Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I have trouble running DDS file

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I have trouble running DDS file

Unread postby mike632 » March 20th, 2011, 5:36 am

I downloaded the DDS file but all I managed after trying to "run" was: "Windows cannot access the specified device,path or file. You may not have the appropriate permissions to access the item". After I press OK I come to "The link needs to be opened with an application ... Video Download-Studio.exe." And after that I just go round in circles. My computer seems to have slowed on some files, some by only a few seconds ,others just time expire in some websites. I don't think the expiration time running out is associated with the computer. Also the software "my Freewebsite" on my desktop will not now work on my computer which is 14 months old, while the 3-4 year-old Dell causes no problems whatsoever. I use that software for special "One-Time-Offers sites" as it seems to be compatable with the "Giveaway- Special Offer" systems. It was working perfectly a few weeks back. I am unaware of any other "running" problems on my harddrive.

Active Member
Posts: 6
Joined: March 19th, 2011, 8:53 pm
Register to Remove

Re: I have trouble running DDS file

Unread postby askey127 » March 21st, 2011, 7:11 am

Hi mike632,
Try this one:
Run a Short Scan with OTL
  • Download OTL to your desktop.
  • Double click the OTL icon to run it.
    (For Vista or Win7, Right click the OTL icon and choose "Run as administrator". Allow the UAC if it asks.)
  • In the Modules frame, check None
  • In The Drivers Frame, check None
  • In The Extra Registry Frame, check None
  • In the Frame labeled "Files Created Within", check None
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location
    as OTL (should be on your desktop).
  • Please copy the contents of each of these files, one at a time, and post them in your next reply. Use two replies if you wish.

User avatar
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: I have trouble running DDS file

Unread postby mike632 » March 21st, 2011, 8:21 pm

Here is the created text file/s.
OTL logfile created on: 22/03/2011 10:16:24 AM - Run 2
OTL by OldTimer - Version Folder = C:\Backup\My Documents
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 375.03 Gb Free Space | 80.54% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/22 10:00:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Backup\My Documents\OTL.exe
PRC - [2010/12/16 16:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/11/22 15:21:19 | 000,028,766 | ---- | M] (IObit) -- C:\Program Files\IObitBar\toolbar\1.bin\i0barsvc.exe
PRC - [2010/11/01 23:02:26 | 000,098,304 | ---- | M] () -- C:\Program Files\SysAidServer\Wrapper.exe
PRC - [2010/10/31 12:37:34 | 001,053,184 | ---- | M] (SysAid Ltd) -- C:\Program Files\SysAid\IliAS.exe
PRC - [2010/10/18 14:05:32 | 000,536,576 | ---- | M] (Ascentive) -- C:\Program Files\Ascentive\Performance Center\ApcMain.exe
PRC - [2010/07/12 14:12:12 | 001,052,676 | ---- | M] (NCH Software) -- C:\Program Files\NCH Software\BroadCam\broadcam.exe
PRC - [2010/06/28 17:20:30 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/06/09 01:09:33 | 000,681,312 | ---- | M] (MyNetUniverse Inc.) -- C:\Program Files\MyShoppingGenie\mnumsg.exe
PRC - [2010/03/11 13:56:00 | 000,139,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\SysAidServer\jre\bin\java.exe
PRC - [2009/10/31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 11:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (B-Service)
SRV - [2010/11/22 15:21:19 | 000,028,766 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObitBar\toolbar\1.bin\i0barsvc.exe -- (IObitBarService)
SRV - [2010/11/01 23:02:26 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\SysAidServer\Wrapper.exe -- (SysAidServer)
SRV - [2010/10/31 12:37:34 | 001,053,184 | ---- | M] () [Auto | Running] -- C:\Program Files\SysAid\\IliAS.exe -- (SysAidAgent)
SRV - [2010/07/12 14:12:12 | 001,052,676 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files\NCH Software\BroadCam\broadcam.exe -- (BroadCamService)
SRV - [2010/06/28 17:20:30 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/06/26 03:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/04/02 00:25:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/15 22:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com
IE - HKLM\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {0ed0633c-a54d-47f1-94e7-5bded41ae674} - C:\Program Files\Free_Traffic_Bar\tbFre1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 6C BC 06 1B 35 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {7757CBCC-0975-4b79-A519-90B142CA3A23} - C:\Program Files\IObitBar\toolbar\1.bin\i0SrcAs.dll (IObit)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/03/09 12:31:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\i0ffxtbr@IObitBar.com: C:\Program Files\IObitBar\toolbar\1.bin [2010/11/22 15:21:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\firefox\ [2011/01/02 11:55:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/05 23:11:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 23:11:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.4\extensions\\Components: C:\Program Files\SeaMonkey\components [2010/04/12 15:04:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.4\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2011/02/10 22:50:33 | 000,000,000 | ---D | M]

[2010/04/12 14:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2010/04/12 14:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011/03/21 08:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l8zp0bah.default\extensions
[2011/02/07 12:13:03 | 000,000,000 | ---D | M] (AlphaMarket Community Toolbar) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l8zp0bah.default\extensions\{018da686-db92-473a-bacb-fe006e046644}
[2011/02/16 08:13:37 | 000,000,000 | ---D | M] (4shared.com Community Toolbar) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l8zp0bah.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}
[2010/09/01 07:53:09 | 000,000,000 | ---D | M] (Free Traffic Bar Toolbar) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l8zp0bah.default\extensions\{0ed0633c-a54d-47f1-94e7-5bded41ae674}
[2011/02/16 08:13:44 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l8zp0bah.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/09/08 23:25:59 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l8zp0bah.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/02/16 08:13:38 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l8zp0bah.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011/02/03 20:25:00 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l8zp0bah.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2011/02/16 08:13:42 | 000,000,000 | ---D | M] (SearchStatus) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l8zp0bah.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2011/02/16 08:13:36 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l8zp0bah.default\extensions\engine@conduit.com
[2010/10/28 11:22:23 | 000,000,000 | ---D | M] ("Alexa Toolbar") -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l8zp0bah.default\extensions\toolbar@alexa.com
[2010/11/01 17:02:49 | 000,000,000 | ---D | M] ("Instantbuzz Toolbar") -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l8zp0bah.default\extensions\toolbar@instantbuzz.com
[2010/04/12 14:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\SeaMonkey\Profiles\95s70ney.default\extensions
[2011/03/21 08:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/07 11:42:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/02 15:45:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/21 22:35:53 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/21 22:35:53 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2010/10/21 22:35:53 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/21 22:35:53 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/11 07:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll (Conduit Ltd.)
O2 - BHO: (Free Traffic Bar Toolbar) - {0ed0633c-a54d-47f1-94e7-5bded41ae674} - C:\Program Files\Free_Traffic_Bar\tbFre1.dll (Conduit Ltd.)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA1.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Toolbar BHO) - {EFA17361-CDC0-4927-9AFC-BAAD1F96B2AE} - C:\Program Files\IObitBar\toolbar\1.bin\i0bar.dll (IObit)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Free Traffic Bar Toolbar) - {0ed0633c-a54d-47f1-94e7-5bded41ae674} - C:\Program Files\Free_Traffic_Bar\tbFre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Alexa) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files\Alexa Toolbar\AlxTB2.9.39.dll (Alexa Internet, Inc.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - C:\Program Files\IObitBar\toolbar\1.bin\i0bar.dll (IObit)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (4shared.com Toolbar) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - C:\Program Files\4shared.com\tb4sha.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Free Traffic Bar Toolbar) - {0ED0633C-A54D-47F1-94E7-5BDED41AE674} - C:\Program Files\Free_Traffic_Bar\tbFre1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\tbMyA1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe (Ascentive)
O4 - HKCU..\Run: [mnumsg.exe] C:\Program Files\MyShoppingGenie\mnumsg.exe (MyNetUniverse Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - Reg Error: Key error. File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/07/20 20:50:31 | 010,460,057 | ---- | M] () - C:\autosave interval.swf -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files - Modified Within 30 Days ==========

[2011/03/22 10:14:23 | 000,001,061 | ---- | M] () -- C:\Users\User\Desktop\OTL - Shortcut.lnk
[2011/03/22 09:57:23 | 000,015,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/22 09:57:23 | 000,015,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/22 09:50:45 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
[2011/03/22 09:50:08 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/22 09:50:06 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/03/22 09:50:00 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\hviwyotl.job
[2011/03/22 09:49:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/22 09:49:52 | 2616,893,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/21 23:21:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/21 16:31:34 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2011/03/20 16:44:09 | 000,626,562 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/20 16:44:09 | 000,110,676 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/20 15:51:13 | 000,001,247 | ---- | M] () -- C:\Users\Public\Desktop\Video Download Studio.lnk
[2011/03/18 08:21:56 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/03/17 20:36:09 | 000,020,480 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/17 16:36:27 | 000,002,247 | ---- | M] () -- C:\Users\Public\Desktop\Play Shadow Wolf Mysteries - Curse of the Full Moon.lnk
[2011/03/17 16:36:27 | 000,001,298 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/03/16 15:00:05 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\Web Studio 5.0 Updates.job
[2011/03/13 18:24:14 | 000,000,031 | ---- | M] () -- C:\Windows\bluevoda.ini
[2011/03/10 15:17:12 | 000,001,124 | ---- | M] () -- C:\Users\User\Desktop\AusstralianHorseRacingWelcome - Shortcut (2).lnk
[2011/03/10 15:16:58 | 000,001,296 | ---- | M] () -- C:\Users\User\Desktop\FREQUENTLY_ASKED_QUESTIONS_prospects_home_page[1] - Shortcut.lnk
[2011/03/10 15:15:58 | 000,001,124 | ---- | M] () -- C:\Users\User\Desktop\AusstralianHorseRacingWelcome - Shortcut.lnk
[2011/03/09 08:07:48 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Play Serpent of Isis - Your Journey Continues.lnk
[2011/03/09 08:04:08 | 000,001,670 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2011/03/09 08:04:08 | 000,001,646 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2011/03/07 09:54:26 | 000,480,992 | ---- | M] () -- C:\Users\User\Documents\Document10001.tif
[2011/03/07 09:51:41 | 000,480,992 | ---- | M] () -- C:\Users\User\Documents\Document1.tif
[2011/02/25 15:16:02 | 158,067,944 | ---- | M] () -- C:\Users\User\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
[2011/02/23 18:26:09 | 003,754,581 | ---- | M] () -- C:\Users\User\Documents\gARFIELD.rtf
[2011/02/23 17:56:27 | 000,000,098 | ---- | M] () -- C:\Users\User\Documents\11demo.html
[2011/02/23 16:55:10 | 000,000,119 | ---- | M] () -- C:\Users\User\Documents\11underline2.html
[2011/02/23 16:51:22 | 000,000,100 | ---- | M] () -- C:\Users\User\Documents\11underline.html
[2011/02/23 14:03:29 | 000,513,032 | ---- | M] () -- C:\Users\User\Desktop\sdasetup.exe
[2011/02/21 23:32:36 | 000,305,920 | ---- | M] () -- C:\Users\User\Documents\Wiresharksavedfile.pcap
[2011/02/21 23:27:54 | 000,001,710 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:9720EBEF
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:A88BE334
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0BBF232A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:BE6B5FC3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:59465B40
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B190BE3A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A5241382
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:378824DE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B6E6C4EA
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A6D89509
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:65B8AF94
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8BE7A048

< End of report >
Active Member
Posts: 6
Joined: March 19th, 2011, 8:53 pm

Re: I have trouble running DDS file

Unread postby askey127 » March 22nd, 2011, 8:36 am

We need to have an interactive chat before we begin.

I would recommend either Avira Antivir or Microsoft Security Essentials instead of Advanced System Care as your antivirus.
However, you can only have one AV at a time, so ASC would have to be removed first.
McAfee Security Scan Plus is primarily adware, not a vital security program.

You have a lot of toolbars and settings connected with questionable web sites. (Free giveaways are not always free).
You would need a re-orientation of your habits to keep your machine free of adware/spyware/viruses.
Some of these sites have been identified as purveyors of tracking / adware / spyware or other fraudulent software.
All the Search engines you have in Internet Explorer are from Conduit. Is it OK with you if your browser behavior is tracked ?
IE Search engines are: 4shared.com, Free_Traffic_Bar, DVDVideoSoftTB, MyAshampoo
Sites instantbuzz.com and alexa.com are known disributors of fraudulent software, likely for marketing purposes.
In another case, have you actually read the terms and conditions here? http://www.myshoppinggenie.com/termsgenie.asp
It holds them blameless in case your PC gets infected and says you are not allowed to talk about it.

I am fearful that your primary scope of usage of this PC is to interact with marginal websites because of some benefit to you.
If you want to use this machine primarily for Website marketing purposes, then it is really a business machine from our standpoint, and our policy is not to work on these.
As it stands now, if I were to clean out this PC, you would hardly recognize it.
I have no problem doing my job and helping you, if this is not a business machine, but you need to define "help" for me.
User avatar
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: I have trouble running DDS file

Unread postby mike632 » March 22nd, 2011, 9:15 am

Wow! You wrote an essay there with all my possible problems.
Maybe I'm going to have to K.I.S.S. (Keep it simple stupid) and not have all those extra gizmos.
I don't really need Alexa and I don't use the shopping Genie at all- forgotten it was there actually.
About being a business machine. It does run my online businesses consisting of several websites and 2 website builders
that I constantly use. Basically an unsuccessful run of websites at the moment with the exception of one that has
actually turned a profit and is still producing albeit slowly at the moment. :(
Obviously Advanced System Care is definitely not recommended. I have heard of Essentials.
My main concern is that what is happening is only going to get worse if nothing effectively is being done.
Let me know what to do first of all and let's clean up this machine.

Active Member
Posts: 6
Joined: March 19th, 2011, 8:53 pm

Re: I have trouble running DDS file

Unread postby askey127 » March 22nd, 2011, 2:06 pm

Much as I would like to work on this machine, it is used for business.
Our policy is here: viewtopic.php?p=531109#p531109
The Thread will be closed.
User avatar
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: I have trouble running DDS file

Unread postby mike632 » March 22nd, 2011, 11:56 pm

Thank you for your help. It's a pity we couldn't continue but it's all good news. :)
I don't know what I did except uninstall that shopping Genie but my Google searches are 100% accurate now and no popups.
Also my hotmail is working better, at least when I use the back control in the browser I land on the page before (not the page I came from) when leaving an email. Better than landing on the bing search page as I was 24 hours ago. 8)

All the best
Active Member
Posts: 6
Joined: March 19th, 2011, 8:53 pm

Re: I have trouble running DDS file

Unread postby askey127 » March 23rd, 2011, 8:34 am

Since this is a business machine, the topic here will be closed.
User avatar
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Register to Remove

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 198 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware