Hi fenzodahl. Thanks for the help! Here's the information you requested. I've scanned several more times and haven't had anything pop up on AVG. But that little tray red shield "You have a security problem" is still there and still pops up a "virus scanner" website that tries to get me to download another virus. So anyways. Thanks again.
Deckard's System Scanner v20071014.68
Run by B on 2008-07-01 02:20:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 3 Restore Point(s) --
3: 2008-07-01 07:20:33 UTC - RP6 - Deckard's System Scanner Restore Point
2: 2008-06-30 13:49:48 UTC - RP5 - Installed Enemy Territory - QUAKE Wars
1: 2008-06-30 10:29:41 UTC - RP4 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as B.exe) ---------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:15 AM, on 7/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\DOCUME~1\B\LOCALS~1\Temp\setup30.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\DOCUME~1\B\LOCALS~1\Temp\4A.tmp
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\B\Desktop\dss.exe
C:\HIJACK~1\B.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\B\LOCALS~1\Temp\setup30.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) -
http://www.acclaim.c.../acclaim_v5.cabO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 7544 bytes
-- HijackThis Fixed Entries (C:\HIJACK~1\backups\) -----------------------------
backup-20080630-072724-715 O4 - HKLM\..\Run: [SMrhc7psj0e1bl] C:\Program Files\rhc7psj0e1bl\rhc7psj0e1bl.exe
backup-20080630-072724-798 O4 - HKLM\..\Run: [lphc3psj0e1bl] C:\WINDOWS\system32\lphc3psj0e1bl.exe
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 giveio - c:\windows\system32\giveio.sys
R0 JGOGO (JMicron Hot-Plug Driver) - c:\windows\system32\drivers\jgogo.sys <Not Verified; JMicron; SCSI Port upper filter driver>
R0 JRAID - c:\windows\system32\drivers\jraid.sys <Not Verified; JMicron Technology Corp.; JMicron JR036X RAID Driver>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 GizmoDrv (Gizmo Virtual Drive Device Driver) - c:\windows\system32\drivers\gizmodrv.sys <Not Verified; Arainia Solutions; Gizmo Virtual Drive Device Driver>
R3 AmdLLD (AMD Low Level Device Driver) - c:\windows\system32\drivers\amdlld.sys <Not Verified; AMD, Inc.; Low Level Device Driver>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 RivaTuner32 - c:\program files\rivatuner v2.06\rivatuner32.sys
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 motmodem (Motorola USB CDC ACM Driver) - c:\windows\system32\drivers\motmodem.sys <Not Verified; Motorola; Motorola USB Modem or Port>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R2 RMSvc (Media Center Extender Resource Monitor) - c:\windows\ehome\rmsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-05-21 20:08:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-06-01 and 2008-07-01 -----------------------------
2008-06-30 08:50:11 0 d-------- C:\Program Files\id Software
2008-06-30 08:43:42 0 dr-h----- C:\Documents and Settings\B\Recent
2008-06-30 07:55:01 0 d-------- C:\VundoFix Backups
2008-06-30 07:29:55 0 d-------- C:\Program Files\Panda Security
2008-06-30 06:57:22 0 d-------- C:\HijackThis
2008-06-30 06:38:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-30 04:27:09 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-30 04:27:09 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-30 04:27:09 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-30 04:27:09 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-30 04:27:09 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-30 04:27:09 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-30 04:27:09 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-30 04:27:09 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-30 04:27:09 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-30 04:27:09 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-30 04:27:09 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-30 04:27:09 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-30 04:27:09 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-30 04:27:09 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-29 04:27:43 0 d-------- C:\Program Files\Lavasoft
2008-06-29 03:48:20 0 d-------- C:\Documents and Settings\B\Application Data\rhc7psj0e1bl
2008-06-28 03:58:11 0 d-------- C:\Program Files\Future Pinball
-- Find3M Report ---------------------------------------------------------------
2008-07-01 02:12:52 0 d-------- C:\Program Files\SpeedFan
2008-06-30 09:13:26 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-29 04:27:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 02:14:54 0 d-------- C:\Program Files\Folding@Home
2008-06-22 13:05:20 0 d-------- C:\Documents and Settings\B\Application Data\uTorrent
2008-06-18 02:44:15 0 d-------- C:\Documents and Settings\B\Application Data\Mozilla
2008-05-23 10:01:31 0 d-------- C:\Program Files\Astonsoft
2008-05-23 09:41:12 0 d-------- C:\Documents and Settings\B\Application Data\DMCache
2008-05-19 13:01:49 0 d-------- C:\Program Files\OO Software
