Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help. very slow start up. [RESOLVED]

Started by elusivemind , Feb 27 2008 08:24 PM

  • This topic is locked This topic is locked

#1
elusivemind
Posted 27 February 2008 - 08:24 PM

elusivemind

    Member

  • Member
  • PipPip
  • 22 posts
my laptop has 120 gb with 3 partitions. The C drive has 38gb with 23.3gb space left. the D also has 38gb with 18.6gb space left. and the last, the E, has 35.6gb with a free space of 28.5gb. usually the start up of my laptop only takes 40-50seconds. now it takes me 4-5minutes before reaching the desktop. once the desktop starts, everything seems ok. AVG scan found nothing. here's my log. thanks for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:53 AM, on 2/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{37267926-2069-42AA-A8C2-2063B7085C43}: NameServer = 202.78.97.41 210.4.2.61
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 8839 bytes
  • 0

Advertisements

#2
kahdah
Posted 28 February 2008 - 09:42 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello elusivemind

Welcome to G2Go. :)
=================
Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

  • 0

#3
elusivemind
Posted 28 February 2008 - 08:25 PM

elusivemind

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
hello kahdah. thanks for helping me..^^


SDFix: Version 1.149

Run by Acer on Fri 02/29/2008 at 10:04 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Acer\Desktop\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 10:11:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"E:\\cs\\cstrike.exe"="E:\\cs\\cstrike.exe:*:Disabled:CounterStrike Launcher"
"C:\\Program Files\\GameHouse\\TextTwist\\TextTwist.exe"="C:\\Program Files\\GameHouse\\TextTwist\\TextTwist.exe:*:Disabled:Super TextTwist"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"MSUpdateSvc"="C:\\WINDOWS\\system32\\MSServx.exe"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Free Download Manager\\fdm.exe"="C:\\Program Files\\Free Download Manager\\fdm.exe:*:Enabled:Free Download Manager"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :



Files with Hidden Attributes :

Sat 6 Jul 2002 4,637,144 ...H. --- "C:\Program Files\Critical Mass Deluxe\Critical Mass Deluxe.exe"
Thu 14 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Tue 17 Apr 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Tue 17 Apr 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Tue 17 Apr 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Tue 17 Apr 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Wed 25 Jul 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 15 Jul 2007 8,563,096 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\92c280890bb98aeba47dad1979c6c14a\BITB.tmp"
Mon 2 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d3226ed0a8904ae940c1794b1cd8b325\BIT6.tmp"
Fri 1 Feb 2008 438,784 ...H. --- "C:\Documents and Settings\Acer\Application Data\Microsoft\Word\~WRL0723.tmp"

Finished!




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:59 AM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{37267926-2069-42AA-A8C2-2063B7085C43}: NameServer = 202.78.97.41 210.4.2.61
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 8315 bytes
  • 0

#4
kahdah
Posted 28 February 2008 - 09:15 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#5
elusivemind
Posted 28 February 2008 - 10:04 PM

elusivemind

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
main.txt:

Deckard's System Scanner v20071014.68
Run by Acer on 2008-02-29 11:56:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2008-02-29 03:57:00 UTC - RP128 - Deckard's System Scanner Restore Point
15: 2008-02-27 07:42:42 UTC - RP127 - System Checkpoint
14: 2008-02-21 04:17:51 UTC - RP126 - System Checkpoint
13: 2008-02-16 04:20:23 UTC - RP125 - System Checkpoint
12: 2008-02-12 04:21:36 UTC - RP124 - unmountable boot volume


-- First Restore Point --
1: 2008-01-30 01:21:28 UTC - RP113 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Acer.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:24 AM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Acer\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Acer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 8088 bytes

-- File Associations -----------------------------------------------------------

.txt - unable to read key
.txt - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Vax347b - c:\windows\system32\drivers\vax347b.sys
R0 Vax347s - c:\windows\system32\drivers\vax347s.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2304>
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2304>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 catchme - c:\docume~1\acer\locals~1\temp\catchme.sys (file missing)
R3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys

S0 Daemon - c:\windows\system32\drivers\daemon.sys (file missing)
S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
S3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2304>
S3 usbsermptxp (Motorola USB Modem Driver for MPT XP) - c:\windows\system32\drivers\usbsermptxp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: SCSI/RAID Host Controller
Device ID: ROOT\SCSIADAPTER\0000
Manufacturer: Unknown Manufacturer
Name: SCSI/RAID Host Controller
PNP Device ID: ROOT\SCSIADAPTER\0000
Service: Daemon


-- Scheduled Tasks -------------------------------------------------------------

2008-02-26 10:32:00 268 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-02-06 22:54:00 390 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2007-12-22 21:08:45 104 --a------ C:\WINDOWS\Tasks\Low Battery Alarm Program.job


-- Files created between 2008-01-29 and 2008-02-29 -----------------------------

2008-02-29 10:01:26 0 d-------- C:\WINDOWS\ERUNT
2008-02-23 17:46:07 0 d-------- C:\Program Files\TGTSoft
2008-02-21 16:27:36 0 d-------- C:\Program Files\Common Files\xing shared
2008-02-14 13:09:05 0 d-------- C:\Program Files\Stardock
2008-02-13 10:26:14 0 d-------- C:\Downloads
2008-02-09 16:49:30 0 d-------- C:\Program Files\FlashGet
2008-02-06 22:56:49 0 d-------- C:\WINDOWS\system32\NtmsData
2008-02-06 09:32:19 0 d-------- C:\Program Files\RegCleaner
2008-02-06 08:58:17 0 dr-h----- C:\Documents and Settings\Acer\Recent
2008-02-05 21:06:44 0 d-------- C:\Documents and Settings\Acer\Application Data\Media Player Classic
2008-02-05 14:01:22 0 d-------- C:\Documents and Settings\Acer\Application Data\Uniblue
2008-02-05 14:01:11 0 d-------- C:\Program Files\Uniblue
2008-02-05 13:59:39 0 d-------- C:\Program Files\XP Codec Pack
2008-01-30 09:01:31 0 d-------- C:\Program Files\directx


-- Find3M Report ---------------------------------------------------------------

2008-02-29 09:58:09 0 d-------- C:\Documents and Settings\Acer\Application Data\Free Download Manager
2008-02-28 23:07:18 0 d-------- C:\Program Files\Critical Mass Deluxe
2008-02-27 22:28:33 0 d-------- C:\Documents and Settings\Acer\Application Data\AVG7
2008-02-21 16:30:03 0 d-------- C:\Documents and Settings\Acer\Application Data\Real
2008-02-21 16:27:36 0 d-------- C:\Program Files\Common Files
2008-02-21 16:27:32 0 d-------- C:\Program Files\Common Files\Real
2008-02-21 16:27:09 0 d-------- C:\Program Files\Real
2008-02-05 15:16:37 0 dr------- C:\Program Files\MSN Messenger
2008-02-05 15:16:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-05 14:51:25 0 dr------- C:\Program Files\PopCap Games
2008-02-01 09:42:46 0 d-------- C:\Documents and Settings\Acer\Application Data\Adobe
2008-01-24 12:11:57 44 --a------ C:\WINDOWS\popcinfo.dat
2008-01-24 12:09:44 0 d-------- C:\Program Files\DivX
2008-01-24 12:07:15 0 dr------- C:\Program Files\Paltalk Messenger
2008-01-24 12:02:56 0 d-------- C:\Program Files\Total Video Converter
2008-01-23 16:55:52 0 d-------- C:\Documents and Settings\Acer\Application Data\GetRight
2008-01-05 15:47:42 0 d-------- C:\Program Files\Free Download Manager
2007-12-23 18:04:09 1408 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/21/2008 04:27 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:56 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe,C:\WINDOWS\system\svchost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firefox Installer]
"C:\Program Files\DivX\Google\Firefox\ffinstaller.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bee8028-d3af-11dc-aee4-0018dec657b0}]
Auto\command- RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
Browser\command- RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73f9085e-3226-11dc-ad56-0018dec657b0}]
AutoRun\command- G:\
explore\Command- G:\RECYCLER\INFO.exe
open\Command- G:\RECYCLER\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8000bff4-f903-11db-acac-0016cfe96f7a}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8450c954-10e2-11dc-acf0-0018dec657b0}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8784d6cc-65e9-11dc-adcb-0018dec657b0}]
Auto\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
Browser\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91367997-76d5-11dc-ae05-0018dec657b0}]
AutoRun\command- scvhosts.exe
Open\command- scvhosts.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96905fae-3904-11dc-ad6c-0018dec657b0}]
AutoRun\command- G:\
explore\Command- G:\RECYCLER\INFO.exe
open\Command- G:\RECYCLER\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9d767aa-5426-11dc-ad94-0018dec657b0}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe VBRuntime32.dll.vbs




