Help with clean-up from addware and partlly installed software

This laptop has several problems with addware, malware, spyware and other annoying parts of uninstalled software and unneeded registry items, stupid toolbars and other stuff like that.

I want to do an extensive clean-up without having to reinstall the OS.

My ideea was to use ATF-cleaner, a registry cleaner and manually install any ****-ware I see, but I cannot be sure I made a good clean-up.

I have already disabled most ****-ware from msconfig-> start-up...
I have already used ATF-cleaner.
No registry cleaner yet.

I would also like a recommendation for an anti virus and an addware removal tool.

Thank you.

Here is my Deckard's System Scanner log

Deckard's System Scanner v20071014.68
Run by ada on 2008-08-03 19:58:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
46: 2008-08-03 16:58:37 UTC - RP327 - Deckard's System Scanner Restore Point
45: 2008-08-03 16:43:22 UTC - RP326 - Removed SweetIM for Messenger 2.5
44: 2008-08-03 16:40:41 UTC - RP325 - Removed Logitech QuickCam
43: 2008-08-03 16:40:08 UTC - RP324 - Removed Logitech Desktop Messenger
42: 2008-08-03 16:39:40 UTC - RP323 - Removed MP3 Player Utilities 4.15


-- First Restore Point --
1: 2008-05-05 17:02:19 UTC - RP282 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as ada.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:03 PM, on 8/3/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\ada\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ada.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\DAEMON Tools SearchBar\search.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\OFFICE\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 3948 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Imagedrv - c:\windows\system32\drivers\imagedrv.sys <Not Verified; Ahead Software AG and its licensors; NERO IMAGEDRIVE>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>

S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 QCMerced (Logitech QuickCam Communicate) - c:\windows\system32\drivers\lvcm.sys (file missing)
S3 Ser2pl (MAT Serial port driver) - c:\windows\system32\drivers\ser2pl.sys <Not Verified; Prolific Technology Inc.; Prolific USB-to-Serial Bridge Cable>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Rhine II Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_10CD1734&REV_78\3&61AAA01&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Rhine II Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_10CD1734&REV_78\3&61AAA01&0&90
Service: FETND5BV


-- Scheduled Tasks -------------------------------------------------------------

2007-09-29 07:05:00 268 --a------ C:\WINDOWS\Tasks\Iris - Suflete de gheata.job
2007-09-29 06:48:00 282 --a------ C:\WINDOWS\Tasks\Iris - CINE MA STRIGA IN NOAPTE.job


-- Files created between 2008-07-03 and 2008-08-03 -----------------------------

2008-08-03 19:59:54 0 d-------- C:\Program Files\Trend Micro
2008-08-03 19:36:34 0 d-------- C:\WINDOWS\System32\appmgmt
2008-07-20 12:07:53 0 d-------- C:\Program Files\Conduit
2008-07-20 12:07:50 0 d-------- C:\Program Files\P2P_Torrent
2008-07-18 11:33:29 36864 --a------ C:\WINDOWS\System32\acs.exe
2008-07-18 11:33:21 17801 --a------ C:\WINDOWS\System32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-07-18 11:33:20 217088 --a------ C:\WINDOWS\System32\wgapi.dll <Not Verified; Atheros; Atheros GUI API Library>
2008-07-18 11:33:20 229376 --a------ C:\WINDOWS\System32\wcapi.dll <Not Verified; Atheros; Atheros Client API Library>
2008-07-18 11:33:20 73728 --a------ C:\WINDOWS\System32\athcfg11res.dll <Not Verified; Atheros Communications, Inc.; Atheros Configuration API Res Dynamic Link Library>
2008-07-18 11:33:20 356352 --a------ C:\WINDOWS\System32\athcfg11.dll <Not Verified; Atheros; Atheros Configuration API Dynamic Link Library>
2008-07-18 11:33:20 192512 --a------ C:\WINDOWS\System32\AegisI5.exe <Not Verified; ; AegisInstall Application>
2008-07-18 11:33:20 1396830 --a------ C:\WINDOWS\System32\AegisE5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2008-07-18 11:33:18 0 d-------- C:\Program Files\Atheros


-- Find3M Report ---------------------------------------------------------------

2008-08-03 19:45:55 0 d-------- C:\Program Files\Logitech
2008-08-03 19:44:18 0 d-------- C:\Program Files\DC++
2008-08-03 19:41:56 0 d-------- C:\Program Files\Common Files\Logitech
2008-08-03 19:40:17 0 d-------- C:\Program Files\Common Files
2008-08-03 19:40:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-23 22:08:48 0 d-------- C:\Program Files\DAEMON Tools SearchBar
2008-07-18 10:56:29 0 d-------- C:\Program Files\Yahoo!


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}]
08/17/2006 05:30 PM 242040 --a------ C:\Program Files\DAEMON Tools SearchBar\search.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU "= "C:\Program Files\Atheros\ACU.exe" [01/31/2005 08:05 AM]
"SoundMan "= "SOUNDMAN.EXE" [06/20/2006 03:42 PM C:\WINDOWS\soundman.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ada^Start Menu^Programs^Startup^Shortcut to text.lnk]
path=C:\Documents and Settings\ada\Start Menu\Programs\Startup\Shortcut to text.lnk
backup=C:\WINDOWS\pss\Shortcut to text.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\System32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
VTtrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
"C:\Program Files\DAEMON Tools SearchBar\Search.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE]
"C:\Program Files\DAEMON Tools SearchBar\whse.exe "




-- End of Deckard's System Scanner: finished at 2008-08-03 20:00:24 ------------

 

Hi Leni

Please download and run Malwarebytes' Anti-Malware This is a good malware tool and has an option to upgrade to resident protection if you want to go that route.

Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Post the entire report in your next reply along with a fresh HijackThis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Are you looking for a free AV? You did not like Eset?

Thanks
Geri

 

malewarebytes' log

Malwarebytes' Anti-Malware 1.24
Database version: 1020
Windows 5.1.2600 Service Pack 1

11:30:19 PM 8/3/2008
mbam-log-8-3-2008 (23-30-19).txt

Scan type: Quick Scan
Objects scanned: 40596
Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

HijackThis log

To my surprise... after cleaning-up the temps and everything with ATF-cleaner the machine started to work rather nicely...
I am not the owner of this machine, though. And I can't help not noticing that much of the software has been brutally removed without proper uninstall, so, there are many registry keys and pieces of programs and program data I can't manually remove (and don't actually wish to try because I'm afraid I might delete something important).

As far as for ESET goes... I did see a trace of nod32 in the add/remove programs list but it must have expired or something like that. So I think someone must have manually deleted the files from "Program Files ".
Personally I am very happy with ESET and I think that's exactlly what I'll use for this machine.

Also... there seems to be another problem I can't fix. I'm not sure whether this machine ever connected to the internet through it's wireless network card until now and nobody noticed that you have to manually turn the wireless radio on (Fn+F2 keys), so, I've been trying to make the radio turn on automatically at every reboot from BIOS, but I can't seem to make that happen, because I can't seem to find in BIOS any controls over the wireless radio, or the wireless network card.


Here is the Deckard's System Scanner log.


Deckard's System Scanner v20071014.68
Run by ada on 2008-08-03 23:33:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as ada.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:08 PM, on 8/3/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Clean-up tools\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ada.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\OFFICE\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 4461 bytes

-- Files created between 2008-07-03 and 2008-08-03 -----------------------------

2008-08-03 23:25:18 0 d-------- C:\Documents and Settings\ada\Application Data\Malwarebytes
2008-08-03 23:25:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-03 23:25:14 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-03 21:02:31 0 d-------- C:\Program Files\Strong DC
2008-08-03 20:58:36 0 d-------- C:\WINDOWS\Sun
2008-08-03 20:58:36 0 d-------- C:\Documents and Settings\ada\Application Data\Sun
2008-08-03 20:57:50 0 d-------- C:\Program Files\Java
2008-08-03 20:57:32 0 d-------- C:\Program Files\Common Files\Java
2008-08-03 19:59:54 0 d-------- C:\Program Files\Trend Micro
2008-08-03 19:36:34 0 d-------- C:\WINDOWS\System32\appmgmt
2008-07-18 11:33:29 36864 --a------ C:\WINDOWS\System32\acs.exe
2008-07-18 11:33:21 17801 --a------ C:\WINDOWS\System32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-07-18 11:33:20 217088 --a------ C:\WINDOWS\System32\wgapi.dll <Not Verified; Atheros; Atheros GUI API Library>
2008-07-18 11:33:20 229376 --a------ C:\WINDOWS\System32\wcapi.dll <Not Verified; Atheros; Atheros Client API Library>
2008-07-18 11:33:20 73728 --a------ C:\WINDOWS\System32\athcfg11res.dll <Not Verified; Atheros Communications, Inc.; Atheros Configuration API Res Dynamic Link Library>
2008-07-18 11:33:20 356352 --a------ C:\WINDOWS\System32\athcfg11.dll <Not Verified; Atheros; Atheros Configuration API Dynamic Link Library>
2008-07-18 11:33:20 192512 --a------ C:\WINDOWS\System32\AegisI5.exe <Not Verified; ; AegisInstall Application>
2008-07-18 11:33:20 1396830 --a------ C:\WINDOWS\System32\AegisE5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2008-07-18 11:33:18 0 d-------- C:\Program Files\Atheros


-- Find3M Report ---------------------------------------------------------------

2008-08-03 20:57:32 0 d-------- C:\Program Files\Common Files
2008-08-03 19:40:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-18 10:56:29 0 d-------- C:\Program Files\Yahoo!


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU "= "C:\Program Files\Atheros\ACU.exe" [01/31/2005 08:05 AM]
"SoundMan "= "SOUNDMAN.EXE" [06/20/2006 03:42 PM C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [06/07/2007 02:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
Debugger= "E:\CLEAN-UP TOOLS\PROCESSEXPLORER\PROCEXP.EXE "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ada^Start Menu^Programs^Startup^Shortcut to text.lnk]
path=C:\Documents and Settings\ada\Start Menu\Programs\Startup\Shortcut to text.lnk
backup=C:\WINDOWS\pss\Shortcut to text.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\System32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
VTtrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
"C:\Program Files\DAEMON Tools SearchBar\Search.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE]
"C:\Program Files\DAEMON Tools SearchBar\whse.exe "




-- End of Deckard's System Scanner: finished at 2008-08-03 23:33:27 ------------

Thank you Geri

 

Hi Leni
You seem to know your way around the Registry so these registry keys can be deleted.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE]

Open HJT and fix this entry.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

As far as the wireless connection, Wireless networking is just not my thing.

I would check in msconfig > startup tab and see that it hasn't been disabled there. and I would post the problem in the Networking forum here at bbs.
There are some good people over there that can help you out more then I could.

Geri

 

Did just that

Hello Geri

Did just that.
But I didn't touch the nod32 registry as I installed ESET security last night.
fixed the entry O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) also.
Deleted some uninstalled programs entries from the uninstall list, since I was there...
But when I look around regedit.exe... just for a bit, I couldn't help noting lots of regitry keys around from uninstalled software... I know most of them are supposed to be there, but I couldn't resist not deleting regestry keys from stuff like sweetIM and god-knows-what-toolbar....I hate adware toolbars.
So I was thinking about a regitry cleaner like the one provided by AA Tools, or something similar. Can you advise me on some software like this?

I am posting a new HJT log as many changes happend since the last HJT log. This machine hadn't seen any updates for it's OS in a long time... XP didn't even had SP2. (Experienced some problems there, while installing SP2... not sure if those were big problems or small problems)

And... about asking you about the wireless network card... Somehow, I tend to think you guys at Malware and Virus removal are the soultion to all world problems... . I've been reading many posts around here and I find most of the information very helpfull...
I'll move that question at the Networkig forum.

Thanks a million

Deckard's System Scanner v20071014.68
Run by ada on 2008-08-04 11:02:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as ada.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:53 AM, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Clean-up tools\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ada.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\OFFICE\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 4384 bytes

-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-04 03:00:32 0 d-------- C:\Program Files\MSXML 4.0
2008-08-04 02:34:04 0 d-------- C:\Documents and Settings\ada\Application Data\WinRAR
2008-08-04 01:10:29 0 d-------- C:\Documents and Settings\ada\Application Data\ESET
2008-08-04 01:08:02 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-04 01:04:15 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-08-04 01:03:23 0 d-------- C:\WINDOWS\Prefetch
2008-08-04 00:36:05 0 d-------- C:\WINDOWS\peernet
2008-08-04 00:36:03 0 d-------- C:\WINDOWS\provisioning
2008-08-04 00:33:28 0 d-------- C:\WINDOWS\ServicePackFiles
2008-08-04 00:26:22 0 d-------- C:\WINDOWS\EHome
2008-08-03 23:25:18 0 d-------- C:\Documents and Settings\ada\Application Data\Malwarebytes
2008-08-03 23:25:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-03 23:25:14 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-03 20:58:36 0 d-------- C:\WINDOWS\Sun
2008-08-03 20:58:36 0 d-------- C:\Documents and Settings\ada\Application Data\Sun
2008-08-03 20:57:50 0 d-------- C:\Program Files\Java
2008-08-03 20:57:32 0 d-------- C:\Program Files\Common Files\Java
2008-08-03 19:59:54 0 d-------- C:\Program Files\Trend Micro
2008-08-03 19:36:34 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-18 11:33:29 36864 --a------ C:\WINDOWS\system32\acs.exe
2008-07-18 11:33:21 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-07-18 11:33:20 217088 --a------ C:\WINDOWS\system32\wgapi.dll <Not Verified; Atheros; Atheros GUI API Library>
2008-07-18 11:33:20 229376 --a------ C:\WINDOWS\system32\wcapi.dll <Not Verified; Atheros; Atheros Client API Library>
2008-07-18 11:33:20 73728 --a------ C:\WINDOWS\system32\athcfg11res.dll <Not Verified; Atheros Communications, Inc.; Atheros Configuration API Res Dynamic Link Library>
2008-07-18 11:33:20 356352 --a------ C:\WINDOWS\system32\athcfg11.dll <Not Verified; Atheros; Atheros Configuration API Dynamic Link Library>
2008-07-18 11:33:20 192512 --a------ C:\WINDOWS\system32\AegisI5.exe <Not Verified; ; AegisInstall Application>
2008-07-18 11:33:20 1396830 --a------ C:\WINDOWS\system32\AegisE5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2008-07-18 11:33:18 0 d-------- C:\Program Files\Atheros


-- Find3M Report ---------------------------------------------------------------

2008-08-04 00:36:38 0 d-------- C:\Program Files\Messenger
2008-08-04 00:36:06 0 d-------- C:\Program Files\Movie Maker
2008-08-04 00:33:02 0 d-------- C:\Program Files\Windows NT
2008-08-03 20:57:32 0 d-------- C:\Program Files\Common Files
2008-08-03 19:40:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-18 10:56:29 0 d-------- C:\Program Files\Yahoo!


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU "= "C:\Program Files\Atheros\ACU.exe" [01/31/2005 08:05 AM]
"SoundMan "= "SOUNDMAN.EXE" [06/20/2006 03:42 PM C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"egui "= "C:\Program Files\ESET\ESET Smart Security\egui.exe" [06/10/2008 06:52 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
Debugger= "E:\CLEAN-UP TOOLS\PROCESSEXPLORER\PROCEXP.EXE "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ada^Start Menu^Programs^Startup^Shortcut to text.lnk]
path=C:\Documents and Settings\ada\Start Menu\Programs\Startup\Shortcut to text.lnk
backup=C:\WINDOWS\pss\Shortcut to text.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\System32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
VTtrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE]




-- End of Deckard's System Scanner: finished at 2008-08-04 11:03:46 ------------

 

Hi Leni

My first advice is not to use one, I don't like reg cleaners, personally I've had bad experiances with them. but the safest one I've used is RegCleaner. Make sure you always make a back up before using any registry cleaner.
http://majorgeeks.com/download460.html

ERUNT is a really good registry back up app.
http://www.aumha.org/downloads/erunt-setup.exe
Use the setup program to install ERUNT on your computer
Click ERUNT.Setup.exe to install ERUNT and backup your registry.
Uncheck the "Create NTREGOPT desktop icon" box.
In the window that comes up to Create an ERUNT entry to the Start up folder select No.

By Default the backup location is C:\windows\erunt\ (current date)
Click OK to continue with the registry backup.
If the folder does not exist then let ERUNT create the folder for you by clicking Yes
You should see a progress bar when ERUNT is backing up the Windows Registry.
After ERUNT has completed the Windows Registry backup. Click OK to exit ERUNT

Don't get me confused with Dave (noahdfear) He knows every dang thing, surprised he hasn't solved the energy crisis, or world peace.

I would like to know what files are in this folder.
C:\WINDOWS\system32\appmgmt
Please check and let me know.

These are still showing in the dss log. They have been disabled in msconfig > Startup
You may have to go in and enable them to delete them.
Click on Start > Run > type in msconfig Click OK
Click on the startup tab, put a check in the box next to these,
WhenUSearch
WhenUSearchWHSE
Click Apply then OK
DO NOT restart the computer when asked, then go in to the registry and delete the Keys. Then reboot.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE]

Run dss again and check to make sure they're gone from the log.

Geri

 

appmgmt

So... there are 2 empty folder's in C:\WINDOWS\system32\appmgmt

those are:

C:\WINDOWS\system32\appmgmt\MACHINE
C:\WINDOWS\system32\appmgmt\S-1-5-21-842925246-117609710-725345543-1003

I checked and double checked for hidden/system files, whether they are empty or not, and I'm positive they're empty (now).

I also checked in msconfig, and there's no trace of WhenUSearch or WhenUSearchWHSE

... but I went back to regedit.exe and got rid of them, permanently.

I'm about to start the registry back-up and cleaning and after I finish I'll post a new dds log

this is it for now.

Deckard's System Scanner v20071014.68
Run by ada on 2008-08-05 17:05:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as ada.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:06:03 PM, on 8/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Clean-up tools\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ada.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\OFFICE\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 4523 bytes

-- Files created between 2008-07-05 and 2008-08-05 -----------------------------

2008-08-05 16:53:49 545 --a------ C:\WINDOWS\UC.PIF
2008-08-05 16:53:49 545 --a------ C:\WINDOWS\RAR.PIF
2008-08-05 16:53:49 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-08-05 16:53:49 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-08-05 16:53:49 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-08-05 16:53:49 545 --a------ C:\WINDOWS\LHA.PIF
2008-08-05 16:53:49 545 --a------ C:\WINDOWS\ARJ.PIF
2008-08-05 16:53:49 0 d-------- C:\Program Files\totalcmd
2008-08-04 03:00:32 0 d-------- C:\Program Files\MSXML 4.0
2008-08-04 02:34:04 0 d-------- C:\Documents and Settings\ada\Application Data\WinRAR
2008-08-04 02:16:47 0 d-------- C:\Program Files\uTorrent
2008-08-04 02:16:30 0 d-------- C:\Documents and Settings\ada\Application Data\uTorrent
2008-08-04 01:10:29 0 d-------- C:\Documents and Settings\ada\Application Data\ESET
2008-08-04 01:08:02 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-04 01:04:15 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-08-04 01:03:23 0 d-------- C:\WINDOWS\Prefetch
2008-08-04 00:36:05 0 d-------- C:\WINDOWS\peernet
2008-08-04 00:36:03 0 d-------- C:\WINDOWS\provisioning
2008-08-04 00:33:28 0 d-------- C:\WINDOWS\ServicePackFiles
2008-08-04 00:26:22 0 d-------- C:\WINDOWS\EHome
2008-08-03 23:25:18 0 d-------- C:\Documents and Settings\ada\Application Data\Malwarebytes
2008-08-03 23:25:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-03 23:25:14 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-03 21:02:31 0 d-------- C:\Program Files\Strong DC
2008-08-03 20:58:36 0 d-------- C:\WINDOWS\Sun
2008-08-03 20:58:36 0 d-------- C:\Documents and Settings\ada\Application Data\Sun
2008-08-03 20:57:50 0 d-------- C:\Program Files\Java
2008-08-03 20:57:32 0 d-------- C:\Program Files\Common Files\Java
2008-08-03 19:59:54 0 d-------- C:\Program Files\Trend Micro
2008-08-03 19:36:34 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-18 11:33:29 36864 --a------ C:\WINDOWS\system32\acs.exe
2008-07-18 11:33:21 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-07-18 11:33:20 217088 --a------ C:\WINDOWS\system32\wgapi.dll <Not Verified; Atheros; Atheros GUI API Library>
2008-07-18 11:33:20 229376 --a------ C:\WINDOWS\system32\wcapi.dll <Not Verified; Atheros; Atheros Client API Library>
2008-07-18 11:33:20 73728 --a------ C:\WINDOWS\system32\athcfg11res.dll <Not Verified; Atheros Communications, Inc.; Atheros Configuration API Res Dynamic Link Library>
2008-07-18 11:33:20 356352 --a------ C:\WINDOWS\system32\athcfg11.dll <Not Verified; Atheros; Atheros Configuration API Dynamic Link Library>
2008-07-18 11:33:20 192512 --a------ C:\WINDOWS\system32\AegisI5.exe <Not Verified; ; AegisInstall Application>
2008-07-18 11:33:20 1396830 --a------ C:\WINDOWS\system32\AegisE5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2008-07-18 11:33:18 0 d-------- C:\Program Files\Atheros


-- Find3M Report ---------------------------------------------------------------

2008-08-04 00:36:38 0 d-------- C:\Program Files\Messenger
2008-08-04 00:36:06 0 d-------- C:\Program Files\Movie Maker
2008-08-04 00:33:02 0 d-------- C:\Program Files\Windows NT
2008-08-03 20:57:32 0 d-------- C:\Program Files\Common Files
2008-08-03 19:40:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-18 10:56:29 0 d-------- C:\Program Files\Yahoo!


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU "= "C:\Program Files\Atheros\ACU.exe" [01/31/2005 08:05 AM]
"SoundMan "= "SOUNDMAN.EXE" [06/20/2006 03:42 PM C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"egui "= "C:\Program Files\ESET\ESET Smart Security\egui.exe" [06/10/2008 06:52 PM]
"MSConfig "= "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 10:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
Debugger= "E:\CLEAN-UP TOOLS\PROCESSEXPLORER\PROCEXP.EXE "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\System32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
VTtrayp.exe




-- End of Deckard's System Scanner: finished at 2008-08-05 17:06:39 ------------

Thank you,
Leni

 

Nice clean-up

So.. I did a nice clean-up...
I backed up the registry... created restore point... stuff like that, just in case.

I'm pretty proud of myself, and the machine works a lot faster now. Yey!

I'm not confusing you with Dave, he helped me on an other problem I had with my personal notebook with some silly adware pop-ups . But I red many of your answers regarding other malware and virus removals. And I think you guys are great!

So... here's my dss log once again. Pretty! Nice and clean.

Thanks for everything

Leni

Deckard's System Scanner v20071014.68
Run by ada on 2008-08-05 17:29:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as ada.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:59 PM, on 8/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\acs.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\wuauclt.exe
E:\CLEAN-UP TOOLS\PROCESSEXPLORER\PROCEXP.EXE
E:\Clean-up tools\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ada.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\OFFICE\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 3923 bytes

-- Files created between 2008-07-05 and 2008-08-05 -----------------------------

2008-08-05 17:23:56 0 d-------- C:\Program Files\G-Lock Software
2008-08-05 17:20:12 0 d-------- C:\Documents and Settings\ada\Application Data\Adobe
2008-08-05 16:53:49 545 --a------ C:\WINDOWS\UC.PIF
2008-08-05 16:53:49 545 --a------ C:\WINDOWS\RAR.PIF
2008-08-05 16:53:49 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-08-05 16:53:49 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-08-05 16:53:49 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-08-05 16:53:49 545 --a------ C:\WINDOWS\LHA.PIF
2008-08-05 16:53:49 545 --a------ C:\WINDOWS\ARJ.PIF
2008-08-05 16:53:49 0 d-------- C:\Program Files\totalcmd
2008-08-04 03:00:32 0 d-------- C:\Program Files\MSXML 4.0
2008-08-04 02:34:04 0 d-------- C:\Documents and Settings\ada\Application Data\WinRAR
2008-08-04 02:16:47 0 d-------- C:\Program Files\uTorrent
2008-08-04 02:16:30 0 d-------- C:\Documents and Settings\ada\Application Data\uTorrent
2008-08-04 01:10:29 0 d-------- C:\Documents and Settings\ada\Application Data\ESET
2008-08-04 01:08:02 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-04 01:04:15 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-08-04 01:03:23 0 d-------- C:\WINDOWS\Prefetch
2008-08-04 00:36:05 0 d-------- C:\WINDOWS\peernet
2008-08-04 00:36:03 0 d-------- C:\WINDOWS\provisioning
2008-08-04 00:33:28 0 d-------- C:\WINDOWS\ServicePackFiles
2008-08-04 00:26:22 0 d-------- C:\WINDOWS\EHome
2008-08-03 23:25:18 0 d-------- C:\Documents and Settings\ada\Application Data\Malwarebytes
2008-08-03 23:25:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-03 23:25:14 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-03 21:02:31 0 d-------- C:\Program Files\Strong DC
2008-08-03 20:58:36 0 d-------- C:\WINDOWS\Sun
2008-08-03 20:58:36 0 d-------- C:\Documents and Settings\ada\Application Data\Sun
2008-08-03 20:57:50 0 d-------- C:\Program Files\Java
2008-08-03 20:57:32 0 d-------- C:\Program Files\Common Files\Java
2008-08-03 19:59:54 0 d-------- C:\Program Files\Trend Micro
2008-08-03 19:36:34 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-18 11:33:29 36864 --a------ C:\WINDOWS\system32\acs.exe
2008-07-18 11:33:21 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-07-18 11:33:20 217088 --a------ C:\WINDOWS\system32\wgapi.dll <Not Verified; Atheros; Atheros GUI API Library>
2008-07-18 11:33:20 229376 --a------ C:\WINDOWS\system32\wcapi.dll <Not Verified; Atheros; Atheros Client API Library>
2008-07-18 11:33:20 73728 --a------ C:\WINDOWS\system32\athcfg11res.dll <Not Verified; Atheros Communications, Inc.; Atheros Configuration API Res Dynamic Link Library>
2008-07-18 11:33:20 356352 --a------ C:\WINDOWS\system32\athcfg11.dll <Not Verified; Atheros; Atheros Configuration API Dynamic Link Library>
2008-07-18 11:33:20 192512 --a------ C:\WINDOWS\system32\AegisI5.exe <Not Verified; ; AegisInstall Application>
2008-07-18 11:33:20 1396830 --a------ C:\WINDOWS\system32\AegisE5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2008-07-18 11:33:18 0 d-------- C:\Program Files\Atheros


-- Find3M Report ---------------------------------------------------------------

2008-08-04 00:36:38 0 d-------- C:\Program Files\Messenger
2008-08-04 00:36:06 0 d-------- C:\Program Files\Movie Maker
2008-08-04 00:33:02 0 d-------- C:\Program Files\Windows NT
2008-08-03 20:57:32 0 d-------- C:\Program Files\Common Files
2008-08-03 19:40:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-18 10:56:29 0 d-------- C:\Program Files\Yahoo!


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU "= "C:\Program Files\Atheros\ACU.exe" [01/31/2005 08:05 AM]
"SoundMan "= "SOUNDMAN.EXE" [06/20/2006 03:42 PM C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"egui "= "C:\Program Files\ESET\ESET Smart Security\egui.exe" [06/10/2008 06:52 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
Debugger= "E:\CLEAN-UP TOOLS\PROCESSEXPLORER\PROCEXP.EXE "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
VTtrayp.exe




-- End of Deckard's System Scanner: finished at 2008-08-05 17:30:34 ------------

 

Hi
OK looks good.


I see it has P2P software ( Limewire, BitTorrent uTorrent etc… ) installed on the machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.


Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958

You can delete dss.exe and this folder C "\Deckard

If everything seems OK I'll mark this one resolved.

Geri