.exe, version 4.200.520.1, time stamp 0x46f2ac40, faulting module SHLWAPI.dll, version 6.0.6000.16386, time stamp 0x4549bdb9, exception code 0xc0000005, fault offset 0x0001d856,
    process id 0x46c, application start time 0xWLLoginProxy.exe0.

    Event Record #/Type5146 / Success
    Event Submitted/Written: 04/14/2008 05:00:11 AM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type5145 / Error
    Event Submitted/Written: 04/14/2008 04:58:54 AM
    Event ID/Source: 8203 / System Restore
    Event Description:
    System restore ended unexpectedly because of power loss or a program error. Additional information: (Windows Update).

    Event Record #/Type5139 / Success
    Event Submitted/Written: 04/14/2008 04:58:19 AM
    Event ID/Source: 5617 / WinMgmt
    Event Description:


    Event Record #/Type5138 / Success
    Event Submitted/Written: 04/14/2008 04:58:17 AM
    Event ID/Source: 5615 / WinMgmt
    Event Description:




    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type33274 / Warning
    Event Submitted/Written: 04/15/2008 09:34:00 AM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %Drew-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Drew-PC27 can't undo changes that you allow.

    For more information please see the following:
    %Drew-PC275

    Scan ID: {38523F5E-F578-4352-830A-7B666F9649E6}

    User: Drew-PC\Drew

    Name: %Drew-PC271

    ID: %Drew-PC272

    Severity ID: %Drew-PC273

    Category ID: %Drew-PC274

    Path Found: %Drew-PC276

    Alert Type: %Drew-PC278

    Detection Type: 1.1.1505.02

    Event Record #/Type33273 / Warning
    Event Submitted/Written: 04/15/2008 09:34:00 AM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %Drew-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Drew-PC27 can't undo changes that you allow.

    For more information please see the following:
    %Drew-PC275

    Scan ID: {ACFF551B-7D03-4520-803A-D79548DBFECB}

    User: Drew-PC\Drew

    Name: %Drew-PC271

    ID: %Drew-PC272

    Severity ID: %Drew-PC273

    Category ID: %Drew-PC274

    Path Found: %Drew-PC276

    Alert Type: %Drew-PC278

    Detection Type: 1.1.1505.02

    Event Record #/Type33268 / Warning
    Event Submitted/Written: 04/15/2008 06:23:52 AM
    Event ID/Source: 36 / W32Time
    Event Description:
    The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.

    Event Record #/Type33264 / Warning
    Event Submitted/Written: 04/14/2008 05:42:31 AM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Event Record #/Type33255 / Warning
    Event Submitted/Written: 04/14/2008 05:37:08 AM
    Event ID/Source: 1003 / Dhcp
    Event Description:
    Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0019D2839F4B. The following error occurred:
    %%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.



    -- End of Deckard's System Scanner: finished at 2008-04-15 09:34:56 ------------
     
  4. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, Moots123 :)

    Download the enclosed folder. Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, LSAfix.reg . Once extracted, open the folder and double click on the LSAfix.reg file and select Yes when prompted to merge it into the registry.

    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)


    Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

    Close Hijackthis.
    • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Antivirus programs play an important role in the protection of your system. Here are some options:

    Re-Scan with DSS and post a new Main.txt.
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/703931

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice