Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Not sure whats wrong [CLOSED]


  • This topic is locked This topic is locked

#1
teaupcoffeetime

teaupcoffeetime

    Member

  • Member
  • PipPip
  • 18 posts
Having problems computer has slowed down defraged and emptyed files log below
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:31:16, on 10/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Privacy Suite RiskMonitor] C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1211443084484
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9776 bytes
  • 0

Advertisements


#2
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hello teaupcoffeetime,

Let's do some scans then we'll go from there.

First,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next,

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Finally,

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt

Post back with the following logs.

- MBAM log
- SuperAntispyware log
- DSS main and extra log

Edited by koko_crunch, 22 June 2008 - 01:32 AM.

  • 0

#3
teaupcoffeetime

teaupcoffeetime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hello koko-crunch
sorry I have been so long relpying to your post I have been away on holiday here are my log below as requested apart from the "%userprofile%\desktop\dss.exe" /config as my computer could not find this file .


Malwarebytes' Anti-Malware 1.18
Database version: 873

00:04:29 21/06/2008
mbam-log-6-21-2008 (00-04-29).txt

Scan type: Quick Scan
Objects scanned: 41664
Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/21/2008 at 10:36 AM

Application Version : 4.15.1000

Core Rules Database Version : 3486
Trace Rules Database Version: 1477

Scan type : Complete Scan
Total Scan Time : 00:32:47

Memory items scanned : 357
Memory threats detected : 0
Registry items scanned : 5716
Registry threats detected : 0
File items scanned : 33064
File threats detected : 18

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adviva[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@dealtime[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
  • 0

#4
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hey teaupcoffeetime,

We'll need another scan from you using a different tool.
This will help me determine what kind malware, if any, might be running on your system.

First,

Your AVG is output date.
Grisoft no longer supports that version.
Chances are you no longer receive regular updates making you more vulnerable to infection.

You can choose to download the latest version for free or switch to another one.

Please choose one from these free Anti-Virus softwares.

Note: Installing more than one anti-virus software can lead to system hang ups and conflicts, providing less protection, not more!.

INSTALL
Then
UPDATE


Next,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.

Click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt

Edited by koko_crunch, 22 June 2008 - 01:42 AM.

  • 0

#5
teaupcoffeetime

teaupcoffeetime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi kok-crunch

My antivirus updates every day this is because it is the full registered version 2 year 2 user standrd license AGV internet Security.

here are the two logs from my computer
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-22 17:22:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
73: 2008-06-22 08:04:04 UTC - RP73 - Deckard's System Scanner Restore Point
72: 2008-06-20 23:41:18 UTC - RP72 - Software Distribution Service 3.0
71: 2008-06-13 13:54:33 UTC - RP71 - System Checkpoint
70: 2008-06-12 13:02:26 UTC - RP70 - Installed RamBooster
69: 2008-06-11 12:15:41 UTC - RP69 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-05-20 17:28:26 UTC - RP1 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22:20, on 22/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrator\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Privacy Suite RiskMonitor] C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1211443084484
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7760 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080612-133355-101 O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
backup-20080612-133355-108 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
backup-20080612-133355-116 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
backup-20080612-133355-213 O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
backup-20080612-133355-223 O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
backup-20080612-133355-240 O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
backup-20080612-133355-369 O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
backup-20080612-133355-398 O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
backup-20080612-133355-439 O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
backup-20080612-133355-592 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
backup-20080612-133355-855 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
backup-20080612-133355-973 O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_20\4&AD17F01&0&00E3
Manufacturer: Marvell
Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller #2
PNP Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_20\4&AD17F01&0&00E3
Service: yukonwxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_20\4&8D68EE5&0&00E4
Manufacturer: Marvell
Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_20\4&8D68EE5&0&00E4
Service: yukonwxp

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RTL8187_Wireless
Device ID: USB\VID_0BDA&PID_8187\0015AF0D1A15
Manufacturer:
Name: RTL8187_Wireless
PNP Device ID: USB\VID_0BDA&PID_8187\0015AF0D1A15
Service:


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 704)
2007-04-19 13:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>

C:\WINDOWS\system32\svchost.exe (pid 1040)
2007-07-24 15:17:08 147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>

