PDA

View Full Version : Desktop Keeps Flashing ...


Wana b like Lara
22-05-09, 16:57
Hi :wve:

My friend has a problem, on her computer and she wanted me to ask here ...

The problem is that her desktop icons keep on flashing a couple of times when she starts her computer (she has a desktop)...

Does anyone know why? Also she thinks, the main reason is because, some guy on her MSN, asked if she wanted to go on cam, but she denied and he started to threaten her saying that he will send her a virus and a script (?) to her computer, after she will re-start her computer he will recieve the password by email to her account ... (:confused:)

Can this really happen? She has a good anti-virus (Kaspersky 2009) And Windows Defender ...

Conversation

Christopher says:
i have got access to ur computer and i m now hacking ur msn if u dont listen me just like christy
- ? SiiMONA [.Hmmmm..] *Guud Feelliing's Gone* =D OMDz Briitneyy In a Month ,,!! PANiiCKING says:
yeh yeh
- ? SiiMONA [.Hmmmm..] *Guud Feelliing's Gone* =D OMDz Briitneyy In a Month ,,!! PANiiCKING says:
wahs my password then??
Christopher says:
i have send virsus and script into ur computer now
- ? SiiMONA [.Hmmmm..] *Guud Feelliing's Gone* =D OMDz Briitneyy In a Month ,,!! PANiiCKING says:
aha
- ? SiiMONA [.Hmmmm..] *Guud Feelliing's Gone* =D OMDz Briitneyy In a Month ,,!! PANiiCKING says:
gud 4 u
Christopher says:
once ur computer go restart or u do it shutdown the virsus will activate
- ? SiiMONA [.Hmmmm..] *Guud Feelliing's Gone* =D OMDz Briitneyy In a Month ,,!! PANiiCKING says:
mhmm
Christopher says:
and i will get ur pass by email
Christopher says:
if u dont believe me
Christopher says:
go restart ur computer
- ? SiiMONA [.Hmmmm..] *Guud Feelliing's Gone* =D OMDz Briitneyy In a Month ,,!! PANiiCKING says:
ahaaa
Christopher says:
do it but once u do it u wont be able to use it again
Christopher says:
and also i will get ur pass by email
Christopher says:
so choose u want me delete the files or u want to be hacked
Christopher says:
ok if u dont wana answer its ok
Christopher says:
i will wait for ur computer when it shutdown or restarted

EscondeR
22-05-09, 18:05
1. Desktop icons usually flash at all PCs due to video mode changes and drivers/control panels load on boot.

2. Tell her not to believe what every pretensive moron says.

3. Run ARDiag.exe (http://www.tombraiderhub.com/download/ardiag.exe) on her PC and post the report here (use Flash drive to transfer).
Also perform full system antivirus scan if you're both anxious about :)

Don't worry.

Wana b like Lara
22-05-09, 19:02
Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------



Program:
"AOL Connectivity Service"
Publisher:
"(Verified) America Online Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AOL ACS
Program path & name:
"c:\program files\common files\aol\acs\aolacsd.exe"
Enabled: [V]


Program:
"Provides the interface to Apple mobile devices."
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Apple Mobile Device
Program path & name:
"c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
Enabled: [V]


Program:
"Provides protection against viruses and other malicious software."
Publisher:
"(Verified) Kaspersky Lab"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avp
Program path & name:
"c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
Enabled: [V]


Program:
"Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour
Publisher:
any network service that explicitly depends on it will fail to start."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Bonjour Service
Program path & name:
"(Verified) Apple Inc.""c:\program files\bonjour\mdnsresponder.exe"
Enabled: [V]


Program:
"This service permits the application of unsigned visual styles by applying an in-memory patch."
Publisher:
"(Not verified) The Skins Factory Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
HdThemeEnabler
Program path & name:
"c:\program files\the skins factory\hyperdesk\common\hdthemeenabler.exe"
Enabled: [V]


Program:
"Delivery Manager Service"
Publisher:
"(Verified) Kontiki Inc"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
KService
Program path & name:
"c:\program files\kontiki\kservice.exe"
Enabled: [V]


Program:
"PrismXL Service"
Publisher:
"(Not verified) New Boundary Technologies Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PrismXL
Program path & name:
"c:\program files\common files\new boundary\prismxl\prismxl.sys"
Enabled: [V]


Program:
"This service provides Protexis licensing functionalty."
Publisher:
"(Verified) Protexis Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PSI_SVC_2
Program path & name:
"c:\program files\common files\protexis\license service\psiservice_2.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ASFWHide
Program path & name:
File not found: C:\DOCUME~1\IRINAZ~1\LOCALS~1\Temp\ASFWHide"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
hwdatacard
Program path & name:
File not found: system32\DRIVERS\ewusbmdm.sys"
Enabled: [V]


Program:
"Kl1"
Publisher:
"(Verified) Kaspersky Lab"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
kl1
Program path & name:
"c:\windows\system32\drivers\kl1.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NTProcDrv
Program path & name:
c:\windows\temp\drv1.tmp"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
sptd
Program path & name:
c:\windows\system32\drivers\sptd.sys"
Enabled: [V]


Program:
"SunkFilt"
Publisher:
"(Not verified) Alcor Micro Corp."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SunkFilt
Program path & name:
"c:\windows\system32\drivers\sunkfilt.sys"
Enabled: [V]


Program:
"SunkFilt39"
Publisher:
"(Not verified) Alcor Micro Corp."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SunkFilt39
Program path & name:
"c:\windows\system32\drivers\sunkfilt39.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Sunkfiltp
Program path & name:
File not found: C:\WINDOWS\System32\Drivers\sunkfiltp.sys"
Enabled: [V]


Program:
"Logon Visualizer"
Publisher:
"(Verified) Kaspersky Lab"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
klogon
Program path & name:
"c:\windows\system32\klogon.dll"
Enabled: [V]


Program:
"Mozilla Virtual Keyboard"
Publisher:
"(Verified) Kaspersky Lab"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
Program path & name:
"c:\program files\kaspersky lab\kaspersky anti-virus 2009\mzvkbd.dll"
Enabled: [V]


Program:
"Recguard MFC Application"
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Recguard
Program path & name:
c:\windows\sminst\recguard.exe"
Enabled: [V]


Program:
"NeroCheck"
Publisher:
"(Not verified) Ahead Software Gmbh"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NeroFilterCheck
Program path & name:
"c:\windows\system32\nerocheck.exe"
Enabled: [V]


Program:
N/A
Publisher:
"(Not verified) Alcor Micro Corp."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SunKistEM
Program path & name:
"c:\program files\digital media reader\shwiconem.exe"
Enabled: [V]


Program:
"Delivery Manager"
Publisher:
"(Verified) Kontiki Inc"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
4oD
Program path & name:
"c:\program files\kontiki\khost.exe"
Enabled: [V]


Program:
"Kaspersky Anti-Virus"
Publisher:
"(Verified) Kaspersky Lab"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AVP
Program path & name:
"c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
"iTunesHelper Module"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
iTunesHelper
Program path & name:
"c:\program files\itunes\ituneshelper.exe"
Enabled: [V]


Program:
"Corel File Shell Monitor"
Publisher:
"(Verified) Corel Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Corel File Shell Monitor
Program path & name:
"c:\program files\corel\corel paint shop pro photo x2\coreliomonitor.exe"
Enabled: [V]


Program:
"Corel Photo Downloader"
Publisher:
"(Verified) Corel Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Corel Photo Downloader
Program path & name:
"c:\program files\common files\corel\corel photodownloader\corel photo downloader.exe"
Enabled: [V]


Program:
"Fast Search"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
x-sdch
Program path & name:
"c:\program files\google\google toolbar\component\fastsearch_a8904fb862bd9564.dll"
Enabled: [V]


Program:
"Microsoft® InfoTech Storage System Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
ms-itss
Program path & name:
"c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
Enabled: [V]


Program:
"Skype for COM API"
Publisher:
"(Verified) Skype Technologies SA"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
skype4com
Program path & name:
"c:\program files\common files\skype\skype4com.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
0
Program path & name:
File not found: About:Home"
Enabled: [V]


Program:
"Adobe Gamma Loader"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
Adobe Gamma Loader.lnk
Program path & name:
"c:\program files\common files\adobe\calibration\adobe gamma loader.exe"
Enabled: [V]


Program:
"Delivery Manager"
Publisher:
"(Verified) Kontiki Inc"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
kdx
Program path & name:
"c:\program files\kontiki\khost.exe"
Enabled: [V]


Program:
"IncrediMail Tray Application"
Publisher:
"(Verified) IncrediMail Ltd."
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
IncrediMail
Program path & name:
"c:\program files\incredimail\bin\incmail.exe"
Enabled: [V]


Program:
"Magentic Application"
Publisher:
"(Verified) IncrediMail Ltd."
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Magentic
Program path & name:
"c:\program files\magentic\bin\magentic.exe"
Enabled: [V]


Program:
"GoogleToolbarNotifier"
Publisher:
"(Verified) Google Inc"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
swg
Program path & name:
"c:\program files\google\googletoolbarnotifier\googletoolbarno tifier.exe"
Enabled: [V]


Program:
"Skype "
Publisher:
"(Verified) Skype Technologies SA"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Skype
Program path & name:
"c:\program files\skype\phone\skype.exe"
Enabled: [V]


Program:
"DAEMON Tools Lite"
Publisher:
"(Verified) DAEMON Tools Code Signing Services"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
DAEMON Tools Lite
Program path & name:
"c:\program files\daemon tools lite\daemon.exe"
Enabled: [V]


Program:
"Apple Software Update"
Publisher:
"(Verified) Apple Inc."
Entry path:
Task Scheduler
Entry name:
AppleSoftwareUpdate.job
Program path & name:
"c:\program files\apple software update\softwareupdate.exe"
Enabled: [V]


Program:
"Adobe Acrobat IE Helper Version 6.0 for ActivieX"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
AcroIEHlprObj Class
Program path & name:
"c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll"
Enabled: [V]


Program:
"Skype add-on for IE"
Publisher:
"(Verified) Skype Technologies SA"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Skype add-on (mastermind)
Program path & name:
"c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
Enabled: [V]


Program:
"IE Virtual Keyboard"
Publisher:
"(Verified) Kaspersky Lab"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
IEVkbdBHO Class
Program path & name:
"c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SSVHelper Class
Program path & name:
"c:\program files\java\jre1.6.0_05\bin\ssv.dll"
Enabled: [V]


Program:
"Google Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Helper
Program path & name:
"c:\program files\google\google toolbar\googletoolbar.dll"
Enabled: [V]


Program:
"GoogleToolbarNotifier"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Notifier BHO
Program path & name:
"c:\program files\google\googletoolbarnotifier\5.1.1309.3572\s wg.dll"
Enabled: [V]


Program:
"Fast Search"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Dictionary Compression sdch
Program path & name:
"c:\program files\google\google toolbar\component\fastsearch_a8904fb862bd9564.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Display Panning CPL Extension
Program path & name:
File not found: deskpan.dll"
Enabled: [V]


Program:
"ShellvRTF"
Publisher:
"(Not verified) XSS"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
SampleView
Program path & name:
"c:\windows\system32\shellvrtf.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinRAR shell extension
Program path & name:
c:\program files\winrar\rarext.dll"
Enabled: [V]


Program:
"Script Monitor Internet Explorer plugin"
Publisher:
"(Verified) Kaspersky Lab"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Web traffic protection statistics
Program path & name:
"c:\program files\kaspersky lab\kaspersky anti-virus 2009\scieplgn.dll"
Enabled: [V]


Program:
"Microsoft Web Folders"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Web Folders
Program path & name:
"c:\program files\common files\microsoft shared\web folders\msonsext.dll"
Enabled: [V]


Program:
"iTunes Mini Player DLL"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
iTunes
Program path & name:
"c:\program files\itunes\itunesminiplayer.dll"
Enabled: [V]


Program:
"VDMSound LaunchPad Shell Extension"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
VDMSound LaunchPad
Program path & name:
c:\program files\vdmsound\launchpad.dll"
Enabled: [V]


Program:
"Yahoo! Toolbar"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
yt.dll
Program path & name:
"c:\program files\yahoo!\companion\installs\cpn\yt.dll"
Enabled: [V]


Program:
"Google Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
googletoolbar.dll
Program path & name:
"c:\program files\google\google toolbar\googletoolbar.dll"
Enabled: [V]


Program:
"ToolBand Module"
Publisher:
"(Verified) DAEMON Tools Code Signing Services"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
dttoolbar.dll
Program path & name:
"c:\program files\daemon tools toolbar\dttoolbar.dll"
Enabled: [V]

EscondeR
22-05-09, 19:37
1. Download Autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx).

2. Reboot in Safe Mode (F8 at boot and choose from menu).

3. Run Autoruns, let it finish the scan and kill the following entries (not viruses, just crap slowing her PC down):


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ASFWHide
Program path & name:
File not found: C:\DOCUME~1\IRINAZ~1\LOCALS~1\Temp\ASFWHide"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
hwdatacard
Program path & name:
File not found: system32\DRIVERS\ewusbmdm.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NTProcDrv
Program path & name:
c:\windows\temp\drv1.tmp"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Sunkfiltp
Program path & name:
File not found: C:\WINDOWS\System32\Drivers\sunkfiltp.sys"
Enabled: [V]


Program:
"Recguard MFC Application"
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Recguard
Program path & name:
c:\windows\sminst\recguard.exe"
Enabled: [V]


Program:
"NeroCheck"
Publisher:
"(Not verified) Ahead Software Gmbh"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NeroFilterCheck
Program path & name:
"c:\windows\system32\nerocheck.exe"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
"Fast Search"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
x-sdch
Program path & name:
"c:\program files\google\google toolbar\component\fastsearch_a8904fb862bd9564.dll"
Enabled: [V]


Program:
"GoogleToolbarNotifier"
Publisher:
"(Verified) Google Inc"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
swg
Program path & name:
"c:\program files\google\googletoolbarnotifier\googletoolbarno tifier.exe"
Enabled: [V]


Program:
"Apple Software Update"
Publisher:
"(Verified) Apple Inc."
Entry path:
Task Scheduler
Entry name:
AppleSoftwareUpdate.job
Program path & name:
"c:\program files\apple software update\softwareupdate.exe"
Enabled: [V]


Program:
"Google Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Helper
Program path & name:
"c:\program files\google\google toolbar\googletoolbar.dll"
Enabled: [V]


Program:
"GoogleToolbarNotifier"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Notifier BHO
Program path & name:
"c:\program files\google\googletoolbarnotifier\5.1.1309.3572\s wg.dll"
Enabled: [V]


Program:
"Fast Search"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Dictionary Compression sdch
Program path & name:
"c:\program files\google\google toolbar\component\fastsearch_a8904fb862bd9564.dll"
Enabled: [V]


Program:
"Yahoo! Toolbar"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
yt.dll
Program path & name:
"c:\program files\yahoo!\companion\installs\cpn\yt.dll"
Enabled: [V]


Program:
"Google Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
googletoolbar.dll
Program path & name:
"c:\program files\google\google toolbar\googletoolbar.dll"
Enabled: [V]


Program:
"ToolBand Module"
Publisher:
"(Verified) DAEMON Tools Code Signing Services"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
dttoolbar.dll
Program path & name:
"c:\program files\daemon tools toolbar\dttoolbar.dll"
Enabled: [V]


4. Reboot in Normal mode.

BTW, what does antivirus scan return?