-- End of Deckard's System Scanner: finished at 2008-02-29 11:59:07 ------------



extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T1400 @ 1.83GHz
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 502.11 MiB / 206.5 MiB
Pagefile Memory (total/avail): 1226.96 MiB / 985.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1944.33 MiB

C: is Fixed (NTFS) - 38.09 GiB total, 25.32 GiB free.
D: is Fixed (NTFS) - 38.09 GiB total, 21.87 GiB free.
E: is Fixed (NTFS) - 35.61 GiB total, 29.33 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK1234GSX - 111.79 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 38.09 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 73.7 GiB - D: - E:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"E:\\cs\\cstrike.exe"="E:\\cs\\cstrike.exe:*:Disabled:CounterStrike Launcher"
"C:\\Program Files\\GameHouse\\TextTwist\\TextTwist.exe"="C:\\Program Files\\GameHouse\\TextTwist\\TextTwist.exe:*:Disabled:Super TextTwist"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"MSUpdateSvc"="C:\\WINDOWS\\system32\\MSServx.exe"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Free Download Manager\\fdm.exe"="C:\\Program Files\\Free Download Manager\\fdm.exe:*:Enabled:Free Download Manager"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Acer\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ACER-D4E055F95E
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Acer
LOGONSERVER=\\ACER-D4E055F95E
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Acer\LOCALS~1\Temp
TMP=C:\DOCUME~1\Acer\LOCALS~1\Temp
USERDOMAIN=ACER-D4E055F95E
USERNAME=Acer
USERPROFILE=C:\Documents and Settings\Acer
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Acer (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer GridVista --> C:\WINDOWS\UnInst32.exe GridV.UNI
Acer OrbiCam Driver --> "C:\Program Files\Common Files\Acer\OrbiCam\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT -l0409
Acer OrbiCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}\setup.exe" -l0x9
Adobe Bridge 1.0 --> MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Agere Systems HDA Modem --> agrsmdel
Apple Mobile Device Support --> MsiExec.exe /I{763E8D6C-0098-4FF4-801A-3F311D2D9D80}
Apple Software Update --> MsiExec.exe /I{492724FC-3B26-46B4-824F-3CE2722D9AA0}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Bejeweled 1.23 --> C:\WINDOWS\UnGins.exe "C:\Program Files\PopCap Games\Bejeweled\install.log"
Critical Mass Deluxe --> C:\WINDOWS\iun6002.exe "C:\Program Files\Critical Mass Deluxe\irunin.ini"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
FHM 100 Sexiest Women In The World 2006 --> "C:\Program Files\screensavers\FHM 100 Sexiest Women In The World 2006\unins000.exe"
Free Download Manager 2.5 --> "C:\Program Files\Free Download Manager\unins000.exe"
HangARoo v2.05 --> "C:\Program Files\NCBuy\HangARoo\unins000.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
iTunes --> MsiExec.exe /I{974C05A0-C76C-4724-A9A2-11D5D1355729}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Launch Manager --> C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
LimeWire PRO 4.9.23 --> "C:\Program Files\LimeWire\uninstall.exe"
ManagerX 2.1.3 --> C:\Program Files\ManagerX 2.1.3\uninstall.exe
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU --> MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348) --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
WIDCOMM Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Yahoo! Widget Engine --> C:\Program Files\Yahoo!\Yahoo! Widget Engine\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type22083 / Error
Event Submitted/Written: 02/27/2008 09:59:23 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application realplay.exe, version 6.0.12.1663, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type22029 / Error
Event Submitted/Written: 02/23/2008 11:29:31 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application realplay.exe, version 6.0.12.1663, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type22028 / Error
Event Submitted/Written: 02/23/2008 11:29:31 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application realplay.exe, version 6.0.12.1663, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type22027 / Error
Event Submitted/Written: 02/23/2008 11:29:31 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application realplay.exe, version 6.0.12.1663, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type22026 / Error
Event Submitted/Written: 02/23/2008 11:29:31 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application realplay.exe, version 6.0.12.1663, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type18761 / Error
Event Submitted/Written: 02/29/2008 11:58:40 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type18760 / Error
Event Submitted/Written: 02/29/2008 11:57:03 AM
Event ID/Source: 32003 / ipnathlp
Event Description:
The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.

Event Record #/Type18754 / Warning
Event Submitted/Written: 02/29/2008 10:19:50 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 001636B4BF29. The IP address being used is 169.254.190.142.

Event Record #/Type18729 / Error
Event Submitted/Written: 02/29/2008 10:10:23 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Daemon

Event Record #/Type18725 / Error
Event Submitted/Written: 02/29/2008 10:01:00 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Avg7Core
Avg7RsW
Avg7RsXP
Daemon
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip



-- End of Deckard's System Scanner: finished at 2008-02-29 11:59:07 ------------
  • 0

#6
kahdah
Posted 29 February 2008 - 02:55 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
==================================================
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Post that log in your next reply.

(Note if you cannot open the log it produces then right click on it and choose rename.
Rename it to .txt and you will be able to open it)
  • 0

#7
elusivemind
Posted 29 February 2008 - 09:29 PM

elusivemind

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
uhm, sorry for the delay. ^:)^
here it is.

folder.htt\vbscript.1;D:\folder.htt;Trojan.AppActXComp;;
folder.htt;D:\;Archive contains infected objects;Moved.;
02510656.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02510921.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02511000.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02511453.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02511531.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02511671.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02511750.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02511843.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02512062.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02512203.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02512546.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02512609.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02512671.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02512828.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02512890.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02512968.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02513062.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02513171.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02513234.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02513390.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02513453.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02513734.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02513796.FIL;D:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
folder.htt\vbscript.1;D:\Camera Logitech Orbicam Ver.9.4.4.1084a(whql)\folder.htt;Trojan.AppActXComp;;
folder.htt;D:\Camera Logitech Orbicam Ver.9.4.4.1084a(whql);Archive contains infected objects;Moved.;
folder.htt\vbscript.1;D:\Documents and Settings\folder.htt;Trojan.AppActXComp;;
folder.htt;D:\Documents and Settings;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;D:\VGA Driver Intel 6.14.10.4543\folder.htt;Trojan.AppActXComp;;
folder.htt;D:\VGA Driver Intel 6.14.10.4543;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;D:\Wireless Lan Driver 80211abg Intel Ver.10.1.1.3\folder.htt;Trojan.AppActXComp;;
folder.htt;D:\Wireless Lan Driver 80211abg Intel Ver.10.1.1.3;Archive contains infected objects;Moved.;
00101328.FIL;C:\$VAULT$.AVG;Win32.HLLW.Cent;Deleted.;
00158875.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00162968.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00163125.FIL;C:\$VAULT$.AVG;Win32.HLLW.Ghost.9732;Deleted.;
00182875.FIL;C:\$VAULT$.AVG;Worm.Peerav;Incurable.Moved.;
00269015.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00272156.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00289500.FIL;C:\$VAULT$.AVG;Trojan.Inject.209;Deleted.;
00360156.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00377640.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00480937.FIL;C:\$VAULT$.AVG;Win32.HLLW.Ghost.9732;Deleted.;
00529046.FIL;C:\$VAULT$.AVG;Win32.HLLW.Ghost.9732;Deleted.;
00541421.FIL;C:\$VAULT$.AVG;Win32.HLLW.Ghost.9732;Deleted.;
00552390.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00561406.FIL;C:\$VAULT$.AVG;Win32.HLLW.Ghost.9732;Deleted.;
00562046.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00577109.FIL;C:\$VAULT$.AVG;Win32.HLLW.Ghost.9732;Deleted.;
00609218.FIL;C:\$VAULT$.AVG;Win32.HLLW.Cent;Deleted.;
00629484.FIL;C:\$VAULT$.AVG;BackDoor.PcClient;Deleted.;
00639578.FIL;C:\$VAULT$.AVG;Win32.HLLW.Ghost.9732;Deleted.;
00783906.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00792671.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00833953.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00834078.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00834109.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00835593.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00835656.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00835718.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00835812.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00835859.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00836015.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00836062.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00836093.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00836265.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00836312.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00836375.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00836484.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00836515.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00836640.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00836687.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00836718.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00836734.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00836796.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00836828.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00836875.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00836937.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00836984.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00837046.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00837078.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00837156.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00837218.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00837312.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00837359.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00837421.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00837468.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00837531.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00837562.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00837609.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00837640.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00837671.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00837828.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00837906.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00837937.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00837968.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00838062.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00838125.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00838140.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00838171.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00838234.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00838265.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00838296.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00838328.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00838421.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00838484.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00838515.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00838578.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00838625.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00838671.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00838703.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00838750.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00838796.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00838843.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00838906.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00838937.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00839000.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00839078.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00839140.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00839171.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00839250.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00839312.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00839343.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00839406.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00839484.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00839562.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00839625.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00839703.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00839781.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00839953.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00840015.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00840359.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00840390.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00840484.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00840531.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00840609.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00840671.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00840750.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00840781.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00840828.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00840875.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00840906.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00840953.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00840984.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00841046.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00841109.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00841140.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00841171.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00841218.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00841531.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00841625.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00841687.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00841750.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00841906.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00841937.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00841984.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00842062.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00842421.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00842453.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00842531.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00842578.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00842640.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00842687.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00842796.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00842875.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00842953.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00843046.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00843156.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00843250.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00843328.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00843718.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00843843.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00843890.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00844093.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00844156.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00844406.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00844453.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00844500.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00844593.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00844640.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00844703.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00844812.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00844921.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00845000.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00845062.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00845421.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00845484.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00845515.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00845593.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00845656.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00845750.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00845828.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00845953.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00846046.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00846125.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00846546.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00846593.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00846703.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00846750.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00846859.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00846921.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00846984.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00847078.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00847453.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00847515.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00847609.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00847656.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00847750.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00847812.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00847921.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00847984.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00848140.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00848187.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00848500.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00848546.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00848656.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
00848687.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02498656.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02499093.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02499312.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02499593.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02499859.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02499953.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02500062.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02500140.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02500390.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02500468.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02500593.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02500687.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02500828.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02500921.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02501015.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02501468.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02501671.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02501921.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02502171.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02502656.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02502812.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02502937.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02503437.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02503578.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02503796.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02503984.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02504156.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02504312.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02504593.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02504750.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02504859.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02504953.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02505046.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02505281.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02505328.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02505468.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02505593.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02505750.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02505828.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02505953.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02506046.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02506109.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02506171.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02506421.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02506468.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02506593.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02506671.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02506828.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02506906.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02506984.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02507046.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02507375.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02507453.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02507546.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02507656.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02507718.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02507796.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02507859.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02507953.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02508015.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02508218.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02508328.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02508406.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02508546.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02508609.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02508687.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02508890.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02509046.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02509218.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02509421.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02509812.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02510078.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02510171.FIL;C:\$VAULT$.AVG;Win32.HLLW.Ofni;Deleted.;
02510234.FIL;C:\$VAULT$.AVG;Win32.HLLW.Ofni;Deleted.;
03447328.FIL;C:\$VAULT$.AVG;Trojan.Spam;Deleted.;
03448250.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.35279;Deleted.;
03606796.FIL;C:\$VAULT$.AVG;BackDoor.PcClient;Deleted.;
04760703.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
04832140.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
04838531.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
05370750.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
05778953.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
06206218.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
06208265.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
06345218.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
06548453.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
06639390.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
07125343.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
07287343.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
07393671.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
07607000.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
07659593.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
07812359.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
09004984.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.3290;Deleted.;
12600562.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.35279;Deleted.;
12828640.FIL;C:\$VAULT$.AVG;Worm.Peerav;Incurable.Moved.;
19331531.FIL;C:\$VAULT$.AVG;BackDoor.Helpbo;Deleted.;
20861937.FIL;C:\$VAULT$.AVG;Win32.HLLW.Texmer.35;Incurable.Moved.;
21075000.FIL;C:\$VAULT$.AVG;Win32.HLLW.Texmer.35;Incurable.Moved.;
25352265.FIL;C:\$VAULT$.AVG;Win32.HLLW.Texmer.35;Incurable.Moved.;
30236843.FIL;C:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
folder.htt\vbscript.1;C:\$VAULT$.AVG\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\$VAULT$.AVG;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Documents and Settings\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Documents and Settings;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Documents and Settings\Acer\Bluetooth Software\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Documents and Settings\Acer\Bluetooth Software;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Documents and Settings\Acer\ChikkaDefault\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Documents and Settings\Acer\ChikkaDefault;Archive contains infected objects;Moved.;
Process.exe;C:\Documents and Settings\Acer\Desktop\SDFix\apps;Tool.Prockill;;
folder.htt\vbscript.1;C:\Documents and Settings\Acer\Local Settings\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Documents and Settings\Acer\Local Settings;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Documents and Settings\Acer\logs\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Documents and Settings\Acer\logs;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Documents and Settings\Acer\My Documents\My Widgets\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Documents and Settings\Acer\My Documents\My Widgets;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Documents and Settings\Acer\NetHood\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Documents and Settings\Acer\NetHood;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Documents and Settings\Acer\PrintHood\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Documents and Settings\Acer\PrintHood;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Documents and Settings\Guest\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Documents and Settings\Guest;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Documents and Settings\Guest\Bluetooth Software\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Documents and Settings\Guest\Bluetooth Software;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Documents and Settings\Guest\Local Settings\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Documents and Settings\Guest\Local Settings;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Documents and Settings\Guest\My Documents\Bluetooth Exchange Folder\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Documents and Settings\Guest\My Documents\Bluetooth Exchange Folder;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Documents and Settings\Guest\My Documents\My Widgets\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Documents and Settings\Guest\My Documents\My Widgets;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Documents and Settings\Guest\NetHood\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Documents and Settings\Guest\NetHood;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Documents and Settings\Guest\PrintHood\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Documents and Settings\Guest\PrintHood;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\logs\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\logs;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\MSOCache\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\MSOCache;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Program Files\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Program Files;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Program Files\Ahead\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Program Files\Ahead;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Program Files\Alcohol Soft\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Program Files\Alcohol Soft;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Program Files\Chikka Messenger\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Program Files\Chikka Messenger;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Program Files\GameHouse\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Program Files\GameHouse;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Program Files\Google\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Program Files\Google;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Program Files\Grisoft\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Program Files\Grisoft;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Program Files\InstallShield Installation Information\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Program Files\InstallShield Installation Information;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Program Files\Launch Manager\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Program Files\Launch Manager;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Program Files\ManagerX 2.1.3\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Program Files\ManagerX 2.1.3;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Program Files\Messenger\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Program Files\Messenger;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Program Files\microsoft frontpage\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Program Files\microsoft frontpage;Archive contains infected objects;Moved.;
mirc.chm\ctcp_events.htm;C:\Program Files\mIRC\mirc.chm;IRC.Generic.32;;
mirc.chm;C:\Program Files\mIRC;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Program Files\MSN Gaming Zone\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Program Files\MSN Gaming Zone;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Program Files\MSN Messenger\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Program Files\MSN Messenger;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Program Files\NetMeeting\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Program Files\NetMeeting;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Program Files\Paltalk Messenger\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Program Files\Paltalk Messenger;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Program Files\PopCap Games\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Program Files\PopCap Games;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Program Files\screensavers\FHM 100 Sexiest Women In The World 2006\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Program Files\screensavers\FHM 100 Sexiest Women In The World 2006;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Program Files\Yahoo!\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Program Files\Yahoo!;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;C:\Program Files\Yahoo! Games\folder.htt;Trojan.AppActXComp;;
folder.htt;C:\Program Files\Yahoo! Games;Archive contains infected objects;Moved.;
Process.exe;C:\SDFix\apps;Tool.Prockill;;
folder.htt\vbscript.1;E:\folder.htt;Trojan.AppActXComp;;
folder.htt;E:\;Archive contains infected objects;Moved.;
02514015.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02514406.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02514453.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02514578.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02514765.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02514859.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02514921.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02515046.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02515125.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02515343.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02515453.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02515531.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02515609.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02515687.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02515796.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02515859.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02515984.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02516015.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02516234.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02516437.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02516578.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02516812.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02516921.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02517015.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02517203.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02517296.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02517359.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02517500.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02517593.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02517656.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02517781.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02517859.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02517937.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02518000.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02518203.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02518281.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02518359.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02518484.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02518546.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02518687.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02518750.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02518812.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02519078.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02519265.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02519375.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02519531.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02519609.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02519718.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02519781.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02519921.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02520015.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02520125.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02520187.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02520328.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02520421.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02520562.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02520671.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02520796.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02520875.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02521046.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02521203.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02521281.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02521421.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02521484.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02521625.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02521703.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02521859.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02521921.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02522031.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02522125.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02522375.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02522453.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02522593.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02522703.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02522796.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02522921.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02523031.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02523234.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02523453.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02523546.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02523687.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02523765.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02523890.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02524015.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02524156.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02524625.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02524765.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02524890.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02524968.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02525093.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02525281.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02525375.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02525515.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02525656.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02525734.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02525890.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02525984.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02526234.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02526328.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02526437.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02526593.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02526703.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02526781.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02526921.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02527062.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02527234.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02527375.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02527484.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02527609.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02527750.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02527828.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02527921.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02527968.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02528062.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02528156.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02528343.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02528421.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02528562.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02528718.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02528828.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02528953.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02529078.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02529296.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02529531.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02529640.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02529703.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02529828.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02529906.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02530015.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02530234.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02530343.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02530546.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02530671.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02530765.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02530859.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02530921.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02531062.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02531234.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02531578.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02531828.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02531953.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02532046.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02532390.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02532468.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02532640.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02532750.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02532890.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02533000.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02533109.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02533296.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02533406.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02533484.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02533546.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02533640.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02533812.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02533906.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02534015.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02534109.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02534250.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02534312.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02534390.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02534453.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02534562.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02534640.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02534750.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02534875.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02535140.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02535375.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02535796.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02535906.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02536437.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02536578.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02536750.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02536906.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02537015.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02537156.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02537265.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02537578.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02537671.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02537828.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02538000.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02538234.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02538453.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02538531.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02538671.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02538843.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02538968.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02539062.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02539359.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02539468.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02539593.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02539687.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02539781.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02539875.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02539921.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
02539968.FIL;E:\$VAULT$.AVG;Win32.HLLM.Utenti;Deleted.;
folder.htt\vbscript.1;E:\EA SPORTS\NBA LIVE 07\gamedir\folder.htt;Trojan.AppActXComp;;
folder.htt;E:\EA SPORTS\NBA LIVE 07\gamedir;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;E:\EA SPORTS\NBA LIVE 07\sgsm\folder.htt;Trojan.AppActXComp;;
folder.htt;E:\EA SPORTS\NBA LIVE 07\sgsm;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;E:\EA SPORTS\NBA LIVE 07\simeng\folder.htt;Trojan.AppActXComp;;
folder.htt;E:\EA SPORTS\NBA LIVE 07\simeng;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;E:\EA SPORTS\NBA LIVE 07\sysmgr\folder.htt;Trojan.AppActXComp;;
folder.htt;E:\EA SPORTS\NBA LIVE 07\sysmgr;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;E:\EA SPORTS\NBA LIVE 07\tuning\folder.htt;Trojan.AppActXComp;;
folder.htt;E:\EA SPORTS\NBA LIVE 07\tuning;Archive contains infected objects;Moved.;
folder.htt\vbscript.1;E:\Grand Theft Auto Vice City\folder.htt;Trojan.AppActXComp;;
folder.htt;E:\Grand Theft Auto Vice City;Archive contains infected objects;Moved.;


ps: please keep this topic open, i'll be gone for 4-5 days. thank you. :)
  • 0

#8
kahdah
Posted 01 March 2008 - 07:16 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok when you get back do the following:

Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#9
elusivemind
Posted 02 March 2008 - 10:58 PM

elusivemind

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
hi, thanks for keeping my topic open. no malware has been detected. does that mean my problem is hardware-related? like.. dying hard drive.. maybe. i also forgot to say that my laptop had encountered "unmountable boot volume" before.. err.. something like that, and someone i know was able to fix that using the xp disc. since then, starting up has become sluggish.



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, March 03, 2008 12:45:45 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/03/2008
Kaspersky Anti-Virus database records: 593839
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 60485
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 02:41:01

Infected Object Name / Virus Name / Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\toosqaw2.default\cert8.db Object is locked skipped
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\toosqaw2.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\toosqaw2.default\history.dat Object is locked skipped
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\toosqaw2.default\key3.db Object is locked skipped
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\toosqaw2.default\parent.lock Object is locked skipped
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\toosqaw2.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\toosqaw2.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Acer\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\fol09999.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\fol19999.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\fol29999.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\fol39999.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\fol49999.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\fol59999.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\fol69999.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\fol79999.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\fol89999.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\fold0999.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\fold1999.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\fold2999.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\fold3999.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\fold4999.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\fold5999.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\fold6999.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\fold7999.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\fold8999.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\fold9999.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folde099.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folde199.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folde299.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folde399.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folde499.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folde599.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folde699.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folde799.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folde899.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folde999.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder09.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder19.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder29.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder39.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder49.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder59.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder69.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder79.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder89.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder99.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder_0.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder_1.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder_2.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder_3.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder_4.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder_5.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder_6.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder_7.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder_8.htt Object is locked skipped
C:\Documents and Settings\Acer\DoctorWeb\Quarantine\folder_9.htt Object is locked skipped
C:\Documents and Settings\Acer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Acer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Acer\Local Settings\Application Data\Mozilla\Firefox\Profiles\toosqaw2.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Acer\Local Settings\Application Data\Mozilla\Firefox\Profiles\toosqaw2.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Acer\Local Settings\Application Data\Mozilla\Firefox\Profiles\toosqaw2.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Acer\Local Settings\Application Data\Mozilla\Firefox\Profiles\toosqaw2.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Acer\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Acer\Local Settings\History\History.IE5\MSHist012008030320080304\index.dat Object is locked skipped
C:\Documents and Settings\Acer\Local Settings\Temp\Free Download Manager\tic2.tmp Object is locked skipped
C:\Documents and Settings\Acer\Local Settings\Temp\Free Download Manager\tic3.tmp Object is locked skipped
C:\Documents and Settings\Acer\Local Settings\Temp\~DF8636.tmp Object is locked skipped
C:\Documents and Settings\Acer\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Acer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Acer\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Acer\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-03-03.09-29-32.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F84A0FD5-14AB-4017-B236-7DC46043B725}\RP128\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
  • 0

#10
kahdah
Posted 03 March 2008 - 03:40 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
dying hard drive <Very possible.

I would get it tested somewhere.

PLease delete these folders below:
C:\Documents and Settings\Acer\DoctorWeb
C:\SDFix
C:\Deckard
===============
Empty your recycle bin.

Then I will need you to reset your System Restore points, please note that you will need to log into your computer with an account which has full administrator access.
You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
Click on *Start
Right-click *My Computer
Click *Properties
Click the *System Restore tab
Check *Turn off System Restore
Click *Apply, and then click *OK.

2. Reboot.

3. Turn ON System Restore.
Click on *Start
Right-click *My Computer
Click *Properties
*UN-Check *Turn off System Restore*
Check *Turn on System Restore
Click *Apply, and then click *OK.
======================================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0

#11
elusivemind
Posted 03 March 2008 - 05:42 AM

elusivemind

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
hmm, then i would just get it tested somewhere. thanks for your time. :)
  • 0

#12
kahdah
Posted 03 March 2008 - 07:32 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#13
kahdah
Posted 03 March 2008 - 07:32 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP