Broadband Connection Drops out After 3 or so Hours...everytime..

--------------------------------------------------------------------------------

I am currently using a PC at my in-laws house (it's hooked up to a modem (NetComm NB5 ADSL2+ Modem Router) which in turn is hooked up to another PC). We are on a broadband connection and when I boot my PC up I have access to the internet no problems. After around 3 hours the connection drops out (no web pages load on Internet Explorer and Windows Messenger drops out). The thing is the modem still has all the same lights on and when I go to Network Connections it says I'm still connected. The other PC which is also hooked up to this modem never has this problem.

If I unplug the modem and turn it off and then re-plug it all back in it still doesn't re-connect. The only thing that makes it re-connect is if I restart my PC. What is going on here?

I am on Windows XP with all the latest updates. I used to have this PC at home and it never used to do this on my broadband connection. My brother-in-law used to have his PC hooked up the same way as mine is now and he never used to have this problem.

Any help would be appreciated.

 

Hi Waverley

You have what sounds to me like Winsock issues, and pehaps Spy/Adware.

Need more info:

Go here http://www.windowsbbs.com/announcement.php?f=41

Read all then download and Hijackthis, Deckard and ATF-Cleaner.

Run HJT first then Deckard. Post back here. Do not run ATF-Cleaner yet until advised.

Mike

 

Hi Mike

Just some background. I had some serious spyware/adware issues a few weeks back but noahdfear helped me sort it all out (http://www.windowsbbs.com/showthread.php?t=70187)

BTW, I've had this disconnect problem the day I moved my computer around here (around 2 months ago). Just to add - my computer used to use Optus as our ISP (and will again when I move my computer back to our new house once built) but while the computer is at the inlaws it is using their internet connection which is on a different ISP.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:19 PM, on 24/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Daemon Tools\daemon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl.optusnet.com.au/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\Daemon Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199965207687
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE (file missing)

--
End of file - 5715 bytes


Deckard's System Scanner v20071014.68
Run by user on 2008-01-24 22:12:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:03 PM, on 24/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Daemon Tools\daemon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl.optusnet.com.au/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\Daemon Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199965207687
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE (file missing)

--
End of file - 5685 bytes

-- Files created between 2007-12-24 and 2008-01-24 -----------------------------

2008-01-20 14:27:34 0 d--hs---- C:\FOUND.011
2008-01-18 18:49:57 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-18 18:44:00 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-17 22:13:16 0 d-------- C:\Program Files\Arcade
2008-01-16 22:11:14 0 d-------- C:\Program Files\Mp3TagToolsv12
2008-01-16 22:10:38 0 d-------- C:\Program Files\Razorlame
2008-01-16 22:09:58 0 d-------- C:\Program Files\Lame
2008-01-11 22:59:40 0 d-------- C:\WINDOWS\system32\LogFiles
2008-01-10 22:13:47 0 d-------- C:\Documents and Settings\user\Application Data\Comodo
2008-01-10 22:13:45 0 d-------- C:\Program Files\COMODO
2008-01-10 22:13:45 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-01-09 21:41:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-09 21:41:24 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-08 06:53:07 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-01-07 23:23:27 24576 --a------ C:\WINDOWS\system32\CTHELPER.EXE <Not Verified; Creative Technology Ltd; CtHelper Application>
2008-01-07 22:58:44 0 d-------- C:\Program Files\Trend Micro
2008-01-06 23:04:36 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-06 22:30:35 0 dr-h----- C:\Documents and Settings\user\Recent
2008-01-06 22:26:28 0 d-------- C:\Program Files\RogueRemover FREE
2008-01-06 22:21:04 3736 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-06 21:58:01 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-06 21:58:01 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-06 21:58:01 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-06 21:58:01 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-01-06 21:58:01 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-06 21:58:01 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-06 21:58:01 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-01-06 21:58:01 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-01-06 21:58:01 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-06 21:58:01 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-01-06 21:58:01 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-06 21:58:01 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-06 21:58:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-01-06 21:58:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-01-06 21:58:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-01-06 21:58:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-01-06 21:58:00 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-06 21:58:00 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-01-06 21:58:00 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-06 21:57:59 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-06 13:31:54 0 d-------- C:\Documents and Settings\user\Application Data\EasySpywareCleaner.com
2008-01-06 13:31:24 0 d-------- C:\Program Files\EasySpywareCleaner


-- Find3M Report ---------------------------------------------------------------

2007-12-15 13:31:04 0 d-------- C:\Program Files\Codemasters
2007-11-30 16:56:50 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-11-09 14:39:56 94664 --a------ C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EM_EXEC "= "C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" []
"CTHelper "= "CTHELPER.EXE" [08/01/2008 07:26 PM C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg "= "REGSVR32.exe" [04/08/2004 06:56 PM C:\WINDOWS\system32\regsvr32.exe]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [04/10/2007 05:14 PM]
"UpdReg "= "C:\WINDOWS\UpdReg.EXE" [08/01/2008 07:26 PM]
"Cmaudio "= "cmicnfg.cpl" []
"Desktop Service Centre "= "C:\Program Files\OptusNet DSL Internet\DSC.exe" [08/01/2008 07:02 AM]
"REGSHAVE "= "C:\Program Files\REGSHAVE\REGSHAVE.exe" [08/01/2008 07:26 PM]
"nwiz "= "nwiz.exe" []
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [04/10/2007 05:14 PM]
"SBDrvDet "= "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [08/01/2008 07:26 PM]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [08/01/2008 07:26 PM]
"COMODO Firewall Pro "= "C:\Program Files\COMODO\Firewall\cfp.exe" [10/01/2008 10:13 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\MSMSGS.exe" [08/01/2008 07:26 PM]
"DAEMON Tools "= "C:\Program Files\Daemon Tools\daemon.exe" [08/01/2008 07:26 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter "=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [30/06/2006 9:29:09 AM]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [25/02/2004 1:35:22 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "




-- End of Deckard's System Scanner: finished at 2008-01-24 22:14:09 ------------

 

Hi Steve,

Both - I could be in the middle of looking at a website and it could just drop out or if I am away from it for a while and come back it wont work.

What gets me is that the other PC which runs off the modem NEVER drops out and my PC never used to drop out when I had it hooked up at home. When it does drop out the Network Connection says everything is fine..

 

OK for one you have a Rogue Spyware program or the remenants.

Go to Add/remove programs and look for EasySpywareCleaner
un-install it, if there

Next there or not
paste the below between the lines but not the lines to the command prompt
______________________________________________

cd\
rd /s /q %PROGRAM_FILES%\easyspywarecleaner
del /f /q /s easyspywarecleaner.*
del /f /q /s %SYSTEM%\ctfmona.*
del /f /q /s ctfmona.*
______________________________________________

Download and run http://www.xblock.com/download/xclean_micro.exe

Download install and update and run Spybot
Download install and update and run Adaware 2007
Need links just google

Then test for problem and get back.

Mike

 

For some reason when I look at the Network thread listings it says there was a reply from Mike 8 hours ago but when I go into the thread it only shows my post from 9 hours ago as the most recent... and now I notice his original post in this thread is gone.... What is happening here?

Is it possible that the person who looks like they were going to help me has now been banned from the site?

 

Is anyone able to please help?

It might look like I've just been posting posts one after another but there's been some posts by another user which have been deleted.

 

Hi Waverly,

Please open Add/Remove Programs and uninstall EasySpywareCleaner if present.

Delete the following folders.

C:\Program Files\EasySpywareCleaner
C:\Documents and Settings\user\Application Data\EasySpywareCleaner.com

And the following file, if present.

C:\WINDOWS\system32\ctfmona.exe

Empty the Recycle bin and reboot.

I don't see any antivirus program running. You mentioned in the cleanup topic that you were installing some of the applications recommended on this site, and I took it for granted you were referring to antivirus and antispyware apps ...... my bad. You really need to get an antivirus program installed and updated, and an antispyware app as well. Spybot, Ad-aware and AVG AntiSpyware all fall under the antispyware category, and are free. AVG, Avast and Avira are free antivirus, in the event you choose not to purchase something.

Once installed, run full system scans and allow them to remove whatever they find.

Let us know if your connection issues remain after that.

 

Hey there mate,

Sorry for the delayed reply (been away with family). The reason I hadn't installed antisypware or antivirus program is that the internet connection I am currently using goes back to dial up speed when you use up the data allowance (which it had) and that combined with the fact it kept kicking me off the net after 2-3 hours meant I could never get the file downloaded (I tried quite a few times without success).

I now have downloaded and installed Avast, Ad-Aware along with Comodo.

I have since deleted the above EasySpywareCleaner files/folders (it wasn't listed on my add/remove programs so I just manually got rid of them). The file C:\WINDOWS\system32\ctfmona.exe doesn't exist but I do have one which is very close to that (which I haven't touched): C:\WINDOWS\system32\ctfmon.exe

I ran both Avast adn Ad-Aware which found some problems (which I deleted).

After all that I still have the disconnection problem. It's always after around 2-4 hours (but mostly around 3).

I will post a hi-jack this log which I ran a short time ago.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:02 PM, on 31/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Daemon Tools\daemon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl.optusnet.com.au/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\Daemon Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199965207687
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE (file missing)

--
End of file - 6602 bytes

 

Hi Waverley

I am sorry I was unavailable to finish with your issue.

But I am back and feel I can fix your problem if it still exists.

Just get back and let me know any other measures you have taken since your last post.

Mike

 

Hi Mike,

Thanks for getting back to me (and getting back).

I still have the problem and since my last post have not tried anything else. It is VERY frustrating as you could imagine.

Cheers.

 

Hi Waverley

Is OptusNet DSL Internet you current ISP or is this from before you hooked up at this location?

I need to see what the svchosts are running, so copy the following line and paste to the cmd prompt.

%SystemRoot%\system32\cmd.exe /c %windir%\system32\tasklist.exe /svc > "%USERPROFILE% "\Desktop\Tasklist.txt

A file Tasklist.txt will appear on Desktop.

Open and post contents this back to us.

Also do the same with the following

%SystemRoot%\system32\cmd.exe /c %windir%\system32\ipconfig.exe /all > "%USERPROFILE% "\Desktop\Ipcfg.txt

But before pasting, put x's in your IP (to obscure it from public view) address like 208.xxx.99.xx (only the IP) leave the rest. Change this copy and and paste to us, exit the Ipcfg.txt and decline to save so you have the original as we may need this later.

Go into control panel find Java Icon use it to update java to ver 3. Then in add/remove un-install all old versions java.

Now for the ctfmona.exe

%SystemRoot%\system32\cmd.exe /c attrib c:\ctfmona.exe /s > "%USERPROFILE% "\Desktop\ctfmona.txt

paste the contents of ctfmona.txt back to us.

Mike

 

G'day Mike,

Optus DSL is the ISP that we were using before we moved, so we're not currently using them.

I'll follow the rest of the instructions tonight my time in around 11 or so hours (currently on the work pc).

Cheers.

 

Hi Wav

OK OptusNet DSL could be it!

Look in Control panel-Add/remove. If there is an entry there the un-install it.

If no entry there, browse to C:\Program Files\OptusNet DSL Internet and look for an un-install program. It could be Unistall.exe or unwise.exe etc.

Once it is uninstalled run HJT scan only and check following items to remove

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl.optusnet.com.au/

O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe

O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE (file missing)

Note the above file belongs to Alchol 120 and if you still have it installed, it should be un-installed and then reinstalled to correct this. Un-install now but do not reinstall until after this issue is resolved.

Additional optional useless items to remove below

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

There are couple more but we will cover those after your issues are fixed if you want.

Additionally you have some remaining, probably remenants of Spyware.

Paste the following 3 lines to the cmd prompt, remember to hit enter at cmd prompt to be sure all ran.

%SystemRoot%\system32\cmd.exe /c attrib c:\easyspy*.* /s >> "%USERPROFILE% "\Desktop\CleanEasyspy.txt

%SystemRoot%\system32\cmd.exe /c del /f /s /q c:\easyspy*.* >> "%USERPROFILE% "\Desktop\CleanEasyspy.txt

%SystemRoot%\system32\cmd.exe /c del /f /s /q c:\tmp.reg >> "%USERPROFILE% "\Desktop\CleanEasyspy.txt

Go here http://www.windowsbbs.com/announcement.php?f=41 read and download Deckard DSS and ATF-Cleaner.

Then reboot

After the above then reboot send fresh HJT log

then

Run and post DSS log.

Run ATF-Cleaner

Test for the problem and get back after 3 hrs.

Mike

 

Hi Mike,

It does make sense to me that the Optus files / old connection setup could be the problem. The only reason I haven't got rid of them to date is that we are only going to be where we are at the moment until our new house is built (another 5 or so months) and then there is a possiblility that we might use Optus again as our ISP. I guess if we do go back to Optus it wouldn't be much to just re-install their software / connection again.

I will go through all the above steps tonight and revert.

Thanks again.

P.S. I've never used or installed (to my knowledge) Alcohol120 - is it possible that file is from another application?

 

Hi Wav

The ScsiAccess could come from other apps. Delete the entry.

The Opus stuff was likely never needed in the first place and can easily be reinstalled if needed. Proceed.

Mike

 

Windows IP Configuration



Host Name . . . . . . . . . . . . : oem-vsw4ecxi8ft

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-0D-87-90-60-E9



Ethernet adapter Local Area Connection 4:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : NetComm NB5 USB Remote NDIS Network Device

Physical Address. . . . . . . . . : 00-30-0A-41-AE-78

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : xxx.xxx.1.xx

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Monday, 4 February 2008 7:39:10 PM

Lease Expires . . . . . . . . . . : Monday, 4 February 2008 8:39:10 PM


-----------------------------------------------

I tried copying the first one but for some reason the Tasklist.exe which ended up on the desktop was always blank.... not sure whats happening here.

Will continue with the rest of the instructions.

BTW, when you say copy to the cmd do you mean copy to the 'run' prompt? For half an hour I tried to copy straight to the DOS Command Prompt but it wouldn't let me paste directly into it..

----------------------------------

Here's what ended up in the ctfmona.txt:

File not found - C:\ctfmona.exe

---------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:57 PM, on 4/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Daemon Tools\daemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\Daemon Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199965207687
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6191 bytes


Deckard's System Scanner v20071014.68
Run by user on 2008-02-04 21:01:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:02 PM, on 4/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Daemon Tools\daemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\user\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\Daemon Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199965207687
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6257 bytes

-- Files created between 2008-01-04 and 2008-02-04 -----------------------------

2008-02-03 20:20:34 2973696 --a------ C:\Program Files\NFSHP2.exe
2008-02-03 20:19:13 45184 --a------ C:\Program Files\Win2kHook.dll
2008-02-03 20:19:13 41900 --a------ C:\Program Files\RegSetup.exe <Not Verified; CLASS/BACKLASH; CLASS/BACKLASH regsetup>
2008-02-03 20:19:08 970 --a------ C:\Program Files\setup.bat
2008-02-03 20:19:03 0 d-------- C:\Program Files\tracks
2008-02-03 20:19:03 0 d-------- C:\Program Files\Particle
2008-02-03 20:19:03 0 d-------- C:\Program Files\movies
2008-02-03 20:19:02 0 d-------- C:\Program Files\Cars
2008-02-03 20:19:02 0 d-------- C:\Program Files\autorun
2008-02-03 20:19:02 0 d-------- C:\Program Files\AI
2008-02-03 20:19:01 0 d-------- C:\Program Files\Text
2008-02-03 20:19:01 0 d-------- C:\Program Files\ReadMe
2008-02-03 20:19:01 0 d-------- C:\Program Files\FrontEnd
2008-02-03 20:19:01 0 d-------- C:\Program Files\EAGL
2008-02-03 20:19:01 0 d-------- C:\Program Files\Controllers
2008-02-03 20:19:01 0 d-------- C:\Program Files\audio
2008-02-03 20:19:01 0 d-------- C:\Program Files\actors
2008-02-03 20:12:30 0 d-------- C:\Program Files\Need For Speed
2008-02-03 10:28:59 0 d-------- C:\Program Files\Nascar
2008-01-29 22:30:05 1158 --a------ C:\WINDOWS\mozver.dat
2008-01-28 21:48:19 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-28 21:48:05 0 d-------- C:\Documents and Settings\user\Application Data\Mozilla
2008-01-28 21:06:13 0 d-------- C:\Program Files\Lavasoft
2008-01-28 21:06:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-28 21:05:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-28 20:55:03 0 d-------- C:\Program Files\Alwil Software
2008-01-20 14:27:34 0 d--hs---- C:\FOUND.011
2008-01-18 18:49:57 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-18 18:44:00 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-17 22:13:16 0 d-------- C:\Program Files\Arcade
2008-01-16 22:11:14 0 d-------- C:\Program Files\Mp3TagToolsv12
2008-01-16 22:10:38 0 d-------- C:\Program Files\Razorlame
2008-01-16 22:09:58 0 d-------- C:\Program Files\Lame
2008-01-11 22:59:40 0 d-------- C:\WINDOWS\system32\LogFiles
2008-01-10 22:13:47 0 d-------- C:\Documents and Settings\user\Application Data\Comodo
2008-01-10 22:13:45 0 d-------- C:\Program Files\COMODO
2008-01-10 22:13:45 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-01-09 21:41:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-09 21:41:24 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-08 06:53:07 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-01-07 23:23:27 24576 --a------ C:\WINDOWS\system32\CTHELPER.EXE <Not Verified; Creative Technology Ltd; CtHelper Application>
2008-01-07 22:58:44 0 d-------- C:\Program Files\Trend Micro
2008-01-06 23:04:36 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-06 22:30:35 0 dr-h----- C:\Documents and Settings\user\Recent
2008-01-06 22:26:28 0 d-------- C:\Program Files\RogueRemover FREE
2008-01-06 21:58:01 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-06 21:58:01 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-06 21:58:01 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-06 21:58:01 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-01-06 21:58:01 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-06 21:58:01 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-06 21:58:01 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-01-06 21:58:01 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-01-06 21:58:01 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-06 21:58:01 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-01-06 21:58:01 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-06 21:58:01 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-06 21:58:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-01-06 21:58:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-01-06 21:58:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-01-06 21:58:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-01-06 21:58:00 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-06 21:58:00 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-01-06 21:58:00 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-06 21:57:59 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT


-- Find3M Report ---------------------------------------------------------------

2007-12-15 13:31:04 0 d-------- C:\Program Files\Codemasters
2007-11-30 16:56:50 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-11-09 14:39:56 94664 --a------ C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EM_EXEC "= "C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" []
"CTHelper "= "CTHELPER.EXE" [08/01/2008 07:26 PM C:\WINDOWS\system32\CTHELPER.EXE]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [04/10/2007 05:14 PM]
"UpdReg "= "C:\WINDOWS\UpdReg.EXE" [08/01/2008 07:26 PM]
"Cmaudio "= "cmicnfg.cpl" []
"nwiz "= "nwiz.exe" []
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [04/10/2007 05:14 PM]
"SBDrvDet "= "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [08/01/2008 07:26 PM]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [08/01/2008 07:26 PM]
"COMODO Firewall Pro "= "C:\Program Files\COMODO\Firewall\cfp.exe" [10/01/2008 10:13 PM]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/12/2007 12:00 AM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\MSMSGS.exe" [08/01/2008 07:26 PM]
"DAEMON Tools "= "C:\Program Files\Daemon Tools\daemon.exe" [08/01/2008 07:26 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter "=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [30/06/2006 9:29:09 AM]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [25/02/2004 1:35:22 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "




-- End of Deckard's System Scanner: finished at 2008-02-04 21:02:44 ------------

 

Hi Wav

Good morning from where it is morning! Smile!

Go to
Start-Run
type cmd
enter or OK

copy the line

then paste to the c: prompt.

Some of these may not work from Run cmd

For the tasklist just try the below

tasklist.exe /svc > "%USERPROFILE% "\Desktop\Tasklist.txt

there are 3 files from Deckard

Browse to c:\Deckard\system
open and post to me extra and moved txt files.

At this stage since removing all that you did has anything changed?

Mike

PS I am at work and will reply in about 1.5 -2 hours.