Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Horse PSW.OnlineGames.AACY [RESOLVED]

Started by Fnz , Jan 26 2008 12:39 PM

  • This topic is locked This topic is locked

#1
Fnz
Posted 26 January 2008 - 12:39 PM

Fnz

    New Member

  • Member
  • Pip
  • 5 posts
Hello and 'thanks' in advance.

First thing - I read and followed the "You Must Read This Before Posting A Hijackthis Log, Malware Cleaning Guide" instructions.

Trojan Horse PSW.OnlineGames.AACY - was found and deleted by AVG Anti-Virus on 10/01/08 and again the following time I ran a complete scan (12/01/08).

First time it was found in one of my Alcohol 120 sub-folders. The second time it was in C:\System Volume Information\_restore{76FE~.

Computer had been acting a little strangely since. I may just be paranoid but I figured it best to err on the side of caution and post a HJT log before I resume entering sensitive information online again.

I'll post my Hijack This log first, followed by my uninstall list:


Hijack This Log


**************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:59, on 26/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Utilities\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
D:\PROGRA~1\UTILIT~1\GRISOF~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\atwtusb.exe
D:\Program Files\Utilities\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\Dit.exe
D:\Program Files\Utilities\Grisoft - AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Hardware\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
D:\Program Files\Utilities\Grisoft - AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\UTILIT~1\GRISOF~1\avgamsvr.exe
D:\PROGRA~1\UTILIT~1\GRISOF~1\avgupsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Utilities\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
D:\Program Files\Utilities\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
D:\Program Files\Utilities\Personal Firewall 4\kpf4gui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\program files\utilities\Adobe Actobat Reader\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Utilities\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\PROGRA~1\UTILIT~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\UTILIT~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\UTILIT~1\GRISOF~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\media players and codecs\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\Copying Software\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Utilities\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Utilities\Grisoft - AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\UTILIT~1\GRISOF~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\UTILIT~1\GRISOF~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~1\UTILIT~1\GRISOF~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\UTILIT~1\GRISOF~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Hardware\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\Utilities\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\Utilities\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Utilities\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Utilities\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\UTILIT~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\UTILIT~1\FlashGet\flashget.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\Utilities\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Utilities\Grisoft - AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\UTILIT~1\GRISOF~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\UTILIT~1\GRISOF~1\avgupsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Program Files\Utilities\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Program Files\Utilities\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - D:\Program Files\Utilities\Personal Firewall 4\kpf4ss.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\Utilities\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 7184 bytes



******************************

Uninstall List


1200-V2 WIRELESS SCROLL TABLET
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Antares Filter VST DX v1.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG Anti-Spyware 7.5
AVG Free Edition
BSPlayer
City of Heroes/City of Villains (European) (remove only)
CloneCD
Combined Community Codec Pack 2006-07-28 (Remove Only)
Craxtion4
Creative Removable Disk Manager
Creative System Information
Creative ZEN V Series (R2)
Creative ZEN Vision M Series
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DkZ Studio
eMule
FL Studio 6
FlashFXP v3
FlashGet(JetCar)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 3
KhalSetup
Last.fm Player 1.1.4
Linksys Wireless-G USB Network Adapter
Linplug Albino VSTi v2.01
Logitech SetPoint
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
MediaInfo 0.7.3.1
Medion Flash XL
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.11)
Mp3tag v2.39
MSN Messenger 7.5
Native Instruments Absynth v3.0.1
Native Instruments Battery v2.0
Nero Suite
Nomad Factory Rock Amp Legends VST v1.0
OpenOffice.org 2.0
Panda ActiveScan
Paragon Partition Manager 8.0 Professional
QSuite Ver2.1
QuickSFV (Remove only)
QuickTime
Realtek AC'97 Audio
Rhino 2.0
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
SiS 900 PCI Fast Ethernet Adapter Driver
SiSoftware Sandra Lite 2007.SP1 (Win64/32/CE)
Skype™ 3.2
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Sunbelt Personal Firewall
SUPERAntiSpyware Free Edition
Synful Orchestra DXi/VSTi v2.0
TuneUp Utilities 2006
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
VideoLAN VLC media player 0.8.6c
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
  • 0

Advertisements

#2
Essexboy
Posted 29 January 2008 - 02:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay, I would like a fresh look at your system

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
Fnz
Posted 30 January 2008 - 01:20 AM

Fnz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hello,
Thanks for the reply. Here's the results from Deckard's System Scanner:

Main.txt

Deckard's System Scanner v20071014.68
Run by Damien on 2008-01-30 07:10:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-01-30 07:10:17 UTC - RP539 - Deckard's System Scanner Restore Point
4: 2008-01-28 22:46:59 UTC - RP538 - System Checkpoint
3: 2008-01-27 18:16:10 UTC - RP537 - System Checkpoint
2: 2008-01-26 08:05:42 UTC - RP536 - Installed SUPERAntiSpyware Free Edition
1: 2008-01-25 19:51:14 UTC - RP535 - 25-01-08_Pre-G2G_Malware_Removal


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Damien.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:11:03, on 30/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Utilities\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
D:\PROGRA~1\UTILIT~1\GRISOF~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\atwtusb.exe
D:\Program Files\Utilities\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\Dit.exe
D:\Program Files\Utilities\Grisoft - AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Hardware\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
D:\Program Files\Utilities\Grisoft - AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\UTILIT~1\GRISOF~1\avgamsvr.exe
D:\PROGRA~1\UTILIT~1\GRISOF~1\avgupsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Utilities\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
D:\Program Files\Utilities\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\alg.exe
D:\Program Files\Utilities\Personal Firewall 4\kpf4gui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Utilities\FlashGet\flashget.exe
C:\Documents and Settings\Damien\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\HJT\Damien.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\program files\utilities\Adobe Actobat Reader\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Utilities\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\PROGRA~1\UTILIT~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\UTILIT~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\UTILIT~1\GRISOF~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\media players and codecs\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\Copying Software\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Utilities\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Utilities\Grisoft - AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\UTILIT~1\GRISOF~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\UTILIT~1\GRISOF~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~1\UTILIT~1\GRISOF~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\UTILIT~1\GRISOF~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Hardware\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\Utilities\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\Utilities\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Utilities\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Utilities\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\UTILIT~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\UTILIT~1\FlashGet\flashget.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\Utilities\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Utilities\Grisoft - AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\UTILIT~1\GRISOF~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\UTILIT~1\GRISOF~1\avgupsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Program Files\Utilities\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Program Files\Utilities\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - D:\Program Files\Utilities\Personal Firewall 4\kpf4ss.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\Utilities\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 7203 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "D:\Program Files\Adobe & Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 hotcore2 - c:\windows\system32\drivers\hotcore2.sys <Not Verified; Paragon Software Group; HotBackup>
R1 SASDIFSV - d:\program files\utilities\superantispyware\sasdifsv.sys
R1 SASKUTIL - d:\program files\utilities\superantispyware\saskutil.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 Intels51 (Creatix V.9X DSP Data Fax Modem) - c:\windows\system32\drivers\ctxs51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
R3 W8335XP (IEEE 802.11g Wireless Cardbus/PCI Adapter HW51) - c:\windows\system32\drivers\mrv8000c.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11 NIC>

S3 NVNRMUSB (Novation ReMOTE USB MIDI WDM Driver) - c:\windows\system32\drivers\remote.sys <Not Verified; Novation DMS Ltd; Remote Controller>
S3 RT73 (Belkin USB Network Adapter) - c:\windows\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>
S3 SASENUM - d:\program files\utilities\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
S3 SISNICXP (SiS PCI Fast Ethernet Adapter Driver for NDIS51) - c:\windows\system32\drivers\sisnicxp.sys <Not Verified; SiS Corporation; NDIS 5.1 NIC Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "d:\program files\utilities\tuneup utilities 2006\winstylerthemesvc.exe" <Not Verified; TuneUp Software GmbH; TuneUp Utilities>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\253B3510DC
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\253B3510DC
Service: NIC1394

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_1131&DEV_7134&SUBSYS_000316BE&REV_01\3&61AAA01&0&40
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_1131&DEV_7134&SUBSYS_000316BE&REV_01\3&61AAA01&0&40
Service:


-- Files created between 2007-12-30 and 2008-01-30 -----------------------------

2008-01-26 17:56:35 0 d-------- C:\Program Files\HJT
2008-01-26 12:28:24 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-01-26 11:21:28 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-26 10:53:35 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-26 08:05:49 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-26 08:05:43 0 d-------- C:\Documents and Settings\Damien\Application Data\SUPERAntiSpyware.com
2008-01-26 00:58:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-01-25 21:25:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-25 20:15:22 0 d-------- C:\Documents and Settings\Damien\Application Data\Grisoft
2008-01-25 14:09:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-01-11 12:01:41 253440 -ra------ C:\WINDOWS\system32\drivers\Mrv8000c.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11 NIC>
2008-01-07 05:44:45 0 d-------- C:\Documents and Settings\Damien\Application Data\dvdcss


-- Find3M Report ---------------------------------------------------------------

2008-01-30 07:01:15 0 d-------- C:\Documents and Settings\Damien\Application Data\SiteAdvisor
2008-01-30 06:57:35 0 d-------- C:\Documents and Settings\Damien\Application Data\OpenOffice.org2
2008-01-27 09:10:43 0 d-------- C:\Documents and Settings\Damien\Application Data\uTorrent
2008-01-26 12:30:52 0 d-------- C:\Documents and Settings\Damien\Application Data\AVG7
2008-01-26 11:31:07 0 d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-01-26 11:30:30 0 d-------- C:\Program Files\FlashFXP
2008-01-26 11:30:12 0 d-------- C:\Program Files\Common Files\LightScribe
2008-01-26 07:59:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-15 00:49:31 0 d-------- C:\Documents and Settings\Damien\Application Data\Skype
2007-12-14 20:30:22 0 d-------- C:\Documents and Settings\Damien\Application Data\DivX
2007-12-04 18:38:12 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-04 18:36:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-12-04 18:36:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-04 18:36:14 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-04 18:36:14 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-04 18:36:14 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-04 18:36:14 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-04 18:35:32 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-30 22:03:31 0 d-------- C:\Documents and Settings\Damien\Application Data\Mp3tag


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [28/03/2006 17:38 C:\WINDOWS\KHALMNPR.Exe]
"SoundMan"="SOUNDMAN.EXE" [04/10/2005 22:12 C:\WINDOWS\soundman.exe]
"AVG7_CC"="D:\PROGRA~1\UTILIT~1\GRISOF~1\avgcc.exe" [24/12/2007 08:57]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [02/01/2006 16:41]
"@"="" []
"QuickTime Task"="D:\program files\media players and codecs\QuickTime\qttask.exe" [01/09/2006 15:57]
"atwtusb"="atwtusb.exe" [21/09/2005 18:08 C:\WINDOWS\system32\ATWTUSB.EXE]
"CloneCDTray"="D:\Program Files\Copying Software\CloneCD\CloneCDTray.exe" [28/09/2006 19:21]
"SunJavaUpdateSched"="D:\Program Files\Utilities\Java\jre1.5.0_06\bin\jusched.exe" [10/11/2005 12:03]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"Dit"="Dit.exe" [28/08/2002 12:43 C:\WINDOWS\Dit.exe]
"!AVG Anti-Spyware"="D:\Program Files\Utilities\Grisoft - AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 09:25]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"=D:\PROGRA~1\UTILIT~1\GRISOF~1\avgw.exe /RUNONCE

C:\Documents and Settings\Damien\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 19:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - D:\Program Files\Hardware\Logitech\SetPoint\SetPoint.exe [04/03/2006 14:09:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=01000000
"StartMenuLogOff"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\Utilities\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\Utilities\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 D:\Program Files\Utilities\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="D:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"atwtusb"=atwtusb.exe beta


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f569ba51-69ca-11db-ad41-0010dce30d1e}]
AutoRun\command- M:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-01-30 07:12:20 ------------






*********************************************************
*********************************************************

Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.60GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1023.48 MiB / 612.2 MiB
Pagefile Memory (total/avail): 1949.16 MiB / 1549 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.02 MiB

C: is Fixed (NTFS) - 20.02 GiB total, 10.45 GiB free.
D: is Fixed (NTFS) - 50.05 GiB total, 26.7 GiB free.
E: is Fixed (NTFS) - 162.82 GiB total, 18.48 GiB free.
F: is CDROM (UDF)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
K: is CDROM (CDFS)
N: is Removable (No Media)

\\.\PHYSICALDRIVE0 - HDT722525DLAT80 - 232.88 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 20.02 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 212.87 GiB - D: - E:

\\.\PHYSICALDRIVE3 - Medion Flash XL MMC/SD USB Device

\\.\PHYSICALDRIVE1 - Medion Flash XL CF USB Device

\\.\PHYSICALDRIVE2 - Medion Flash XL MS USB Device

\\.\PHYSICALDRIVE4 - Medion Flash XL SM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntivirusOverride is set.

FW: Sunbelt Personal Firewall v4.5.916 T (Sunbelt)
AV: AVG 7.5.516 v7.5.516 (Grisoft) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Utilities\\Personal Firewall 4\\kpf4gui.exe"="D:\\Program Files\\Utilities\\Personal Firewall 4\\kpf4gui.exe:*:Enabled:Sunbelt Kerio Personal Firewall 4 - GUI"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"F:\\Downloads\\software\\utorrent.exe"="F:\\Downloads\\software\\utorrent.exe:*:Enabled:µTorrent"
"D:\\Program Files\\File Sharing\\utorrent.exe"="D:\\Program Files\\File Sharing\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
"C:\\Documents and Settings\\Damien\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Damien\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"D:\\Program Files\\Utilities\\Grisoft - AVG Free\\avginet.exe"="D:\\Program Files\\Utilities\\Grisoft - AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"D:\\Program Files\\Utilities\\Grisoft - AVG Free\\avgamsvr.exe"="D:\\Program Files\\Utilities\\Grisoft - AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"D:\\Program Files\\Utilities\\Grisoft - AVG Free\\avgcc.exe"="D:\\Program Files\\Utilities\\Grisoft - AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"E:\\Installers\\utorrent.exe"="E:\\Installers\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Damien\Application Data
CLASSPATH=.;d:\Program Files\Utilities\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MAGI-01
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Damien
LOGONSERVER=\\MAGI-01
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\ATI Technologies\ATI.ACE\;d:\program files\media players and codecs\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=d:\Program Files\Utilities\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Damien\LOCALS~1\Temp
TMP=C:\DOCUME~1\Damien\LOCALS~1\Temp
USERDOMAIN=MAGI-01
USERNAME=Damien
USERPROFILE=C:\Documents and Settings\Damien
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Damien (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> D:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> D:\Program Files\Media Players and Codecs\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1200-V2 WIRELESS SCROLL TABLET --> Rmtablet KNL
Ad-Aware SE Personal --> D:\PROGRA~1\UTILIT~1\AD-AWA~1\UNWISE.EXE D:\PROGRA~1\UTILIT~1\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Antares Filter VST DX v1.0 --> C:\PROGRA~1\Antares\UNINST~1\UNWISE.EXE C:\PROGRA~1\Antares\UNINST~1\INSTALL.LOG
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{12452C5A-32E2-40C6-808D-DA4FB6DC35A5}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> D:\Program Files\Utilities\Grisoft - AVG Anti-Spyware 7.5\Uninstall.exe
AVG Free Edition --> D:\Program Files\Utilities\Grisoft - AVG Free\setup.exe /UNINSTALL
BSPlayer --> "D:\Program Files\Media Players and Codecs\BSplayer\uninstall.exe"
City of Heroes/City of Villains (European) (remove only) --> "D:\Program Files\Games\City of Heroes\uninstall.exe"
CloneCD --> "D:\Program Files\Copying Software\CloneCD\ccd-uninst.exe" /D="D:\Program Files\Copying Software\CloneCD"
Combined Community Codec Pack 2006-07-28 (Remove Only) --> D:\Program Files\Media Players and Codecs\Combined Community Codec Pack\Uninstall.exe
Craxtion4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B16ACC3B-A84E-46B2-B6B4-0E088A94A944}\setup.exe" -l0x9 -removeonly
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN V Series (R2) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove
Creative ZEN Vision M Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C44235-A613-4E95-B297-207BF6C6A8C1}\SETUP.EXE" -l0x9 /remove
DivX Codec --> D:\Program Files\Media Players and Codecs\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> D:\Program Files\Media Players and Codecs\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> D:\Program Files\Media Players and Codecs\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> D:\Program Files\Media Players and Codecs\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> D:\Program Files\Media Players and Codecs\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DkZ Studio --> C:\WINDOWS\iun6002.exe "C:\Program Files\DkZ Studio\irunin.ini"
eMule --> "D:\Program Files\File Sharing\eMule\Uninstall.exe"
FL Studio 6 --> D:\Program Files\Music Creation\Image-Line\FL Studio 6\uninstall.exe
FlashFXP v3 --> "C:\Program Files\FlashFXP\unins000.exe"
FlashGet(JetCar) --> D:\PROGRA~1\UTILIT~1\FlashGet\UNWISE.EXE D:\PROGRA~1\UTILIT~1\FlashGet\INSTALL.LOG
foobar2000 v0.9.4.3 --> "D:\Program Files\Media Players and Codecs\foobar2000\uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\HJT\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IrfanView (remove only) --> D:\Program Files\Utilities\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
KhalSetup --> MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
Last.fm Player 1.1.4 --> "D:\Program Files\Media Players and Codecs\Last.fm Player\unins000.exe"
Linksys Wireless-G USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
Linplug Albino VSTi v2.01 --> D:\PROGRA~1\MUSICC~1\IMAGE-~1\FLSTUD~1\Plugins\VST\VSTPLU~1\Albino2\Albino\UNINST~1\UNWISE.EXE D:\PROGRA~1\MUSICC~1\IMAGE-~1\FLSTUD~1\Plugins\VST\VSTPLU~1\Albino2\Albino\UNINST~1\INSTALL.LOG
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
MediaInfo 0.7.3.1 --> D:\Program Files\Utilities\MediaInfo\uninst.exe
Medion Flash XL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.11) --> D:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.39 --> D:\Program Files\Utilities\Mp3tag\Mp3tagUninstall.EXE
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Native Instruments Absynth v3.0.1 --> D:\PROGRA~1\MUSICC~1\IMAGE-~1\FLSTUD~1\Plugins\VST\NATIVE~1\ABSYNT~1\ABSYNT~1\UNWISE.EXE D:\PROGRA~1\MUSICC~1\IMAGE-~1\FLSTUD~1\Plugins\VST\NATIVE~1\ABSYNT~1\ABSYNT~1\INSTALL.LOG
Native Instruments Battery v2.0 --> D:\PROGRA~1\MUSICC~1\IMAGE-~1\FLSTUD~1\Plugins\VST\NATIVE~1\BATTER~1\UNWISE.EXE D:\PROGRA~1\MUSICC~1\IMAGE-~1\FLSTUD~1\Plugins\VST\NATIVE~1\BATTER~1\INSTALL.LOG
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Nomad Factory Rock Amp Legends VST v1.0 --> D:\PROGRA~1\MUSICC~1\IMAGE-~1\FLSTUD~1\Plugins\VST\VSTPLU~1\VSTPLU~1\NOMADF~1\UNWISE.EXE D:\PROGRA~1\MUSICC~1\IMAGE-~1\FLSTUD~1\Plugins\VST\VSTPLU~1\VSTPLU~1\NOMADF~1\INSTALL.LOG
OpenOffice.org 2.0 --> MsiExec.exe /I{69579772-D2F7-4018-9882-B5ECA01CB6B4}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Paragon Partition Manager 8.0 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}\Setup.exe" -l0x9
QSuite Ver2.1 --> "D:\Program Files\QSuite\unins000.exe"
QuickSFV (Remove only) --> D:\Program Files\Utililities\QuickSFV\QSFVUNST.EXE D:\Program Files\Utililities\QuickSFV\
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Rhino 2.0 --> "D:\Program Files\Music Creation\Image-Line\FL Studio 6\Plugins\VST\Rhino2\unins000.exe"
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\WINDOWS\SiS\900\Uninst.exe
SiSoftware Sandra Lite 2007.SP1 (Win64/32/CE) --> "D:\Program Files\Utilities\SiSoftware Sandra Lite 2007.SP1\unins000.exe"
Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy 1.4 --> "D:\Program Files\Utilities\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "D:\Program Files\Utilities\SpywareBlaster\unins000.exe"
Sunbelt Personal Firewall --> MsiExec.exe /X{BFD080F6-3BF0-40E1-9507-9CA969C35870}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synful Orchestra DXi/VSTi v2.0 --> D:\PROGRA~1\MUSICC~1\IMAGE-~1\FLSTUD~1\Plugins\VST\VSTPLU~1\SYNFUL~1\SYNFUL~1\UNWISE.EXE D:\PROGRA~1\MUSICC~1\IMAGE-~1\FLSTUD~1\Plugins\VST\VSTPLU~1\SYNFUL~1\SYNFUL~1\INSTALL.LOG
TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
VideoLAN VLC media player 0.8.6c --> D:\Program Files\Media Players and Codecs\VLC Player 0.8.6c\uninstall.exe
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
WinRAR archiver --> D:\Program Files\Utilities\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type8074 / Error
Event Submitted/Written: 01/30/2008 07:11:11 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type8073 / Error
Event Submitted/Written: 01/30/2008 07:11:11 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type8068 / Error
Event Submitted/Written: 01/30/2008 06:56:25 AM
Event ID/Source: 2004 / PerfNet
Event Description:
Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Event Record #/Type8062 / Error
Event Submitted/Written: 01/29/2008 01:23:31 PM
Event ID/Source: 2004 / PerfNet
Event Description:
Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Event Record #/Type8056 / Error
Event Submitted/Written: 01/29/2008 05:46:27 AM
Event ID/Source: 2004 / PerfNet
Event Description:
Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type53093 / Error
Event Submitted/Written: 01/29/2008 06:20:52 PM
Event ID/Source: 32003 / ipnathlp
Event Description:
The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.

Event Record #/Type53090 / Warning
Event Submitted/Written: 01/29/2008 06:20:49 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0040F4A0BE93. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type53086 / Error
Event Submitted/Written: 01/29/2008 04:48:00 PM
Event ID/Source: 32003 / ipnathlp
Event Description:
The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.

Event Record #/Type53083 / Warning
Event Submitted/Written: 01/29/2008 04:47:53 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0040F4A0BE93. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type53080 / Error
Event Submitted/Written: 01/29/2008 01:55:38 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.



-- End of Deckard's System Scanner: finished at 2008-01-30 07:12:20 ------------
  • 0

#4
Essexboy
Posted 30 January 2008 - 02:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there firstly I noticed this AV: AVG 7.5.516 v7.5.516 (Grisoft) Disabled did you turn it off ?

Again nothing apparent in that log so I would like to do an online AV scan to be sure

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#5
Fnz
Posted 31 January 2008 - 07:37 AM

Fnz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hello again,
AVG Resident Shield is the only component disabled/not installed as far as I'm aware. I presume that is why it's coming up as "disabled"?

I choose to scan new items manually instead of having an always-on background scanner that might be constantly slowing down my PC. I scan new files religiously before opening. Is this sort of 'always-on anti-virus monitoring software' essential?

Below is the requested F-Secure Online Scanner results.

Regards,
Fnz.


************************************
Scanning Report
Thursday, January 31, 2008 11:44:08 - 13:12:15

Computer name: MAGI-01
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\
Result: 1 malware found
Tracking Cookie (spyware)

* System (Disinfected)

Statistics
Scanned:

* Files: 40353
* System: 3828
* Not scanned: 9

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 0
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2008-01-30
* F-Secure AVP: 7.0.171, 2008-01-30
* F-Secure Orion: 1.2.37, 2008-01-31
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0614-150-72
* F-Secure Pegasus: 1.19.0, 2008-00-28

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQXJPG SWF
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
  • 0

#6
Essexboy
Posted 31 January 2008 - 02:21 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

I choose to scan new items manually instead of having an always-on background scanner that might be constantly slowing down my PC. I scan new files religiously before opening. Is this sort of 'always-on anti-virus monitoring software' essential?

If you are comfortable with that it should be OK as long as they are all scanned

Looking at F-Secure I can surmise that unless you have any other problems you are clean

Now the best part of the day ----- Your log now appears clean :)

You may now delete the programmes I had you download

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
  • SpywareBlaster to help prevent spyware from installing in the first place.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0

#7
Fnz
Posted 31 January 2008 - 05:42 PM

Fnz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks for taking the time to put my mind at ease Essexboy.

May you sleep soundly and dream of rainbows. :)

Regards,
Fnz.
  • 0

#8
Essexboy
Posted 01 February 2008 - 10:07 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP