Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

help with KXVO.EXE

Started by nimrod23 , Mar 24 2008 10:34 PM

Please log in to reply

#1
nimrod23

Posted 24 March 2008 - 10:34 PM

Member

Member
15 posts

Need help with this thing.

heres my Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:24 PM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\ieso0.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 2439 bytes

#2
nimrod23

Posted 24 March 2008 - 11:28 PM

Member

Topic Starter
Member
15 posts

here is my DSS log file

Main.txt

Deckard's System Scanner v20071014.68
Run by dennis 1 on 2008-03-25 13:28:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

-- Last 2 Restore Point(s) --
2: 2008-03-25 05:26:48 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-03-25 05:24:05 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as dennis 1.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:41 PM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\dennis 1\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DENNIS~1.EXE

O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\ieso0.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 2346 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech iWheelWorks Mouse Driver>
R3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech iWheelWorks Mouse Driver>
R3 axsaki - c:\windows\system32\drivers\axsaki.sys
R3 axskbus - c:\windows\system32\drivers\axskbus.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-02-25 and 2008-03-25 -----------------------------

2008-03-25 12:36:24 0 d-------- C:\Program Files\Trend Micro
2008-03-24 09:44:38 153525 -r-hs---- C:\nej30aw.exe
2008-03-24 09:44:10 86528 -r-hs---- C:\WINDOWS\system32\fool1.dll
2008-03-24 09:40:13 153594 -r-hs---- C:\ojbss9gv.com
2008-03-24 09:39:42 86528 -r-hs---- C:\WINDOWS\system32\fool0.dll
2008-03-24 09:39:41 153525 -r-hs---- C:\WINDOWS\system32\kxvo.exe
2008-02-29 14:59:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard

-- Find3M Report ---------------------------------------------------------------

2008-03-25 10:35:49 0 d-------- C:\Documents and Settings\dennis 1\Application Data\AVG7
2008-02-26 18:04:59 0 d-------- C:\Program Files\Visio
2008-01-28 18:18:50 0 d-------- C:\Program Files\Mp3TagToolsv12
2008-01-25 16:45:39 0 d-------- C:\Program Files\vPod
2008-01-25 16:43:13 0 d-------- C:\Program Files\iPod
2008-01-25 14:32:45 0 d-------- C:\Documents and Settings\dennis 1\Application Data\Apple Computer
2008-01-25 14:32:40 0 d-------- C:\Program Files\iTunes
2008-01-25 14:32:19 0 d-------- C:\Program Files\Bonjour
2008-01-25 14:32:12 0 d-------- C:\Program Files\QuickTime
2008-01-25 14:31:29 0 d-------- C:\Program Files\Apple Software Update
2008-01-25 14:30:59 0 d-------- C:\Program Files\Common Files
2008-01-25 14:30:59 0 d-------- C:\Program Files\Common Files\Apple
2008-01-11 18:47:59 62 --ahs---- C:\Documents and Settings\dennis 1\Application Data\desktop.ini
2008-01-11 17:18:50 36932 --a------ C:\WINDOWS\cmijack.dat
2008-01-11 15:22:59 1158 --a------ C:\WINDOWS\mozver.dat
2008-01-11 15:03:42 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-11 11:18:42 45056 --a------ C:\WINDOWS\NCUNINST.EXE <Not Verified; Northern Codeworks; Uninstall>
2008-01-11 10:57:12 0 -rahs---- C:\MSDOS.SYS
2008-01-11 10:57:12 0 -rahs---- C:\IO.SYS
2008-01-11 10:57:12 0 --a------ C:\CONFIG.SYS
2008-01-11 10:57:12 0 --a------ C:\AUTOEXEC.BAT
2008-01-11 10:54:09 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/11/2008 02:45 PM]
"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [08/25/2004 02:35 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [08/19/2005 07:34 PM]
"kxva"="C:\WINDOWS\system32\kxvo.exe" [03/24/2008 09:44 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19df93e1-e667-11dc-b294-000d8817e210}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d5851c7-d455-11dc-b281-000d8817e210}]
Auto\command- boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32d1cad8-c031-11dc-8bc4-806d6172696f}]
AutoRun\command- D:\nej30aw.exe
explore\Command- D:\nej30aw.exe
open\Command- D:\nej30aw.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32d1cada-c031-11dc-8bc4-806d6172696f}]
AutoRun\command- C:\nej30aw.exe
explore\Command- C:\nej30aw.exe
open\Command- C:\nej30aw.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48f3d19b-ee3e-11dc-b29a-000d8817e210}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe
Explore\Command- Desktop.exe
Open\Command- Desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d780efe-cd3a-11dc-b271-000d8817e210}]
AutoRun\command- G:\
explore\Command- G:\RECYCLER\INFO.exe
open\Command- G:\RECYCLER\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d780f05-cd3a-11dc-b271-000d8817e210}]
AutoRun\command- K:\
explore\Command- K:\RECYCLER\INFO.exe
open\Command- K:\RECYCLER\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7baed46c-bff6-11dc-b25e-000d8817e210}]
AutoRun\command- H:\nej30aw.exe
explore\Command- H:\nej30aw.exe
open\Command- H:\nej30aw.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7baed46d-bff6-11dc-b25e-000d8817e210}]
AutoRun\command- I:\nej30aw.exe
explore\Command- I:\nej30aw.exe
open\Command- I:\nej30aw.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7baed46e-bff6-11dc-b25e-000d8817e210}]
AutoRun\command- K:\nej30aw.exe
explore\Command- K:\nej30aw.exe
open\Command- K:\nej30aw.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{979046c8-e8ca-11dc-b295-000d8817e210}]
AutoRun\command- svchost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{979046ca-e8ca-11dc-b295-000d8817e210}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe
Explore\Command- Desktop.exe
Open\Command- Desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1ccd4c7-e9b0-11dc-b296-000d8817e210}]
auto\command- K:\Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- K:\Knight.exe open
find\command- K:\Knight.exe open
install\command- K:\Knight.exe open
open\command- K:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1ccd4ca-e9b0-11dc-b296-000d8817e210}]
auto\command- K:\Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- K:\Knight.exe open
find\command- K:\Knight.exe open
install\command- K:\Knight.exe open
open\command- K:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8438315-ce29-11dc-b275-000d8817e210}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe
Explore\Command- Desktop.exe
Open\Command- Desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af394126-c3e2-11dc-b265-000d8817e210}]
AutoRun\command- ms-dos\ntdlr.com
Explore\command- ms-dos\ntdlr.com
Open\command- ms-dos\ntdlr.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccd56c1d-c8a6-11dc-b26b-000d8817e210}]
AutoRun\command- G:\
explore\Command- WScript.exe .\peanut.vbs
open\Command- WScript.exe .\peanut.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1680f8b-ca29-11dc-b26d-000d8817e210}]
AutoRun\command- K:\
explore\Command- WScript.exe .\peanut.vbs
open\Command- WScript.exe .\peanut.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd38960a-fa14-11dc-b2a5-000d8817e210}]
AutoRun\command- G:\nej30aw.exe
explore\Command- G:\nej30aw.exe
open\Command- G:\nej30aw.exe

-- End of Deckard's System Scanner: finished at 2008-03-25 13:29:08 ------------

#3
nimrod23

Posted 24 March 2008 - 11:29 PM

Member

Topic Starter
Member
15 posts

here is the DSS log file

Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.66GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 766.73 MiB / 496.58 MiB
Pagefile Memory (total/avail): 3225.52 MiB / 3020.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.89 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 29.29 GiB total, 6.31 GiB free.
D: is Fixed (NTFS) - 45.23 GiB total, 43.49 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
H: is Fixed (NTFS) - 97.65 GiB total, 13.46 GiB free.
I: is Fixed (NTFS) - 97.65 GiB total, 2.06 GiB free.
J: is CDROM (No Media)
K: is Fixed (NTFS) - 37.57 GiB total, 35.3 GiB free.

\\.\PHYSICALDRIVE0 - ST3802110A - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 29.29 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 45.23 GiB - D:

\\.\PHYSICALDRIVE1 - Initio ST3250820A USB Device - 232.88 GiB - 3 partitions
\PARTITION0 - Installable File System - 97.65 GiB - H:
\PARTITION1 - Installable File System - 97.65 GiB - I:
\PARTITION2 - Installable File System - 37.57 GiB - K:

-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: AVG 7.5.519 v7.5.519 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\dennis 1\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DENNIS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\dennis 1
LOGONSERVER=\\DENNIS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DENNIS~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DENNIS~1\LOCALS~1\Temp
USERDOMAIN=DENNIS
USERNAME=dennis 1
USERPROFILE=C:\Documents and Settings\dennis 1
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

dennis 1 (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.32 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Alcohol 120% --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
AnalogX Vocal Remover (WinAmp) --> C:\Program Files\Plugins\wavremu.exe
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Audacity 1.3.0 --> "C:\Program Files\Audacity 1.3\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
DFE-530TX Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F2BB456F-C07B-4EDE-975F-4D6DED19750A}
Google SketchUp --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1423608-F529-40A1-93CA-C7F396F30DF0}\setup.exe" -l0x9
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iPod Reset Utility --> MsiExec.exe /X{91A2689C-D4B1-43BB-A521-0E29B963FC56}
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
iZoomWorks 7.64 --> C:\Program Files\A4Tech\Mouse\Uninst32.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3 Tag Tools v1.2 --> "C:\Program Files\Mp3TagToolsv12\uninstall.exe"
Nero 6 Enterprise Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
PCI Audio Driver --> cmuninst.exe
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Visio Professional --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Visio\System\DeIsL2.isu" -cC:\PROGRA~1\Visio\System\ExSetup.DLL
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WINner Tweak 2.2.1 --> "C:\Program Files\WINnerTweakXP\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

-- Application Event Log -------------------------------------------------------

Event Record #/Type416 / Error
Event Submitted/Written: 03/25/2008 01:27:31 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0001142e.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type415 / Error
Event Submitted/Written: 03/25/2008 01:25:16 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00011639.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type408 / Error
Event Submitted/Written: 03/25/2008 11:28:53 AM
Event ID/Source: 100 / AVG7
Event Description:
2008-03-25 03:28:53,953 DENNIS [001808:001820] ERROR 000 AVG7.WTS.CAvgAmWts ProcessIdToSessionId(1308) call failed with WIN32 error 87, returning session id is 0

Event Record #/Type401 / Error
Event Submitted/Written: 03/24/2008 09:43:06 AM
Event ID/Source: 100 / AVG7
Event Description:
2008-03-24 01:43:06,843 DENNIS [001792:001824] ERROR 000 AVG7.WTS.CAvgAmWts ProcessIdToSessionId(2236) call failed with WIN32 error 87, returning session id is 0

Event Record #/Type372 / Error
Event Submitted/Written: 03/12/2008 06:17:46 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application acrobat.exe, version 5.0.0.327, faulting module acrobat.exe, version 5.0.0.327, fault address 0x001282cf.
Processing media-specific event for [acrobat.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type2284 / Warning
Event Submitted/Written: 03/25/2008 11:07:10 AM
Event ID/Source: 20 / Print
Event Description:
Printer Driver hp deskjet 845c for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, HPFDJ845.GPD, UNIDRV.HLP, HPFUD50.DLL, UNIRES.DLL, HPFDJ50.INI, HPFUI50.DLL, HPFIMG50.DLL, HPF880AL.DLL, HPFDJ84X.GPD, HPFDJ200.HLP, HPFNAM50.GPD, STDNAMES.GPD.

Event Record #/Type2283 / Error
Event Submitted/Written: 03/25/2008 11:06:27 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type2282 / Error
Event Submitted/Written: 03/25/2008 11:06:27 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type2277 / Error
Event Submitted/Written: 03/25/2008 10:50:39 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 30 minutes.
NtpClient has no source of accurate time.

Event Record #/Type2276 / Error
Event Submitted/Written: 03/25/2008 10:50:39 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

-- End of Deckard's System Scanner: finished at 2008-03-25 13:29:08 ------------