2008-05-19 11:01:23 0 d-------- C:\Program Files\Motorola
2008-05-18 08:38:00 0 d-------- C:\Program Files\Oront Burning Kit 2
2008-05-17 11:58:40 0 d-------- C:\Documents and Settings\B\Application Data\AVGTOOLBAR
2008-05-16 09:14:21 0 d-------- C:\Program Files\Funcom
2008-05-16 03:53:50 0 d-------- C:\Documents and Settings\B\Application Data\Obsidium
2008-05-15 08:38:00 0 d-------- C:\Program Files\Western Digital Technologies
2008-05-15 05:03:11 0 d-------- C:\Program Files\AVG
2008-05-08 23:53:41 668 --a------ C:\Documents and Settings\B\Application Data\vso_ts_preview.xml
2008-05-08 23:53:41 0 d-------- C:\Documents and Settings\B\Application Data\Vso
2008-05-08 06:10:43 0 d-------- C:\Program Files\Messenger
2008-05-08 06:10:33 0 d-------- C:\Program Files\Movie Maker
2008-05-08 06:09:01 0 d-------- C:\Program Files\Windows NT
2008-05-07 12:01:22 0 d-------- C:\Program Files\Ventrilo
2008-05-01 21:32:15 0 d-------- C:\Program Files\FileStream
2008-05-01 21:32:15 0 d-------- C:\Program Files\Common Files
2008-05-01 04:28:16 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-01 03:43:15 0 d-------- C:\Program Files\World of Warcraft
2008-05-01 03:40:50 0 d-------- C:\Program Files\YOU DON'T KNOW JACK
2008-05-01 03:40:18 0 d-------- C:\Program Files\SwitchBlade
2008-04-18 08:16:46 6027 --a------ C:\Program Files\install.log
2008-04-16 11:55:20 103424 --a------ C:\WINDOWS\system32\SwitchBlade_nat.dll <Not Verified; Blue Orb; SwitchBlade>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/15/2008 05:03 AM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/15/2008 05:03 AM 2050816]
[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 01:56 PM]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [04/24/2006 09:52 PM]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [11/17/2006 04:49 PM]
"RTHDCPL"="RTHDCPL.EXE" [07/05/2007 04:08 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"RivaTuner"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [10/30/2007 01:05 PM]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [10/30/2007 01:05 PM]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [09/26/2007 07:05 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/24/2008 07:52 PM]
"nwiz"="nwiz.exe" [03/24/2008 07:52 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [03/24/2008 07:52 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/15/2008 05:03 AM]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [05/11/2007 02:08 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [07/03/2007 12:32 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 07:12 PM]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [09/06/2007 08:08 AM]
"Somefox"="C:\DOCUME~1\B\LOCALS~1\Temp\setup30.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
C:\Documents and Settings\B\Start Menu\Programs\Startup\
Folding@Home 5.03.lnk - C:\Program Files\Folding@Home\winFAH.exe [11/15/2007 9:55:14 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8756 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-07-01 02:22:45 ------------
Here's the etra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: AMD Athlon 64 X2 Dual Core Processor 5200+
Percentage of Memory in Use: 18%
Physical Memory (total/avail): 3071.48 MiB / 2517.06 MiB
Pagefile Memory (total/avail): 4956.54 MiB / 4529.38 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1905.39 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 20.35 GiB free.
D: is Fixed (NTFS) - 232.88 GiB total, 63.14 GiB free.
E: is CDROM (UDF)
F: is Removable (No Media)
G: is Removable (No Media)
H: is CDROM (No Media)
\\.\PHYSICALDRIVE1 - SAMSUNG SP2514N SCSI Disk Device - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - D:
\\.\PHYSICALDRIVE0 - SATA WD C WD800J SCSI Disk Device - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:
\\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device
\\.\PHYSICALDRIVE3 - Generic STORAGE DEVICE USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\B\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BRANDON-4457622
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\B
LOGONSERVER=\\BRANDON-4457622
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4302
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\B\LOCALS~1\Temp
TMP=C:\DOCUME~1\B\LOCALS~1\Temp
USERDOMAIN=BRANDON-4457622
USERNAME=B
USERPROFILE=C:\Documents and Settings\B
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
B
(admin)MCX1.BRANDON-4457622
Administrator
(new local, admin)-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Age of Conan - Hyborian Adventures --> "C:\Program Files\Funcom\Age of Conan\unins000.exe"
AntivirXP08 --> "C:\Program Files\rhc7psj0e1bl\uninstall.exe"
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ConvertXtoDVD 3.0.0.1 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DeepBurner v1.8.0.224 --> "C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log"
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dual-Core Optimizer --> MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Enemy Territory - Quake Wars --> C:\Program Files\id Software\Enemy Territory - QUAKE Wars\uninstall.exe
Enemy Territory - QUAKE Wars 1.1 Patch --> C:\Program Files\InstallShield Installation Information\{0C5D0DC4-F5D3-46F9-AE2E-E45C99B4A6B6}\setup.exe -runfromtemp -l0x0409
FEAR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 /zU -removeonly
ffdshow --> "C:\Program Files\ffdshow\uninstall.exe"
Folding@Home --> C:\WINDOWS\system32\GKSUI18.EXE C:\Program Files\Folding@Home\Uninstall5DB8.DAT
Fraps --> "C:\Fraps\uninstall.exe"
Future Pinball --> "C:\Program Files\Future Pinball\unins000.exe"
HD Tune 2.54 --> "C:\Program Files\HD Tune\unins000.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\HijackThis\HijackThis.exe" /uninstall
HTML Executable IERuntime --> C:\Program Files\Common Files\HTML Executable Viewer\{AF358AB7-0CEF-40B5-A569-D27F8F38232D}\heieunin.exe
Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JRAID --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
LimeWire 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech Registration --> MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
Media Center Extender --> C:\WINDOWS\eHome\DvcConn.exe /uninstall
Media Center Extender --> MsiExec.exe /I{23FE964A-853B-4176-86D7-9E18B5CA1FC0}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Xbox 360 Accessories 1.1 --> MsiExec.exe /X{66F0AC35-4805-44BC-A3D4-347D4196F9B3}
Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
NVIDIA Media Center extensions for display --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4BE15737-07C5-4705-9DFC-D9D533939942}\setup.exe" -l0x9 -uninstall
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
NVIDIA PureVideo Decoder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x9 -uninstall
O&O Defrag Professional Edition --> MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
Omni Auction Builder --> C:\WINDOWS\iun6002.exe "C:\Program Files\Omni Auction Builder\uninstall\irunin.ini"
Oront Burning Kit 2 Basic v2.5.5 --> "C:\Program Files\Oront Burning Kit 2\unins000.exe"
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pcsx2 0.9.4 Watermoose --> "C:\Program Files\Pcsx2_0.9.4\unins000.exe"
PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealArcade --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst"
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RivaTuner v2.06 --> "C:\Program Files\RivaTuner v2.06\uninstall.exe"
RSD_LITE_2_7 --> MsiExec.exe /X{FDA3FCAB-7476-4858-B28D-49F22F2C2BEE}
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows XP Media Center Edition 2005 KB905589 --> "C:\WINDOWS\$NtUninstallKB905589$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahtzee Download Edition --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\Yahtzee Download Edition.rguninst"
-- Application Event Log -------------------------------------------------------
Event Record #/Type2070 / Error
Event Submitted/Written: 06/30/2008 05:28:31 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rhc7psj0e1bl.exe, version 0.0.0.0, faulting module rhc7psj0e1bl.exe, version 0.0.0.0, fault address 0x00044019.
Processing media-specific event for [rhc7psj0e1bl.exe!ws!]
Event Record #/Type2068 / Error
Event Submitted/Written: 06/30/2008 04:11:04 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rhc7psj0e1bl.exe, version 0.0.0.0, faulting module rhc7psj0e1bl.exe, version 0.0.0.0, fault address 0x00044019.
Processing media-specific event for [rhc7psj0e1bl.exe!ws!]
Event Record #/Type2067 / Error
Event Submitted/Written: 06/30/2008 04:08:24 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 821883383.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.
Event Record #/Type2065 / Error
Event Submitted/Written: 06/30/2008 04:07:22 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rhc7psj0e1bl.exe, version 0.0.0.0, faulting module rhc7psj0e1bl.exe, version 0.0.0.0, fault address 0x00044019.
Processing media-specific event for [rhc7psj0e1bl.exe!ws!]
Event Record #/Type2064 / Error
Event Submitted/Written: 06/30/2008 04:02:39 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rhc7psj0e1bl.exe, version 0.0.0.0, faulting module rhc7psj0e1bl.exe, version 0.0.0.0, fault address 0x00044019.
Processing media-specific event for [rhc7psj0e1bl.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type34241 / Error
Event Submitted/Written: 07/01/2008 02:13:49 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.
Event Record #/Type34240 / Error
Event Submitted/Written: 07/01/2008 02:13:49 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.
Event Record #/Type34239 / Error
Event Submitted/Written: 07/01/2008 02:13:49 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.
Event Record #/Type34238 / Error
Event Submitted/Written: 07/01/2008 02:13:49 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.
Event Record #/Type34237 / Error
Event Submitted/Written: 07/01/2008 02:13:49 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.
-- End of Deckard's System Scanner: finished at 2008-07-01 02:22:45 ------------
Edited by m40p, 01 July 2008 - 01:34 AM.