C:\WINDOWS\explorer.exe (pid 2092)
2008-05-26 11:52:02 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>


-- Scheduled Tasks -------------------------------------------------------------

2008-06-22 17:14:49 502 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-06-12 11:15:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-20 23:53:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-20 23:53:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-20 23:53:15 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 09:27:05 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-14 09:27:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\skypePM
2008-06-14 09:24:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2008-06-14 09:24:26 0 d-------- C:\Program Files\Skype
2008-06-14 09:24:26 0 d-------- C:\Program Files\Common Files\Skype
2008-06-14 09:24:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-12 14:02:27 0 d-------- C:\Program Files\RamBooster 2.0
2008-06-10 17:39:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\NeroDCTemplates
2008-06-10 15:38:41 0 d-------- C:\Program Files\QuickTime
2008-06-10 13:57:09 0 d-------- C:\Program Files\Trend Micro
2008-06-10 13:47:40 0 d-------- C:\Program Files\BAVACARS
2008-06-10 13:47:33 796672 --a------ C:\WINDOWS\GPInstall.exe <Not Verified; Qsc; GP-Install>
2008-06-10 13:46:48 0 d-------- C:\Program Files\BAVOSP
2008-06-07 15:34:39 2977792 -----n--- C:\WINDOWS\UNNMP.exe <Not Verified; Nero AG; Nero Web Engine>
2008-06-07 15:33:23 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-06-07 15:32:16 2973696 -----n--- C:\WINDOWS\UNNeroVision.exe <Not Verified; Nero AG; Nero Web Engine>
2008-06-07 15:31:46 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2008-06-07 15:31:46 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-06-07 15:31:46 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-06-07 15:31:45 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-06-07 15:31:45 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-06-07 15:31:45 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-06-07 15:31:40 0 d-------- C:\Program Files\Ahead
2008-06-07 13:08:49 0 d-------- C:\Program Files\SquawkBox3
2008-06-06 16:18:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\TomTom
2008-06-06 16:18:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-06 16:17:34 0 d-------- C:\Program Files\TomTom HOME 2
2008-06-06 16:07:43 0 d-------- C:\Program Files\TomTom HOME
2008-06-05 16:19:41 0 d-------- C:\Documents and Settings\Administrator\Contacts
2008-06-05 16:16:06 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-05 16:15:45 0 d-------- C:\Program Files\Windows Live
2008-06-05 16:15:36 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-05 10:45:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-06-05 10:42:53 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-05 10:42:23 0 d-------- C:\Program Files\CyberLink
2008-06-05 00:01:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-06-04 23:46:01 0 d-------- C:\WINDOWS\pss
2008-06-04 23:27:01 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-04 23:20:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-06-04 09:11:15 0 d-------- C:\Program Files\NeroInstall.bak
2008-06-04 09:08:05 0 d-------- C:\Program Files\Nero
2008-06-04 09:08:05 0 d-------- C:\Program Files\Common Files\Nero
2008-06-04 09:08:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-03 16:11:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2008-06-03 16:01:48 53248 -----n--- C:\WINDOWS\system32\uvsc.dll <Not Verified; Ulead; Ulead uvsc>
2008-06-03 16:01:48 86016 -----n--- C:\WINDOWS\system32\uvAC3Enc.dll <Not Verified; Ulead Systems, Inc.; Ulead AC3 Encoder>
2008-06-03 16:01:48 61440 -----n--- C:\WINDOWS\system32\pcmaout.dll <Not Verified; MainConcept AG; MainConcept ® MPEG PCM Audio>
2008-06-03 16:01:48 90112 -----n--- C:\WINDOWS\system32\mpgvparse.dll <Not Verified; Ulead System, Inc.; Ulead Mpeg Video Parser>
2008-06-03 16:01:48 10752 -----n--- C:\WINDOWS\system32\MPGVOUT.dll <Not Verified; Ulead Systems, Inc; Ulead MPEG Video Wrapper>
2008-06-03 16:01:48 147456 -----n--- C:\WINDOWS\system32\mpgmux.dll <Not Verified; Ulead Systems, Inc; Ulead MPEG Multiplexer>
2008-06-03 16:01:48 65536 -----n--- C:\WINDOWS\system32\mpgcheck.dll <Not Verified; Ulead Systems, Inc.; Ulead MPEG Settings Checker>
2008-06-03 16:01:48 102400 -----n--- C:\WINDOWS\system32\mpgcap32.dll <Not Verified; Ulead Systems, Inc.; Ulead Systems, Inc. mpgcap32>
2008-06-03 16:01:48 90112 -----n--- C:\WINDOWS\system32\mpgaparse.dll <Not Verified; Ulead Systems, Inc.; Ulead MPEG Audio Parser>
2008-06-03 16:01:48 124928 -----n--- C:\WINDOWS\system32\MPGAOUT.DLL <Not Verified; Ulead Systems, Inc; Ulead MPEG Audio Encoder>
2008-06-03 16:01:48 315392 -----n--- C:\WINDOWS\system32\mpg_dlg.dll <Not Verified; ULead Systems; ULead® MPEG Encoder setting dialogs>
2008-06-03 16:01:48 180224 -----n--- C:\WINDOWS\system32\MPEGIN.DLL <Not Verified; Ulead Systems, Inc; Ulead MPEG SR File Decoder>
2008-06-03 16:01:48 532480 -----n--- C:\WINDOWS\system32\MCMpgDec.dll <Not Verified; Ulead Systems, Inc.; Ulead MPEG Stream Decoder>
2008-06-03 16:01:48 73728 -----n--- C:\WINDOWS\system32\ac3aout.dll <Not Verified; Ulead Systems, Inc.; Ulead AC3 Audio Encoder>
2008-06-03 15:58:23 24576 -----n--- C:\WINDOWS\system32\UleadPhotoExplorer8_Res.dll <Not Verified; Ulead Systems, Inc.; Ulead Photo Explorer>
2008-06-03 15:58:23 24576 -----n--- C:\WINDOWS\system32\Ulead Photo Explorer 8.scr <Not Verified; Ulead Systems, Inc.; Ulead Photo Explorer>
2008-06-03 15:58:15 0 d-------- C:\Program Files\Ulead Systems
2008-06-03 15:58:13 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-03 15:57:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-03 12:32:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\FaxCtr
2008-06-03 10:45:53 0 d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-06-03 10:45:45 0 d-------- C:\Program Files\Ashampoo
2008-06-03 09:36:35 0 d-------- C:\Documents and Settings\All Users\Lx_cats
2008-06-03 09:30:55 0 d-------- C:\logs
2008-06-03 09:29:55 12288 --a------ C:\WINDOWS\system32\LXF3PMRC.DLL
2008-06-03 09:29:55 45056 --a------ C:\WINDOWS\system32\LXF3PMON.DLL
2008-06-03 09:29:55 36864 --a------ C:\WINDOWS\system32\lxf3oem.dll <Not Verified; ; Lexmark Fax Solutions Software>
2008-06-03 09:29:55 32768 --a------ C:\WINDOWS\system32\LXF3FXPU.DLL
2008-06-03 09:29:55 98345 --a------ C:\WINDOWS\system32\IMHOST32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2008-06-03 09:29:55 339968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2008-06-03 09:29:50 0 d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-06-03 09:29:39 0 d-------- C:\Program Files\Lexmark Fax Solutions
2008-06-03 09:29:23 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-06-03 09:28:22 294912 --a------ C:\WINDOWS\system32\lxdiinst.dll
2008-06-03 09:28:12 0 d-------- C:\Program Files\Lexmark 3500-4500 Series
2008-06-02 16:06:31 0 d-------- C:\Netgear
2008-05-31 22:26:14 0 d-------- C:\Program Files\Apple Software Update
2008-05-31 15:41:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2008-05-31 15:40:09 0 d-------- C:\Program Files\VideoLAN
2008-05-31 15:37:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-05-31 15:36:53 0 d-------- C:\Program Files\iPod
2008-05-31 15:36:50 0 d-------- C:\Program Files\iTunes
2008-05-31 15:36:35 0 d-------- C:\Program Files\Bonjour
2008-05-31 15:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-31 15:35:48 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-31 15:35:27 0 d-------- C:\Program Files\Common Files\Apple
2008-05-31 15:35:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-31 14:48:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-05-31 11:29:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberScrub
2008-05-31 11:28:30 0 d-------- C:\Program Files\CyberScrub Privacy Suite
2008-05-31 11:15:47 90 ---hs---- C:\WINDOWS\cnerolf.dat
2008-05-27 14:07:27 0 d-------- C:\Program Files\iStar
2008-05-26 16:26:05 0 d-------- C:\WINDOWS\Sun
2008-05-26 16:26:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-05-26 16:24:24 0 d-------- C:\Program Files\Java
2008-05-26 16:22:42 0 d-------- C:\Program Files\Common Files\Java
2008-05-26 16:10:21 0 d-------- C:\Program Files\uTorrent
2008-05-26 16:10:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-05-26 15:51:11 0 d-------- C:\Train Store
2008-05-26 15:24:55 304128 --a------ C:\WINDOWS\unin0407.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield Deinstaller>
2008-05-26 15:24:50 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-05-26 15:02:20 0 d-------- C:\Program Files\J A Formoso
2008-05-26 12:55:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-26 12:40:33 0 d-------- C:\Program Files\Google
2008-05-26 12:40:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-05-26 12:39:42 0 d-------- C:\Program Files\Kontiki
2008-05-26 12:39:42 0 d-------- C:\logs3
2008-05-26 12:39:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-05-26 11:48:07 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-26 11:47:40 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-26 11:47:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-05-26 11:44:15 0 d-------- C:\Program Files\Kyodai
2008-05-26 11:43:15 5248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-05-26 11:43:15 155136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-05-26 11:43:14 0 d-------- C:\Program Files\D-Tools
2008-05-26 11:43:00 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-26 11:42:37 0 d-------- C:\Program Files\UltraISO
2008-05-26 11:42:37 0 d-------- C:\Program Files\Common Files\EZB Systems
2008-05-26 11:42:01 0 d-------- C:\Program Files\WinISO
2008-05-26 10:45:03 0 dr-h----- C:\$VAULT$.AVG
2008-05-26 10:43:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-05-26 10:43:43 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-26 10:43:39 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-26 10:42:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-24 01:20:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-24 01:19:58 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-24 00:32:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-24 00:32:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-22 12:25:55 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-22 12:02:40 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-22 12:01:24 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-22 12:01:24 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-22 11:59:39 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-05-22 10:39:43 0 d-------- C:\WINDOWS\system32\Lang
2008-05-22 10:37:46 0 d-------- C:\WINDOWS\system32\RTCOM
2008-05-22 10:34:51 0 d-------- C:\WINDOWS\Prefetch
2008-05-22 10:24:32 0 d-------- C:\WINDOWS\system32\scripting
2008-05-22 10:24:32 0 d-------- C:\WINDOWS\system32\en
2008-05-22 10:24:32 0 d-------- C:\WINDOWS\l2schemas
2008-05-22 10:24:31 0 d-------- C:\WINDOWS\system32\bits
2008-05-22 10:22:28 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-22 10:20:21 0 d-------- C:\WINDOWS\network diagnostic
2008-05-22 09:29:46 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-22 09:00:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-22 09:00:25 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-22 09:00:24 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-22 08:58:36 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-22 08:57:47 0 d--hs---- C:\Documents and Settings\Administrator\UserData


-- Find3M Report ---------------------------------------------------------------

2008-06-22 08:56:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-06-14 09:24:26 0 d-------- C:\Program Files\Common Files
2008-06-11 16:16:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-07 15:31:41 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-26 13:03:34 0 d-------- C:\Program Files\Microsoft Games
2008-05-22 10:24:57 0 d-------- C:\Program Files\Old Messenger
2008-05-22 10:24:31 0 d-------- C:\Program Files\Movie Maker
2008-05-22 10:22:09 0 d-------- C:\Program Files\Windows NT
2008-05-21 09:39:37 0 d-------- C:\Program Files\Microsoft Works
2008-05-21 09:39:31 0 d-------- C:\Program Files\MSBuild
2008-05-21 09:38:49 0 d-------- C:\Program Files\Microsoft.NET
2008-05-21 09:37:40 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-21 09:28:34 0 d-------- C:\Program Files\Microsoft AutoRoute
2008-05-21 08:59:04 0 d-------- C:\Program Files\Common Files\LightScribe
2008-05-21 08:47:36 0 d-------- C:\Program Files\Creative
2008-05-21 08:45:54 233472 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-05-21 08:44:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Creative
2008-05-21 08:41:43 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-21 08:37:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-05-21 08:34:06 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-05-21 08:33:03 0 d-------- C:\Program Files\ATI Technologies
2008-05-20 19:09:54 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-20 19:09:51 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-20 19:09:29 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-05-20 18:28:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-05-20 18:21:27 0 d-------- C:\Program Files\microsoft frontpage
2008-05-20 18:21:12 0 -rahs---- C:\MSDOS.SYS
2008-05-20 18:21:12 0 -rahs---- C:\IO.SYS
2008-05-20 18:21:12 0 --a------ C:\CONFIG.SYS
2008-05-20 18:21:12 0 --a------ C:\AUTOEXEC.BAT
2008-05-20 18:20:08 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-20 18:19:20 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-20 18:18:29 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-20 18:18:10 0 d-------- C:\Program Files\Online Services
2008-05-20 18:18:01 0 d-------- C:\Program Files\MSN Gaming Zone


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PD0620 STISvc"="P0620Pin.dll" [10/05/2005 18:03 C:\WINDOWS\system32\P0620Pin.dll]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [21/05/2008 09:19]
"CTHelper"="CTHELPER.EXE" [09/04/2007 12:32 C:\WINDOWS\system32\CtHelper.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [11/05/2000 01:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"Privacy Suite RiskMonitor"="C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe" [22/11/2007 10:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [26/05/2008 11:52 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 21/05/2008 08:19 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f24eb0a-33da-11dd-9045-00184ddee7e8}]
AutoRun\command- L:\InstallTomTomHOME.exe




-- End of Deckard's System Scanner: finished at 2008-06-22 17:24:38 ------------


Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-22 17:22:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
73: 2008-06-22 08:04:04 UTC - RP73 - Deckard's System Scanner Restore Point
72: 2008-06-20 23:41:18 UTC - RP72 - Software Distribution Service 3.0
71: 2008-06-13 13:54:33 UTC - RP71 - System Checkpoint
70: 2008-06-12 13:02:26 UTC - RP70 - Installed RamBooster
69: 2008-06-11 12:15:41 UTC - RP69 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-05-20 17:28:26 UTC - RP1 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22:20, on 22/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrator\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Privacy Suite RiskMonitor] C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1211443084484
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7760 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080612-133355-101 O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
backup-20080612-133355-108 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
backup-20080612-133355-116 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
backup-20080612-133355-213 O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
backup-20080612-133355-223 O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
backup-20080612-133355-240 O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
backup-20080612-133355-369 O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
backup-20080612-133355-398 O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
backup-20080612-133355-439 O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
backup-20080612-133355-592 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
backup-20080612-133355-855 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
backup-20080612-133355-973 O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_20\4&AD17F01&0&00E3
Manufacturer: Marvell
Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller #2
PNP Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_20\4&AD17F01&0&00E3
Service: yukonwxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_20\4&8D68EE5&0&00E4
Manufacturer: Marvell
Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_20\4&8D68EE5&0&00E4
Service: yukonwxp

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RTL8187_Wireless
Device ID: USB\VID_0BDA&PID_8187\0015AF0D1A15
Manufacturer:
Name: RTL8187_Wireless
PNP Device ID: USB\VID_0BDA&PID_8187\0015AF0D1A15
Service:


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 704)
2007-04-19 13:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>

C:\WINDOWS\system32\svchost.exe (pid 1040)
2007-07-24 15:17:08 147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>

C:\WINDOWS\explorer.exe (pid 2092)
2008-05-26 11:52:02 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>


-- Scheduled Tasks -------------------------------------------------------------

2008-06-22 17:14:49 502 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-06-12 11:15:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-20 23:53:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-20 23:53:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-20 23:53:15 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 09:27:05 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-14 09:27:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\skypePM
2008-06-14 09:24:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2008-06-14 09:24:26 0 d-------- C:\Program Files\Skype
2008-06-14 09:24:26 0 d-------- C:\Program Files\Common Files\Skype
2008-06-14 09:24:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-12 14:02:27 0 d-------- C:\Program Files\RamBooster 2.0
2008-06-10 17:39:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\NeroDCTemplates
2008-06-10 15:38:41 0 d-------- C:\Program Files\QuickTime
2008-06-10 13:57:09 0 d-------- C:\Program Files\Trend Micro
2008-06-10 13:47:40 0 d-------- C:\Program Files\BAVACARS
2008-06-10 13:47:33 796672 --a------ C:\WINDOWS\GPInstall.exe <Not Verified; Qsc; GP-Install>
2008-06-10 13:46:48 0 d-------- C:\Program Files\BAVOSP
2008-06-07 15:34:39 2977792 -----n--- C:\WINDOWS\UNNMP.exe <Not Verified; Nero AG; Nero Web Engine>
2008-06-07 15:33:23 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-06-07 15:32:16 2973696 -----n--- C:\WINDOWS\UNNeroVision.exe <Not Verified; Nero AG; Nero Web Engine>
2008-06-07 15:31:46 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2008-06-07 15:31:46 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-06-07 15:31:46 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-06-07 15:31:45 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-06-07 15:31:45 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-06-07 15:31:45 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-06-07 15:31:40 0 d-------- C:\Program Files\Ahead
2008-06-07 13:08:49 0 d-------- C:\Program Files\SquawkBox3
2008-06-06 16:18:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\TomTom
2008-06-06 16:18:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-06 16:17:34 0 d-------- C:\Program Files\TomTom HOME 2
2008-06-06 16:07:43 0 d-------- C:\Program Files\TomTom HOME
2008-06-05 16:19:41 0 d-------- C:\Documents and Settings\Administrator\Contacts
2008-06-05 16:16:06 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-05 16:15:45 0 d-------- C:\Program Files\Windows Live
2008-06-05 16:15:36 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-05 10:45:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-06-05 10:42:53 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-05 10:42:23 0 d-------- C:\Program Files\CyberLink
2008-06-05 00:01:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-06-04 23:46:01 0 d-------- C:\WINDOWS\pss
2008-06-04 23:27:01 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-04 23:20:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-06-04 09:11:15 0 d-------- C:\Program Files\NeroInstall.bak
2008-06-04 09:08:05 0 d-------- C:\Program Files\Nero
2008-06-04 09:08:05 0 d-------- C:\Program Files\Common Files\Nero
2008-06-04 09:08:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-03 16:11:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2008-06-03 16:01:48 53248 -----n--- C:\WINDOWS\system32\uvsc.dll <Not Verified; Ulead; Ulead uvsc>
2008-06-03 16:01:48 86016 -----n--- C:\WINDOWS\system32\uvAC3Enc.dll <Not Verified; Ulead Systems, Inc.; Ulead AC3 Encoder>
2008-06-03 16:01:48 61440 -----n--- C:\WINDOWS\system32\pcmaout.dll <Not Verified; MainConcept AG; MainConcept ® MPEG PCM Audio>
2008-06-03 16:01:48 90112 -----n--- C:\WINDOWS\system32\mpgvparse.dll <Not Verified; Ulead System, Inc.; Ulead Mpeg Video Parser>
2008-06-03 16:01:48 10752 -----n--- C:\WINDOWS\system32\MPGVOUT.dll <Not Verified; Ulead Systems, Inc; Ulead MPEG Video Wrapper>
2008-06-03 16:01:48 147456 -----n--- C:\WINDOWS\system32\mpgmux.dll <Not Verified; Ulead Systems, Inc; Ulead MPEG Multiplexer>
2008-06-03 16:01:48 65536 -----n--- C:\WINDOWS\system32\mpgcheck.dll <Not Verified;
  • 0

#6
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts

My antivirus updates every day this is because it is the full registered version 2 year 2 user standrd license AGV internet Security.


Sorry about that.
I saw AVG7 then I immediately assumed it was a free version.
Will keep that in mind next.

Oh, you posted main.txt twice.
Please post back with Extra.txt before we proceed.
You should be able to find it in C:\Deckard.
  • 0

#7
teaupcoffeetime

teaupcoffeetime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Sorry about that here is the Extre txt




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 3.40GHz
Percentage of Memory in Use: 17%
Physical Memory (total/avail): 3199.04 MiB / 2637.02 MiB
Pagefile Memory (total/avail): 5088.59 MiB / 4508.85 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1902.02 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 193.68 GiB free.
D: is Fixed (NTFS) - 232.88 GiB total, 206.59 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is CDROM (No Media)
J: is CDROM (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE1 - WDC WD2500AAJS-00VTA0 - 232.88 GiB - 1 partition
\PARTITION0 - Installable File System - 232.88 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD2500JS-00NCB1 - 232.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SPIRIT-7BCC586A
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\SPIRIT-7BCC586A
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=SPIRIT-7BCC586A
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy4\Program\SETUP.EXE" /S /U /W
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
--> MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25E6EB3A-F696-41AB-96B6-D76ECE6446BF}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25E6EB3A-F696-41AB-96B6-D76ECE6446BF}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55F63529-9E2F-46C0-A22C-8445B670BCFA}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55F63529-9E2F-46C0-A22C-8445B670BCFA}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B20EB9BE-3795-47BA-BDD6-889593E8FD55}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B20EB9BE-3795-47BA-BDD6-889593E8FD55}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
ActiveSky Version 6 and ActiveSky Graphics --> MsiExec.exe /X{6C06AC26-DBD1-46E5-9863-33E7633566E5}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
aerosoft's - Balearen-Gibraltar - FS2004 --> "C:\Program Files\Microsoft Games\Flight Simulator 9\aerosoft\Uninstall.exe" "uninstall_Balearen-Gibraltar.ini" "C:\Program Files\Microsoft Games\Flight Simulator 9"
aerosoft's - London Brighton Express --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87B0968C-F15D-4673-8E71-B4DB93200977}\setup.exe" -uninst
aerosoft's - Wonderful Madeira - FS2004 --> "C:\Program Files\Microsoft Games\Flight Simulator 9\uninstall_Wonderful Madeira.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Ashampoo Movie Shrink & Burn 3.02 --> "C:\Program Files\Ashampoo\Ashampoo Movie Shrink & Burn 3\unins000.exe"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{34973208-FA6E-48F6-A819-88F5D204A1F4}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ATI Parental Control & Encoder --> MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BAV ACARS 1.5 --> C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\BAVACARS\UnInst.log" "/APPNAME=BAV ACARS 1.5"
BAV OSP 3.0 Public Beta 3 --> "C:\Program Files\BAVOSP\unins000.exe"
BBC iPlayer Download Manager --> MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative WebCam Instant Driver (1.03.02.0425) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script PD0620.uns -unsext NT -plugin P0620Pin.dll -pluginres CtCamPin.crl
CyberScrub® Privacy Suite™ 5.0 --> "C:\Program Files\CyberScrub Privacy Suite\unins000.exe"
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
FSNavigator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F76FF6D-B992-4FD9-8686-F09F868B2C58}\Setup.exe" -l0x9
German Railroads - Vol 1 - Biggetal --> C:\Program Files\Microsoft Games\Train Simulator\gr1uinst.exe
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Kyodai --> "C:\Program Files\Kyodai\unins000.exe"
Lexmark 3500-4500 Series --> C:\Program Files\Lexmark 3500-4500 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions --> C:\Program Files\\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft AutoRoute 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator 2004 A Century of Flight --> "C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Train Simulator --> "C:\Program Files\Microsoft Games\Train Simulator\UNINSTAL.EXE" /runtemp /addremove
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSTS Patch 1.7.0519 --> C:\Program Files\Microsoft Games\Train Simulator\Uninst_MSTS Patch 1.7.0519.exe /U "C:\Program Files\Microsoft Games\Train Simulator\Uninst_MSTS Patch 1.7.0519.log"
MSTSBin Screens & Widgets 0.1 --> "C:\Program Files\Microsoft Games\Train simulator\unins000.exe"
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
ProTrain Semmering 1.0 --> "C:\Program Files\Microsoft Games\Train Simulator\SETUP.1\setup.exe" /u
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RamBooster --> MsiExec.exe /I{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
SIMAVIATOR LTV-EMC Trainset --> C:\WINDOWS\unin0407.exe -f"C:\Program Files\Microsoft Games\Train Simulator\DeIsL1.isu" -c"C:\Program Files\Microsoft Games\Train Simulator\_ISREG32.DLL"
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sound Blaster Audigy 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8AD6CB8-DE96-43FA-9B73-5FB873DD1CAE}\SETUP.EXE" -l0x9 /remove
SquawkBox 3 --> C:\Program Files\SquawkBox3\sbuninstall.exe SquawkBox 3
SUPERAntiSpyware Professional --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TomTom HOME --> C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
Train Store V3.2 --> C:\Program Files\J A Formoso\Train Store\Uninstal.exe
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Ulead Photo Explorer 8.0 SE Basic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}\setup.exe" -l0x9
Ulead VideoStudio 7 SE Basic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\setup.exe" -l0x9
UltraISO V7.65 SR-2 --> "C:\Program Files\UltraISO\unins000.exe"
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
VC_MergeModuleToMSI --> MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinISO 5.3 --> "C:\Program Files\WinISO\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
YCR 151 (CD version) --> C:\Program Files\Microsoft Games\Train Simulator\un_ycr.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type34 / Error
Event Submitted/Written: 06/22/2008 05:17:05 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-06-22 16:17:05,843 SPIRIT-7BCC586A [000344:000808] ERROR 000 AVG7.FW.FwService.FwServCCManager FwServCCManager::ManageProfileSwitchByArea - Failed to set active profile by network area!

Event Record #/Type33 / Error
Event Submitted/Written: 06/22/2008 05:17:05 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-06-22 16:17:05,843 SPIRIT-7BCC586A [000344:000808] ERROR 000 AVG7.FW.FwService.FwServCCManager FwServCCManager::SetActiveProfileByArea : Error in function CreateAndCheckAdapters!

Event Record #/Type32 / Error
Event Submitted/Written: 06/22/2008 05:17:05 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-06-22 16:17:05,843 SPIRIT-7BCC586A [000344:000808] ERROR 000 AVG7.FW.CfgObjects FwCfgObjSet::CreateAndCheckAdaptersUnable to establish communication channel with firewall kernel

Event Record #/Type31 / Error
Event Submitted/Written: 06/22/2008 05:17:05 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-06-22 16:17:05,843 SPIRIT-7BCC586A [000344:000808] ERROR 000 AVG7.FW.CfgObjects CreateAndCheckAdapters - Failed to get adapters info

Event Record #/Type30 / Error
Event Submitted/Written: 06/22/2008 05:17:05 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-06-22 16:17:05,843 SPIRIT-7BCC586A [000344:000808] ERROR 000 AVG7.FW.FwService.FwKernel FwConfig::GetCommonInfo: Request returned error COMM_ERROR_DISABLED (Numeric code: 6)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3714 / Warning
Event Submitted/Written: 06/22/2008 05:16:45 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00184DDEE7E8. The IP address being used is 169.254.196.243.

Event Record #/Type3713 / Warning
Event Submitted/Written: 06/22/2008 05:16:23 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00184DDEE7E8. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type3712 / Warning
Event Submitted/Written: 06/22/2008 05:15:55 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00184DDEE7E8. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type3694 / Error
Event Submitted/Written: 06/22/2008 05:14:33 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The lxdiCATSCustConnectService service failed to start due to the following error:
%%1053

Event Record #/Type3693 / Error
Event Submitted/Written: 06/22/2008 05:14:33 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the lxdiCATSCustConnectService service to connect.



-- End of Deckard's System Scanner: finished at 2008-06-22 17:24:38 ------------
  • 0

#8
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Didn't find anything out of the ordinary, just some minor repair.
Let's do a scan afterwards.

First,

Please seriously consider removing µTorrent .
Want to know more?
Read the articles from the following links below.

The Dangers of P2P File Sharing
The Dangers of Peer-to-Peer (P2P) File Sharing
The Dangers of P2P Networks

To remove,

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

µTorrent

Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\uTorrent
C:\Documents and Settings\Administrator\Application Data\uTorrent


Next,

Please download DAFT and save it to your desktop:
  • Double-click the daft.exe icon.
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.

Finally,

Please do an online scan with Kaspersky WebScanner
Disable resident Antivirus before proceeding.

Welcome Information page will open. Click on Accept
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded, click on Scan
    • Now under that section select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report as button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Post back with Kaspersky log and a New HijackThis log.
  • 0

#9
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP