Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help with Internet access problem [RESOLVED]

Started by goldberg96 , Jan 06 2008 11:53 AM

  • This topic is locked This topic is locked

#1
goldberg96
Posted 06 January 2008 - 11:53 AM

goldberg96

    Member

  • Member
  • PipPip
  • 15 posts
Hi all. I have just joined this forum in an effort to get some help with a problem that I have been wrestling with for several months now. I have researched everything I can find on the internet, tried every tool I could find to eliminate the problem with no luck. The problem is intermittent but aren't they all.

The problem is this: I boot up my machine and everything is fine with internet access. I am hard wired to a Linksys router and use Comcast 8mbit cable modem service. I will be just doing normal things on the computer and suddenly I can't access any websites any more. I can pull up a command prompt and successfully ping sites using both IP address and site name, I think indicating that I am not having a DNS issue. But I can't get to any sites. I can check my email using Outlook without problem.

I have Windows Defender as my spyware program and Avast Antivirus as my virus software. I have run full scans of both products without finding anything.

Normally a reboot will fix the problem but occassionally it takes more than one reboot to get it working again.

There are three other computers hardwired to the same router and they never experience the problem, even while my main computer is having the problem.

I have been a computer consultant for many years but mostly with bigger computers. I know my way around my machine very well and can follow even complicated instructions. However, I have not been able to figure out why I keep losing my internet access seemingly randomly, although I know once this is finally solved I will find out that it isn't random at all.

I have attached the HijackThis Log that I generated just after experiencing the problem.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:16 AM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe.sav
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe.sav
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O8 - Extra context menu item: Add to &LinkFox - res://C:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.burj-al-a.../ipix/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09B30117-AB97-4374-AF41-9AF4820C4BB0}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{09B30117-AB97-4374-AF41-9AF4820C4BB0}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{09B30117-AB97-4374-AF41-9AF4820C4BB0}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

--
End of file - 8949 bytes


I would so much appreciate help with figuring out what is going on here. I work from home and this problem, causing an undue amount of required reboots, is driving me nutty.
  • 0

Advertisements

#2
Rorschach112
Posted 06 January 2008 - 12:56 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
This sounds like an interesting problem :)

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Please download F-Secure Blacklight (fsbl.exe) and save to your C:\ drive.
  • Open a command window by going to Start > Run and typing: cmd
  • Copy/paste or type the following in the command window: C:\fsbl.exe /expert
  • Hit "Enter" to start the program and then close the cmd box.
  • Accept the user agreement and click "Next".
  • Click "Scan".
  • After the scan is complete, click "Next", then "Exit".
  • BlackLight will create a log in C:\ drive named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan).
  • The log will have a list of all items found. Do not choose to rename any yet!
    I want to see the log first because legitimate items can also be present...like "wbemtest.exe" and "tcptest.exe.
  • Exit Blacklight and post the contents of the log in your next reply.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#3
goldberg96
Posted 06 January 2008 - 05:07 PM

goldberg96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
MAIN.TXT

Deckard's System Scanner v20071014.68
Run by Rob on 2008-01-06 12:46:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-01-06 20:46:55 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Rob.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:26 PM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Rob\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Rob.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe.sav
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe.sav
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O8 - Extra context menu item: Add to &LinkFox - res://C:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.burj-al-a.../ipix/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 7569 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20080106-100019-113 O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
backup-20080106-100019-717 O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
backup-20080106-100019-927 O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
backup-20080106-100019-938 O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
backup-20080106-100040-494 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
backup-20080106-100108-283 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
backup-20080106-102231-241 O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
backup-20080106-102231-846 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
backup-20080106-102231-878 O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
backup-20080106-102304-796 O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
backup-20080106-102304-995 O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 AACmgt - c:\windows\system32\drivers\aacmgt.sys <Not Verified; Adaptec, Inc.; Adaptec RAID Controller>
R0 IFP800 (iriver Internet Audio Player IFP-800) - c:\windows\system32\drivers\ifp800.sys <Not Verified; iRiver, Inc.; IFP-100>
R0 viasraid - c:\windows\system32\drivers\viasraid.sys <Not Verified; VIA Technologies inc,.ltd; Raid controller 6420 driver>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 NetworkX - c:\windows\system32\ckldrv.sys
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 hdsp (RME Hammerfall Audio Device) - c:\windows\system32\drivers\hdsp.sys <Not Verified; RME; Hammerfall DSP>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S0 ntcdrdrv - c:\windows\system32\drivers\ntcdrdrv.sys (file missing)
S2 P1C1394 (Phase One 1394 Camera Driver) - c:\windows\system32\drivers\p1c1394.sys (file missing)
S3 ATI Remote Wonder II - c:\windows\system32\drivers\atirwvd.sys (file missing)
S3 cvspydr2 (ColorVision Spyder 2) - c:\windows\system32\drivers\cvspydr2.sys <Not Verified; Colorvision Inc; cvspydr2 Driver>
S3 fd_dbus (FutureDial USB Composite Device driver (WDM)) - c:\windows\system32\drivers\fd_dbus.sys <Not Verified; MCCI; FutureDial USB Composite Device>
S3 fd_dmdfl (FutureDial USB Modem Filter) - c:\windows\system32\drivers\fd_dmdfl.sys <Not Verified; MCCI; FutureDial USB Modem Filter Driver>
S3 fd_dmdm (FutureDial USB Modem Drivers) - c:\windows\system32\drivers\fd_dmdm.sys <Not Verified; MCCI; FutureDial USB Modem>
S3 GVCplDrv - c:\windows\system32\drivers\gvcpldrv.sys
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 pgfilter - c:\program files\peerguardian2\pgfilter.sys (file missing)
S3 WmaCDriverV32 - c:\windows\system32\drivers\wmacdriverv32.sys <Not Verified; Windows ® 2000/XP; Windows ® 2000/XP Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Crypkey License - crypserv.exe <Not Verified; CrypKey (Canada) Ltd.; CrypKey Software Licensing System>

S2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" (file missing)
S3 HauppaugeTVServer - c:\progra~1\wintv\hcwtvs~1.exe <Not Verified; Hauppauge Computer Works; Hauppauge TV Server>
S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
S4 ScsiAccess - c:\program files\photodex\proshowproducer\scsiaccess.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\B394FEE01800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\B394FEE01800
Service: NIC1394

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_105A&DEV_3373&SUBSYS_80F51043&REV_02\3&267A616A&0&40
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_105A&DEV_3373&SUBSYS_80F51043&REV_02\3&267A616A&0&40
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-01-06 10:28:34 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-01-06 02:10:30 376 --a------ C:\WINDOWS\Tasks\JkDefrag.job
2008-01-04 23:58:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-06 and 2008-01-06 -----------------------------

2008-01-03 14:54:28 110592 --a------ C:\WINDOWS\system32\JkDefragScreenSaver.scr <Not Verified; J.C. Kessels; JkDefrag>
2008-01-03 14:54:28 237568 --a------ C:\WINDOWS\system32\JkDefragScreenSaver.exe <Not Verified; J.C. Kessels; JkDefrag>
2008-01-03 14:54:28 69632 --a------ C:\WINDOWS\system32\Contig.exe <Not Verified; Sysinternals; Sysinternals Contig>
2008-01-02 15:33:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\Identities
2008-01-02 11:48:45 215144 -ra------ C:\WINDOWS\patchw32.dll
2008-01-02 11:48:03 215144 -ra------ C:\WINDOWS\pw32a.dll
2008-01-02 11:18:07 0 d-------- C:\Program Files\Symantec
2008-01-02 11:18:07 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-02 10:48:58 0 d-------- C:\Program Files\JkDefrag
2007-12-30 13:16:43 0 d--h----- C:\Program Files\Zero G Registry
2007-12-30 13:10:26 0 dr-h----- C:\Documents and Settings\Rob\Recent
2007-12-29 19:21:22 0 d-------- C:\Documents and Settings\LocalService\Application Data\Acronis
2007-12-29 18:56:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Acronis
2007-12-29 18:53:46 0 d-------- C:\Program Files\Acronis
2007-12-24 08:25:46 12 -r-h----- C:\Documents and Settings\All Users\Application Data\DirectoryService
2007-12-24 08:25:46 268 -r-h----- C:\Documents and Settings\All Users\Application Data\Desktop Pictures
2007-12-20 10:52:57 0 d-------- C:\Program Files\Scriptocean
2007-12-19 09:30:01 0 d-------- C:\Program Files\ACW
2007-12-17 16:13:32 59204 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-12-17 15:14:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Ashampoo
2007-12-17 15:14:22 0 d-------- C:\Program Files\Ashampoo
2007-12-17 13:43:42 0 d-------- C:\Documents and Settings\Rob\Application Data\Nero
2007-12-17 13:39:38 0 d-------- C:\Program Files\Common Files\Nero
2007-12-17 13:39:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-12-14 14:43:47 0 d-------- C:\Program Files\AVSMedia
2007-12-13 09:02:25 0 d-------- C:\Documents and Settings\Rob\Application Data\ArcSoft
2007-12-13 09:02:08 0 d-------- C:\Program Files\ArcSoft
2007-12-11 23:11:39 0 d--h----- C:\WINDOWS\$hf_mig$
2007-12-10 15:42:20 286720 --a------ C:\WINDOWS\system32\hcwzblast.dll <Not Verified; Zilog; IRblaster>
2007-12-10 15:42:20 65603 --a------ C:\WINDOWS\system32\hcwIRblast.dll <Not Verified; Hauppauge Computer Works; WinTV>
2007-12-10 15:40:26 28672 --a------ C:\WINDOWS\system32\hcwsched.dll <Not Verified; Hauppauge Computer Works; HCW Scheduler>
2007-12-10 15:39:18 36921 --a------ C:\WINDOWS\system32\hcwutl32.dll <Not Verified; Hauppauge Computer Works; WinTV>
2007-12-10 15:39:18 716873 --a------ C:\WINDOWS\system32\hcwtvwnd.dll <Not Verified; Hauppauge Computer Works; HCWTVWND>
2007-12-10 15:39:18 254008 --a------ C:\WINDOWS\system32\hcwpnp32.dll <Not Verified; Hauppauge Computer Works; WinTV>
2007-12-10 15:39:18 163840 --a------ C:\WINDOWS\system32\hcwChDB.dll <Not Verified; ; HcwChDB Dynamic Link Library>
2007-12-10 15:39:18 90190 --a------ C:\WINDOWS\system32\Bt848WST.DLL <Not Verified; Hauppauge Computer Works; WinTV>
2007-12-10 15:39:06 106559 --a------ C:\WINDOWS\system32\hcwTVDlg.dll <Not Verified; Hauppauge Computer Works; WinTV>
2007-12-10 15:39:06 11264 --a------ C:\WINDOWS\system32\hcwhook.dll <Not Verified; Hauppauge Computer Works; HCW hcwhook>
2007-12-10 15:39:06 213050 --a------ C:\WINDOWS\system32\hcwChan.dll <Not Verified; Hauppauge Computer Works; WinTV>
2007-12-10 15:38:59 393216 --a------ C:\WINDOWS\system32\hcwsnbd9.dll <Not Verified; Snowbound Software Corporation (www.Snowbnd.com); SnowBound RasterMaster for NT/W2000>
2007-12-10 15:38:58 98360 --a------ C:\WINDOWS\system32\hcwi2c32.dll <Not Verified; Hauppauge Computer Works, Inc.; WinTV>


-- Find3M Report ---------------------------------------------------------------

2008-01-05 18:01:09 0 d-------- C:\Program Files\WinTV
2008-01-04 23:31:52 0 d-------- C:\Program Files\Quicken
2008-01-03 14:56:47 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
2008-01-02 13:30:16 0 d-------- C:\Documents and Settings\Rob\Application Data\Symantec
2008-01-02 11:37:49 0 d-------- C:\Program Files\Norton Ghost
2008-01-02 11:18:07 0 d-------- C:\Program Files\Common Files
2008-01-02 11:13:39 0 d-------- C:\Documents and Settings\Rob\Application Data\Azureus
2007-12-29 19:12:23 0 d-------- C:\Program Files\Azureus
2007-12-29 18:59:55 0 d-------- C:\Program Files\DivX
2007-12-24 08:25:46 268 -r-h----- C:\Documents and Settings\Rob\Application Data\Dance
2007-12-19 09:21:09 0 d-------- C:\Program Files\BitPim
2007-12-17 16:12:53 0 d-------- C:\Documents and Settings\Rob\Application Data\Adobe
2007-12-17 13:39:39 0 d-------- C:\Program Files\Nero
2007-12-14 14:47:21 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-12-14 14:41:43 0 d-------- C:\Program Files\Common Files\Download Manager
2007-12-13 09:02:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-11 12:15:50 0 d-------- C:\Documents and Settings\Rob\Application Data\Creative
2007-12-09 21:55:10 0 d-------- C:\Documents and Settings\Rob\Application Data\Canon
2007-12-09 12:24:40 0 d-------- C:\Program Files\DVD Decrypter
2007-12-05 12:09:30 0 d-------- C:\Program Files\Wise Disk Cleaner
2007-12-04 15:28:28 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-02 17:41:15 0 d-------- C:\Documents and Settings\Rob\Application Data\Zeon
2007-12-02 17:04:21 0 d-------- C:\Program Files\LG Drivers
2007-12-02 16:57:15 0 d-------- C:\Program Files\LG Electronics
2007-11-22 22:19:33 0 d-------- C:\Documents and Settings\Rob\Application Data\Google
2007-11-14 12:58:06 0 d-------- C:\Program Files\iTunes
2007-11-14 12:57:41 0 d-------- C:\Program Files\iPod
2007-11-14 12:55:22 0 d-------- C:\Program Files\QuickTime
2007-11-14 11:47:32 0 d-------- C:\Program Files\Amara - Slide Show Builder
2007-11-14 11:46:50 0 d-------- C:\Program Files\Amara - News Ticker
2007-11-14 11:46:30 0 d-------- C:\Program Files\Amara - Menu Builder
2007-11-14 11:46:06 0 d-------- C:\Program Files\Amara - Intro and Banner Builder
2007-11-04 17:14:14 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-11-04 17:14:14 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"HDSPTray2"="hdspmix.exe.sav" []
"HDSPTray1"="hdsp32.exe.sav" []
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [11/27/2006 03:19 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 05:00 AM]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [10/05/2007 12:33 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 08:16 PM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [09/07/2006 09:19 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [10/23/2007 02:18 PM]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [12/21/2007 04:34 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"WIAWizardMenu"=RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ColorVisionStartup.lnk - C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe [1/31/2006 11:23:15 AM]


*Newly Created Service* - VPROEVENTMONITOR

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-01-06 12:48:55 ------------

Edited by goldberg96, 06 January 2008 - 05:12 PM.

  • 0

#4
goldberg96
Posted 06 January 2008 - 05:12 PM

goldberg96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
EXTRA.TXT

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4800+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4800+
Percentage of Memory in Use: 16%
Physical Memory (total/avail): 3071.21 MiB / 2578.02 MiB
Pagefile Memory (total/avail): 8029.95 MiB / 7678.6 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1901.76 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 76.32 GiB total, 52.25 GiB free.
D: is Fixed (NTFS) - 279.27 GiB total, 253.4 GiB free.
E: is Fixed (NTFS) - 279.27 GiB total, 274.5 GiB free.
F: is Fixed (NTFS) - 279.27 GiB total, 263.07 GiB free.
G: is Fixed (NTFS) - 233.76 GiB total, 162.72 GiB free.
H: is Fixed (NTFS) - 279.27 GiB total, 274.17 GiB free.
I: is CDROM (No Media)
J: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 7L300S0 SCSI Disk Device - 279.27 GiB - 1 partition
\PARTITION0 - Installable File System - 279.27 GiB - F:

\\.\PHYSICALDRIVE1 - Maxtor 7L300S0 SCSI Disk Device - 279.27 GiB - 1 partition
\PARTITION0 - Installable File System - 279.27 GiB - E:

\\.\PHYSICALDRIVE2 - Maxtor 7L300S0 SCSI Disk Device - 279.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 279.27 GiB - H:

\\.\PHYSICALDRIVE3 - Maxtor 7L300S0 SCSI Disk Device - 279.27 GiB - 1 partition
\PARTITION0 - Installable File System - 279.27 GiB - D:

\\.\PHYSICALDRIVE4 - Maxtor 6 B080M0 SCSI Disk Device - 76.33 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.32 GiB - C:

\\.\PHYSICALDRIVE5 - Maxtor 6 L250R0 USB Device - 233.76 GiB - 1 partition
\PARTITION0 - Installable File System - 233.76 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
FirewallOverride is set.

AV: avast! antivirus 4.7.1098 [VPS 080106-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iView MediaPro3\\IVIEW_MP.exe"="C:\\Program Files\\iView MediaPro3\\IVIEW_MP.exe:*:Enabled:iView Multimedia"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Rob\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GOLDBERG2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Rob
LOGONSERVER=\\GOLDBERG2
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2302
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Rob\LOCALS~1\Temp
TMP=C:\DOCUME~1\Rob\LOCALS~1\Temp
USERDOMAIN=GOLDBERG2
USERNAME=Rob
USERPROFILE=C:\Documents and Settings\Rob
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Rob (admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D-Album PicturePro Platinum --> C:\Program Files\3D-Album-PicturePlatinum\uninstall.exe
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Premiere Elements 4.0 --> msiexec /I {3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}
Adobe Premiere Elements 4.0 --> MsiExec.exe /I{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}
Adobe Premiere Elements 4.0 Templates --> msiexec /I {F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}
Adobe Premiere Elements 4.0 Templates --> MsiExec.exe /I{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Amara - Intro and Banner Builder --> C:\Program Files\Amara - Intro and Banner Builder\uninstall.exe
Amara - Menu Builder --> C:\Program Files\Amara - Menu Builder\uninstall.exe
Amara - News Ticker --> C:\Program Files\Amara - News Ticker\uninstall.exe
Amara - Slide Show Builder --> C:\Program Files\Amara - Slide Show Builder\uninstall.exe
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Panorama Maker 4 Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06FE635A-BE8C-4208-91A9-FB6E641A4F52}\Setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x5f4c
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Azureus --> C:\Program Files\Azureus\Uninstall.exe
BitPim 1.0.3.20071206 --> "C:\Program Files\BitPim\unins000.exe"
Canon MP Drivers 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FF3DD04-F386-46B0-97FC-B86238B65487}\setup.exe" -l0x9 -Uninstall
Canon MP Navigator 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109AB81D-9732-40B3-9C1F-113A86CE6F93}\setup.exe" /SUUninstall
Canon ScanGearStarter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\setup.exe" -l0x9 anything
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Capture NX --> C:\Program Files\Nikon\Capture NX\uninstall.exe
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
DU Meter --> "C:\Program Files\DU Meter\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Flickr Uploadr 2.5.0.15 --> "C:\Program Files\Flickr Uploadr\uninstall.exe"
Genuine Fractals 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC38B36B-90F8-4C1F-8AC9-236B851B8871}\setup.exe" -l0x9 -uninst -removeonly
Hauppauge English Help Files and Resources --> C:\PROGRA~1\WinTV\UNHLPeng.EXE C:\PROGRA~1\WinTV\WTV2Keng.LOG
Hauppauge WinTV Infrared Remote --> C:\PROGRA~1\WinTV\UNir32.EXE C:\PROGRA~1\WinTV\ir32.LOG
Hauppauge WinTV IR Blaster --> C:\PROGRA~1\WinTV\UNirblst.EXE C:\PROGRA~1\WinTV\IRblast.LOG
Hauppauge WinTV Scheduler --> C:\PROGRA~1\WinTV\SCHEDU~1\uniSCHED.exe C:\PROGRA~1\WinTV\SCHEDU~1\uniSCHED.log
Hauppauge WinTV TV Services --> C:\PROGRA~1\WinTV\uniTvSrv.exe C:\PROGRA~1\WinTV\UniTVSrv.LOG
Hauppauge WinTV2000 --> C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG
HijackThis 2.0.2 --> "C:\Program Files\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HWC Codec Pack --> "C:\WINDOWS\system32\hauppauge\SMD07\Uninstall.exe" "C:\WINDOWS\system32\hauppauge\SMD07\install.log" -u -s
ImageRecall 2 --> C:\PROGRA~1\IMAGER~1\UNWISE.EXE C:\PROGRA~1\IMAGER~1\INSTALL.LOG
Ipswitch WS_FTP Professional 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9 -removeonly
iriver Music Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{072D2077-9E22-4F7F-B817-A92CA6CCC843}\Setup.exe" -l0x9 anything
iRiver Updater --> \uninst.exe
iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
JkDefrag 3.28 --> "C:\Program Files\JkDefrag\unins000.exe"
LG USB Drivers --> C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9
Lightscribe Extended Label Contrast Utility --> MsiExec.exe /X{519FCD20-AB3E-4A4F-AA30-2AAED80513A8}
LightScribe System Software 1.10.16.1 --> MsiExec.exe /X{E6CFBFB5-9232-410C-B353-AF6E614B2681}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
MFC80 --> MsiExec.exe /I{818CBFBE-F23E-45E3-B67B-55FBCF945F37}
Microsoft Color Control Panel Applet for Windows XP --> MsiExec.exe /X{CE378F36-E404-4244-A33F-F50A2A6D31BD}
Microsoft Compression Client Pack 1.0 for Windows XP -->
Microsoft Expression Web --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL
Microsoft Expression Web --> MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}
Microsoft Expression Web MUI (English) --> MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}
Microsoft FrontPage 2002 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0050048383C9}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50) --> MsiExec.exe /X{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 -->
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MPEG Video Wizard DVD 4.03 (10/2007) --> C:\Program Files\Womble Multimedia\MPEG Video Wizard DVD\uninst.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NA Step Working Guides --> C:\WINDOWS\iun6002.exe "C:\Program Files\NA Step Working Guides\irunin.ini"
nanoPEG-Editor 2.3 Hauppauge Edition --> "C:\Program Files\nanocosmos\MPEG-Tools for Hauppauge\Editor2\unins000.exe"
Nero 8 --> MsiExec.exe /X{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
nik Sharpener Pro 2.0 Complete --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\nik Sharpener Pro 2.0 Complete\uninstal.log
Nikon Message Center --> MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer --> MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
Norton Ghost --> MsiExec.exe /I{B0255743-165B-4BD5-8DA8-37DFB9930012}
PartitionMagic -->
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photo Mechanic 4.5 --> C:\WINDOWS\unvise32.exe C:\Program Files\Camera Bits\Photo Mechanic 4.5\uninstal.log
Photodex Presenter --> C:\Program Files\Photodex Presenter\uninst.exe
Picture Control Utility --> MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
Platform -->
PowerDVD --> "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
PQ DVD to iPod Video Suite (remove only) --> "C:\Program Files\PQDVD\PQ DVD to iPod Video Suite\bt-uninst.exe"
ProShow Producer --> C:\Program Files\Photodex\ProShowProducer\proshow.exe . -u
Protected Music Converter 0.99b --> "C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
Quicken 2007 --> MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
RME Hammerfall DSP --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\hdsp32.inf
ScanSoft OmniPage 15.0 --> MsiExec.exe /I{37FAC9D7-D6F9-4A15-8337-311DB7E19444}
ScanSoft PDF Converter 3.0 --> MsiExec.exe /I{F07AAC22-84FB-4D8C-8294-E401B8E442FC}
ScanSoft PDF Create! 3.0 --> MsiExec.exe /I{AD1D8B40-F83C-41CA-BA08-9DB8D1653316}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Sibelius Scorch (ActiveX Only) --> MsiExec.exe /I{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}
Solero Music Viewer --> "C:\Program Files\FreeHand Systems\Solero\unins000.exe"
Sound Blaster X-Fi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x9 /remove
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spyder2 --> C:\WINDOWS\unvise32.exe C:\Program Files\ColorVision\Spyder2\uninstal.log
Stellar Phoenix FAT & NTFS 2.1 --> "C:\Program Files\Stellar Phoenix FAT & NTFS\unins000.exe"
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
TweakMASTER --> "C:\Program Files\TweakMASTER\unins000.exe"
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
ViewNX --> MsiExec.exe /X{F007CBCE-D714-4C0B-8CE9-9B0D78116468}
WebFldrs XP -->
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime -->
Windows Media Format SDK Hotfix - KB891122 -->
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wise Disk Cleaner 2.9.1 --> "C:\Program Files\Wise Disk Cleaner\unins000.exe"
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type4804 / Warning
Event Submitted/Written: 01/06/2008 10:26:03 AM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type4803 / Warning
Event Submitted/Written: 01/06/2008 10:26:03 AM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type4795 / Warning
Event Submitted/Written: 01/06/2008 10:23:17 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4792 / Warning
Event Submitted/Written: 01/06/2008 10:18:49 AM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type4791 / Warning
Event Submitted/Written: 01/06/2008 10:18:49 AM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type39856 / Warning
Event Submitted/Written: 01/06/2008 00:48:45 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%GOLDBERG227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GOLDBERG227 can't undo changes that you allow.

For more information please see the following:
%GOLDBERG2275

Scan ID: {B03B6408-6492-4EBA-890B-F959FD1C7B6F}

User: GOLDBERG2\Rob

Name: %GOLDBERG2271

ID: %GOLDBERG2272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %GOLDBERG2276

Alert Type: %GOLDBERG2278

Detection Type: 1.1.1593.02

Event Record #/Type39855 / Warning
Event Submitted/Written: 01/06/2008 00:48:45 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%GOLDBERG227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GOLDBERG227 can't undo changes that you allow.

For more information please see the following:
%GOLDBERG2275

Scan ID: {B96823A8-BBCA-4EF9-9C88-825F982EA34C}

User: GOLDBERG2\Rob

Name: %GOLDBERG2271

ID: %GOLDBERG2272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %GOLDBERG2276

Alert Type: %GOLDBERG2278

Detection Type: 1.1.1593.02

Event Record #/Type39854 / Warning
Event Submitted/Written: 01/06/2008 00:48:45 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%GOLDBERG227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GOLDBERG227 can't undo changes that you allow.

For more information please see the following:
%GOLDBERG2275

Scan ID: {475CB8DA-5D45-46DA-8975-1BFB585374BB}

User: GOLDBERG2\Rob

Name: %GOLDBERG2271

ID: %GOLDBERG2272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %GOLDBERG2276

Alert Type: %GOLDBERG2278

Detection Type: 1.1.1593.02

Event Record #/Type39853 / Warning
Event Submitted/Written: 01/06/2008 00:48:42 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%GOLDBERG227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GOLDBERG227 can't undo changes that you allow.

For more information please see the following:
%GOLDBERG2275

Scan ID: {543D6B1C-7385-466E-AF66-AFB3FD121866}

User: GOLDBERG2\Rob

Name: %GOLDBERG2271

ID: %GOLDBERG2272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %GOLDBERG2276

Alert Type: %GOLDBERG2278

Detection Type: 1.1.1593.02

Event Record #/Type39852 / Warning
Event Submitted/Written: 01/06/2008 00:48:42 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%GOLDBERG227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GOLDBERG227 can't undo changes that you allow.

For more information please see the following:
%GOLDBERG2275

Scan ID: {8D5F92ED-C47E-47A6-8B81-15569157E14A}

User: GOLDBERG2\Rob

Name: %GOLDBERG2271

ID: %GOLDBERG2272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %GOLDBERG2276

Alert Type: %GOLDBERG2278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-01-06 12:48:55 ------------
  • 0

#5
goldberg96
Posted 06 January 2008 - 05:13 PM

goldberg96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
FSBL-xxxxxxxx FILE

01/06/08 12:51:38 [Info]: BlackLight Engine 1.0.67 initialized
01/06/08 12:51:38 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/06/08 12:51:38 [Note]: 7019 4
01/06/08 12:51:38 [Note]: 7005 0
01/06/08 12:51:50 [Note]: 7006 0
01/06/08 12:51:50 [Note]: 7022 0
01/06/08 12:51:50 [Note]: 7011 1884
01/06/08 12:51:50 [Note]: 7026 0
01/06/08 12:51:50 [Note]: 7026 0
01/06/08 12:51:52 [Note]: FSRAW library version 1.7.1024
01/06/08 12:57:51 [Note]: 7007 0
  • 0

#6
goldberg96
Posted 06 January 2008 - 05:14 PM

goldberg96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
KASPERSKY REPORT

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 06, 2008 3:01:54 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/01/2008
Kaspersky Anti-Virus database records: 503226
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 114781
Number of viruses found: 2
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 00:45:06

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01232007-224010.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-06_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Rob\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{7CF12ABE-3F27-415E-B3D8-99A61B80E1CD} Object is locked skipped
C:\Documents and Settings\Rob\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rob\Local Settings\History\History.IE5\MSHist012008010620080107\index.dat Object is locked skipped
C:\Documents and Settings\Rob\Local Settings\Temp\Perflib_Perfdata_658.dat Object is locked skipped
C:\Documents and Settings\Rob\Local Settings\Temp\Perflib_Perfdata_75c.dat Object is locked skipped
C:\Documents and Settings\Rob\Local Settings\Temp\~DF982E.tmp Object is locked skipped
C:\Documents and Settings\Rob\Local Settings\Temp\~DF983A.tmp Object is locked skipped
C:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rob\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Rob\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{EF311756-DA29-496C-B111-BFCFAE88DA06}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\S0A4895CC.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\setup\hosts\hosts.exe Infected: Backdoor.Win32.Small.oy skipped
C:\WINDOWS\system32\drivers\setup\irc\irc.exe Infected: Backdoor.Win32.Small.oy skipped
C:\WINDOWS\system32\drivers\setup\manager.exe Infected: Backdoor.Win32.Small.oy skipped
C:\WINDOWS\system32\drivers\setup\urlmon\URLMon.exe Infected: Backdoor.Win32.Small.oy skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_2c0.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_548.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_55c.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Product Installation Files\nerophotoshowdeluxe-5-win-en.exe/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Product Installation Files\nerophotoshowdeluxe-5-win-en.exe NSIS: infected - 1 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{EF311756-DA29-496C-B111-BFCFAE88DA06}\RP1\change.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{EF311756-DA29-496C-B111-BFCFAE88DA06}\RP1\change.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{EF311756-DA29-496C-B111-BFCFAE88DA06}\RP1\change.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{EF311756-DA29-496C-B111-BFCFAE88DA06}\RP1\change.log Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\_restore{EF311756-DA29-496C-B111-BFCFAE88DA06}\RP1\change.log Object is locked skipped

Scan process completed.
  • 0

#7
Rorschach112
Posted 07 January 2008 - 11:48 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\drivers\setup\hosts\hosts.exe
    C:\WINDOWS\system32\drivers\setup\irc\irc.exe
    C:\WINDOWS\system32\drivers\setup\manager.exe
    C:\WINDOWS\system32\drivers\setup\urlmon\URLMon.exe
    D:\Product Installation Files\nerophotoshowdeluxe-5-win-en.exe

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.



1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



Reboot and post a new DSS log and tell me how your PC is running
  • 0

#8
goldberg96
Posted 07 January 2008 - 12:27 PM

goldberg96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OTMoveIt Log:

C:\WINDOWS\system32\drivers\setup\hosts\hosts.exe moved successfully.
C:\WINDOWS\system32\drivers\setup\irc\irc.exe moved successfully.
C:\WINDOWS\system32\drivers\setup\manager.exe moved successfully.
C:\WINDOWS\system32\drivers\setup\urlmon\URLMon.exe moved successfully.
D:\Product Installation Files\nerophotoshowdeluxe-5-win-en.exe moved successfully.

Created on 01/07/2008 10:04:04

WHERE DO THE FILES GET MOVED TO?



MAIN.TXT:

Deckard's System Scanner v20071014.68
Run by Rob on 2008-01-07 10:21:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Rob.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:32 AM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Rob\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Rob.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe.sav
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe.sav
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O8 - Extra context menu item: Add to &LinkFox - res://C:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.burj-al-a.../ipix/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09B30117-AB97-4374-AF41-9AF4820C4BB0}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{09B30117-AB97-4374-AF41-9AF4820C4BB0}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{09B30117-AB97-4374-AF41-9AF4820C4BB0}: NameServer = 4.2.2.1,4.2.2.2
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 7774 bytes

-- Files created between 2007-12-07 and 2008-01-07 -----------------------------

2008-01-07 10:01:17 0 d-------- C:\WINDOWS\system32\drivers\setup
2008-01-06 13:01:08 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-06 13:01:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-03 14:54:28 110592 --a------ C:\WINDOWS\system32\JkDefragScreenSaver.scr <Not Verified; J.C. Kessels; JkDefrag>
2008-01-03 14:54:28 237568 --a------ C:\WINDOWS\system32\JkDefragScreenSaver.exe <Not Verified; J.C. Kessels; JkDefrag>
2008-01-03 14:54:28 69632 --a------ C:\WINDOWS\system32\Contig.exe <Not Verified; Sysinternals; Sysinternals Contig>
2008-01-02 15:33:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\Identities
2008-01-02 11:48:45 215144 -ra------ C:\WINDOWS\patchw32.dll
2008-01-02 11:48:03 215144 -ra------ C:\WINDOWS\pw32a.dll
2008-01-02 11:18:07 0 d-------- C:\Program Files\Symantec
2008-01-02 11:18:07 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-02 10:48:58 0 d-------- C:\Program Files\JkDefrag
2007-12-30 13:16:43 0 d--h----- C:\Program Files\Zero G Registry
2007-12-30 13:10:26 0 dr-h----- C:\Documents and Settings\Rob\Recent
2007-12-29 19:21:22 0 d-------- C:\Documents and Settings\LocalService\Application Data\Acronis
2007-12-29 18:56:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Acronis
2007-12-29 18:53:46 0 d-------- C:\Program Files\Acronis
2007-12-24 08:25:46 12 -r-h----- C:\Documents and Settings\All Users\Application Data\DirectoryService
2007-12-24 08:25:46 268 -r-h----- C:\Documents and Settings\All Users\Application Data\Desktop Pictures
2007-12-20 10:52:57 0 d-------- C:\Program Files\Scriptocean
2007-12-19 09:30:01 0 d-------- C:\Program Files\ACW
2007-12-17 16:13:32 59204 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-12-17 15:14:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Ashampoo
2007-12-17 15:14:22 0 d-------- C:\Program Files\Ashampoo
2007-12-17 13:43:42 0 d-------- C:\Documents and Settings\Rob\Application Data\Nero
2007-12-17 13:39:38 0 d-------- C:\Program Files\Common Files\Nero
2007-12-17 13:39:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-12-14 14:43:47 0 d-------- C:\Program Files\AVSMedia
2007-12-13 09:02:25 0 d-------- C:\Documents and Settings\Rob\Application Data\ArcSoft
2007-12-13 09:02:08 0 d-------- C:\Program Files\ArcSoft
2007-12-11 23:11:39 0 d--h----- C:\WINDOWS\$hf_mig$
2007-12-10 15:42:20 286720 --a------ C:\WINDOWS\system32\hcwzblast.dll <Not Verified; Zilog; IRblaster>
2007-12-10 15:42:20 65603 --a------ C:\WINDOWS\system32\hcwIRblast.dll <Not Verified; Hauppauge Computer Works; WinTV>
2007-12-10 15:40:26 28672 --a------ C:\WINDOWS\system32\hcwsched.dll <Not Verified; Hauppauge Computer Works; HCW Scheduler>
2007-12-10 15:39:18 36921 --a------ C:\WINDOWS\system32\hcwutl32.dll <Not Verified; Hauppauge Computer Works; WinTV>
2007-12-10 15:39:18 716873 --a------ C:\WINDOWS\system32\hcwtvwnd.dll <Not Verified; Hauppauge Computer Works; HCWTVWND>
2007-12-10 15:39:18 254008 --a------ C:\WINDOWS\system32\hcwpnp32.dll <Not Verified; Hauppauge Computer Works; WinTV>
2007-12-10 15:39:18 163840 --a------ C:\WINDOWS\system32\hcwChDB.dll <Not Verified; ; HcwChDB Dynamic Link Library>
2007-12-10 15:39:18 90190 --a------ C:\WINDOWS\system32\Bt848WST.DLL <Not Verified; Hauppauge Computer Works; WinTV>
2007-12-10 15:39:06 106559 --a------ C:\WINDOWS\system32\hcwTVDlg.dll <Not Verified; Hauppauge Computer Works; WinTV>
2007-12-10 15:39:06 11264 --a------ C:\WINDOWS\system32\hcwhook.dll <Not Verified; Hauppauge Computer Works; HCW hcwhook>
2007-12-10 15:39:06 213050 --a------ C:\WINDOWS\system32\hcwChan.dll <Not Verified; Hauppauge Computer Works; WinTV>
2007-12-10 15:38:59 393216 --a------ C:\WINDOWS\system32\hcwsnbd9.dll <Not Verified; Snowbound Software Corporation (www.Snowbnd.com); SnowBound RasterMaster for NT/W2000>
2007-12-10 15:38:58 98360 --a------ C:\WINDOWS\system32\hcwi2c32.dll <Not Verified; Hauppauge Computer Works, Inc.; WinTV>


-- Find3M Report ---------------------------------------------------------------

2008-01-07 09:49:29 0 d-------- C:\Documents and Settings\Rob\Application Data\Azureus
2008-01-06 16:35:29 0 d-------- C:\Program Files\WinTV
2008-01-06 16:10:28 0 d-------- C:\Program Files\Quicken
2008-01-03 14:56:47 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
2008-01-02 13:30:16 0 d-------- C:\Documents and Settings\Rob\Application Data\Symantec
2008-01-02 11:37:49 0 d-------- C:\Program Files\Norton Ghost
2008-01-02 11:18:07 0 d-------- C:\Program Files\Common Files
2007-12-29 19:12:23 0 d-------- C:\Program Files\Azureus
2007-12-29 18:59:55 0 d-------- C:\Program Files\DivX
2007-12-24 08:25:46 268 -r-h----- C:\Documents and Settings\Rob\Application Data\Dance
2007-12-19 09:21:09 0 d-------- C:\Program Files\BitPim
2007-12-17 16:12:53 0 d-------- C:\Documents and Settings\Rob\Application Data\Adobe
2007-12-17 13:39:39 0 d-------- C:\Program Files\Nero
2007-12-14 14:47:21 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-12-14 14:41:43 0 d-------- C:\Program Files\Common Files\Download Manager
2007-12-13 09:02:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-11 12:15:50 0 d-------- C:\Documents and Settings\Rob\Application Data\Creative
2007-12-09 21:55:10 0 d-------- C:\Documents and Settings\Rob\Application Data\Canon
2007-12-09 12:24:40 0 d-------- C:\Program Files\DVD Decrypter
2007-12-05 12:09:30 0 d-------- C:\Program Files\Wise Disk Cleaner
2007-12-04 15:28:28 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-02 17:41:15 0 d-------- C:\Documents and Settings\Rob\Application Data\Zeon
2007-12-02 17:04:21 0 d-------- C:\Program Files\LG Drivers
2007-12-02 16:57:15 0 d-------- C:\Program Files\LG Electronics
2007-11-22 22:19:33 0 d-------- C:\Documents and Settings\Rob\Application Data\Google
2007-11-14 12:58:06 0 d-------- C:\Program Files\iTunes
2007-11-14 12:57:41 0 d-------- C:\Program Files\iPod
2007-11-14 12:55:22 0 d-------- C:\Program Files\QuickTime
2007-11-14 11:47:32 0 d-------- C:\Program Files\Amara - Slide Show Builder
2007-11-14 11:46:50 0 d-------- C:\Program Files\Amara - News Ticker
2007-11-14 11:46:30 0 d-------- C:\Program Files\Amara - Menu Builder
2007-11-14 11:46:06 0 d-------- C:\Program Files\Amara - Intro and Banner Builder
2007-11-04 17:14:14 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-11-04 17:14:14 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"HDSPTray2"="hdspmix.exe.sav" []
"HDSPTray1"="hdsp32.exe.sav" []
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [11/27/2006 03:19 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 05:00 AM]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [10/05/2007 12:33 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 08:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [12/21/2007 04:34 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"WIAWizardMenu"=RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ColorVisionStartup.lnk - C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe [1/31/2006 11:23:15 AM]



[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-01-07 10:21:46 ------------



So far everything is fine but it usually is. It may take a while before I will really know if the problem is not going to come back since it doesn't happen with any predictability. I sure do appreciate the help. I am learning about a lot new tools I didn't know about by working with you........... Rob
  • 0

#9
goldberg96
Posted 07 January 2008 - 06:44 PM

goldberg96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Well it just happened again. I had been ok all day but then suddenly I went to access a website and I couldn't access any sites again. I had to reboot right away because I needed to be able to continue my work but apparently the cleanup we did has not corrected the problem. Any more advice?

Rob
  • 0

#10
Rorschach112
Posted 07 January 2008 - 06:48 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Try this

Download the HostsXpert 3.7 - Hosts File Manager.
  • Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.



Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.


Reboot and play around online, see if the problem persists
  • 0

#11
goldberg96
Posted 07 January 2008 - 06:58 PM

goldberg96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Did what you said but not sure it will accomplish anything. I had already checked my HOSTS file and it looked ok. Also, I had the DNS settings already set up to automatically obtain DNS. Funny thing, I had been playing with specifying DNS IP addresses for some generically available DNS hosts and each time this problem happens, when I reboot and look at my settings, those DNS IP addresses are gone. But sometimes I am also running the Winsock fix tool before rebooting just to be sure the winsock stuff is in order. I will reboot and see what happens next.

Thanks ........ Rob
  • 0

#12
Rorschach112
Posted 07 January 2008 - 07:01 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
If that doesn't work, then your best bet is to post in the Windows XP forum with your problem. Tell them that I sent you.

This definitely isn't a malware issue, and those guys know more about this sort of thing. I'm sure they can find a solution.
  • 0

#13
goldberg96
Posted 08 January 2008 - 12:04 AM

goldberg96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OK, thanks for your help ........... Rob
  • 0

#14
Rorschach112
Posted 08 January 2008 - 05:55 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP