Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

file:///C:/WINDOWS/privacy_danger/index.htm [RESOLVED]


  • This topic is locked This topic is locked

#16
Rusty1

Rusty1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello Thunderbird

I have done as you ask and I am pasting the results below: By the way, I am not able to receive email via Outlook Express now (since yesterday)? When I open OE it comes onscreen only about 2/3 of the OE Window and then to fill the screen but will not send or receive? Thanks again for your help.

Deckard's System Scanner v20071014.68
Run by Rusty on 2008-08-03 16:20:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
80: 2008-08-03 15:20:07 UTC - RP216 - Deckard's System Scanner Restore Point
79: 2008-08-03 09:45:52 UTC - RP215 - System Checkpoint
78: 2008-08-01 20:01:05 UTC - RP214 - Installed Ad-Aware
77: 2008-08-01 14:32:08 UTC - RP213 - Software Distribution Service 3.0
76: 2008-08-01 13:48:22 UTC - RP212 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-08-01 00:16:41 UTC - RP137 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Rusty.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:47, on 03/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Conceptworld\QNPlus\QNPlus.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Rusty\Desktop\deckards system scanner.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Rusty.exe

R3 - URLSearchHook: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: QXK Olive - {59D7AC76-FEE5-4B08-A97C-79AAED487514} - C:\WINDOWS\nfavxwdbfvm.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {D5E5F66C-3802-489A-9A16-540EA1C3F33B} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QNPlus] C:\Program Files\Conceptworld\QNPlus\QNPlus.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1606980848-926492609-839522115-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Guest')
O4 - HKUS\S-1-5-21-1606980848-926492609-839522115-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Guest')
O4 - HKUS\S-1-5-21-1606980848-926492609-839522115-501\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Guest')
O4 - HKUS\S-1-5-21-1606980848-926492609-839522115-501\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray (User 'Guest')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rusty\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201046449237
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1201046921639
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 11969 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>

S3 PciCon - e:\pcicon.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 Diskeeper - "c:\program files\executive software\diskeeperworkstation\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper ™ Disk Defragmenter>

S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&24CAFEBD&0&00E5
Manufacturer: Marvell
Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&24CAFEBD&0&00E5
Service: yukonwxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1802ADC11D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1802ADC11D800
Service: NIC1394

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia N80
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N80
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2008-07-31 19:57:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-03 and 2008-08-03 -----------------------------

2008-08-03 15:12:19 0 d-------- C:\Documents and Settings\Guest\Application Data\TuxPaint
2008-08-03 07:54:24 0 d-------- C:\Documents and Settings\Guest\Application Data\Skype
2008-08-02 20:25:19 0 d-------- C:\WINDOWS\pss
2008-08-02 00:27:08 4638 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-01 21:01:10 0 d-------- C:\Program Files\Lavasoft
2008-08-01 21:01:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-01 20:48:02 0 d-------- C:\Program Files\SpywareGuard
2008-08-01 20:46:36 0 d-------- C:\Program Files\SpywareBlaster
2008-08-01 15:09:22 0 d-------- C:\WINDOWS\Prefetch
2008-08-01 15:02:45 0 d-------- C:\WINDOWS\system32\scripting
2008-08-01 15:02:44 0 d-------- C:\WINDOWS\l2schemas
2008-08-01 15:02:43 0 d-------- C:\WINDOWS\system32\en
2008-08-01 12:05:54 0 d-------- C:\Documents and Settings\Rusty\Application Data\Malwarebytes
2008-08-01 12:05:42 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-01 12:05:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-01 12:05:11 0 d-------- C:\Program Files\Common Files\Download Manager
2008-08-01 09:47:21 5761 --a------ C:\WINDOWS\system32\qmknvkbc.dll
2008-08-01 09:47:20 5759 --a------ C:\WINDOWS\system32\owywjgrj.dll
2008-08-01 02:21:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-08-01 02:20:25 0 d-------- C:\Program Files\Trend Micro
2008-08-01 01:56:24 0 d-------- C:\Documents and Settings\Rusty\Application Data\HouseCall 6.6
2008-07-31 10:56:37 0 d-------- C:\Documents and Settings\Rusty\Application Data\TuxPaint
2008-07-31 10:56:26 0 d-------- C:\Program Files\TuxPaint
2008-07-24 16:43:35 0 d-------- C:\Documents and Settings\James\Application Data\Apple Computer
2008-07-17 20:00:14 0 d-------- C:\Program Files\Safari
2008-07-16 15:38:39 0 d-------- C:\temp
2008-07-16 15:37:59 0 d-------- C:\Program Files\Microsoft Research
2008-07-16 15:31:32 0 d-------- C:\Program Files\MSBuild
2008-07-16 15:31:28 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-07-16 15:31:24 0 d-------- C:\Program Files\Reference Assemblies
2008-07-16 15:29:30 0 d-------- C:\Program Files\MSXML 6.0
2008-07-15 21:10:25 0 d--h----- C:\WINDOWS\PIF
2008-07-11 22:18:43 0 d-------- C:\Documents and Settings\Rusty\Application Data\Help


-- Find3M Report ---------------------------------------------------------------

2008-08-03 07:41:15 0 d-------- C:\Program Files\Spyware Doctor
2008-08-01 21:00:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-01 15:03:14 0 d-------- C:\Program Files\Messenger
2008-08-01 15:02:42 0 d-------- C:\Program Files\Movie Maker
2008-08-01 14:58:30 0 d-------- C:\Program Files\Windows NT
2008-08-01 12:05:11 0 d-------- C:\Program Files\Common Files
2008-08-01 01:10:16 0 d-------- C:\Program Files\DivX
2008-08-01 01:03:12 0 d-------- C:\Documents and Settings\Rusty\Application Data\LimeWire
2008-07-25 00:11:45 0 d-------- C:\Documents and Settings\Rusty\Application Data\Mozilla
2008-07-24 19:14:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-14 15:25:33 0 d-------- C:\Documents and Settings\Rusty\Application Data\ZoomBrowser EX
2008-06-28 19:16:58 0 d-------- C:\Documents and Settings\Rusty\Application Data\vlc
2008-06-28 18:13:15 0 d-------- C:\Documents and Settings\Rusty\Application Data\dvdcss
2008-06-28 18:12:02 0 d-------- C:\Program Files\VideoLAN
2008-06-28 18:04:22 0 d-------- C:\Documents and Settings\Rusty\Application Data\DivX
2008-06-26 23:06:32 0 d-------- C:\Program Files\EPSON Print CD
2008-06-21 11:35:03 0 d-------- C:\Documents and Settings\Rusty\Application Data\AVGTOOLBAR
2008-06-20 22:35:14 0 d-------- C:\Documents and Settings\Rusty\Application Data\Apple Computer
2008-06-20 22:34:33 0 d-------- C:\Program Files\QuickTime
2008-06-20 22:33:58 0 d-------- C:\Program Files\Apple Software Update
2008-06-20 21:33:03 0 d-------- C:\Program Files\Star Defender
2008-06-20 21:32:15 0 d-------- C:\Program Files\Arcade Classic Pack
2008-06-20 21:21:29 0 d-------- C:\Program Files\Ashampoo
2008-06-20 21:10:11 0 d-------- C:\Program Files\LimeWire
2008-06-14 01:31:31 0 d-------- C:\Program Files\AVG
2008-06-11 01:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 01:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 01:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 01:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-06-11 01:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-06-11 01:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-06-05 23:12:42 2528 --a------ C:\Documents and Settings\Rusty\Application Data\$_hpcst$.hpc
2008-06-05 23:11:33 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-22 23:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59D7AC76-FEE5-4B08-A97C-79AAED487514}]
C:\WINDOWS\nfavxwdbfvm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
03/07/2008 20:27 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5E5F66C-3802-489A-9A16-540EA1C3F33B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [28/10/2007 09:52]
"nwiz"="nwiz.exe" [28/10/2007 09:52 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [28/10/2007 09:52]
"VF0060 STISvc"="V0060Pin.dll" [01/11/2004 02:00 C:\WINDOWS\system32\V0060Pin.dll]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [13/06/2008 08:51]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 23:32]
"EPSON Stylus Photo R320 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.exe" [16/12/2004 04:00]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [18/03/2004 09:33]
"Logitech Utility"="Logi_MwX.Exe" [08/11/2002 11:50 C:\WINDOWS\LOGI_MWX.EXE]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [07/07/1998 17:04]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [07/07/1998 17:20]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [03/07/2008 20:27]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [18/12/2006 14:34]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [13/07/2006 07:12]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [16/02/2008 00:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"QNPlus"="C:\Program Files\Conceptworld\QNPlus\QNPlus.exe" [10/04/2007 17:43]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [05/03/2007 22:57]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [13/11/2006 13:39]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 21:05]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [15/02/2008 23:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

C:\Documents and Settings\Rusty\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29/08/2003 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 02:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com

8226 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-03 16:21:29 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Quad CPU @ 2.40GHz
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 3007.11 MiB / 2215.82 MiB
Pagefile Memory (total/avail): 4893.31 MiB / 4133.53 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.97 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 127.99 GiB total, 108.39 GiB free.
D: is Fixed (NTFS) - 337.77 GiB total, 337.7 GiB free.
E: is Fixed (NTFS) - 465.76 GiB total, 406.13 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD5000AAKS-00YGA0 - 465.76 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 337.77 GiB - D:

\\.\PHYSICALDRIVE1 - WDC WD5000AAKS-00YGA0 - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.76 GiB - E:

\\.\PHYSICALDRIVE2 - EPSON Stylus Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Rusty\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KELSA
ComSpec=C:\WINDOWS\system32\cmd.exe
DiskeeperIcon=C:\Program Files\Executive Software\DiskeeperWorkstation\
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Rusty
LOGONSERVER=\\KELSA
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Executive Software\DiskeeperWorkstation\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f07
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Rusty\LOCALS~1\Temp
TMP=C:\DOCUME~1\Rusty\LOCALS~1\Temp
USERDOMAIN=KELSA
USERNAME=Rusty
USERPROFILE=C:\Documents and Settings\Rusty
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Rusty (admin)
Mrs r (admin)
James
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Abe's Oddysee --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Abe's Oddysee\Uninst.isu"
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Digital Editions --> c:\documents and settings\rusty\application data\macromedia\flash player\www.macromedia.com\bin\digitaleditions1x5\digitaleditions1x5.exe -uninstall
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Photoshop Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AGEIA PhysX v7.11.13 --> MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Arcade Classic Pack 5.10 --> "C:\Program Files\Arcade Classic Pack\unins000.exe"
Ashampoo WinOptimizer 4.50 --> "C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\unins000.exe"
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove
Creative WebCam Live! Ultra Driver (1.01.03.0127) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0060.uns -unsext NT -plugin V0060Pin.dll -pluginres CtCamPin.crl -filelog
Creative WebCam Live! Ultra User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Live! Ultra\Creative WebCam Live! Ultra User's Guide\English\CTManual.isu"
DevalVR for Internet Explorer (remove) --> C:\Program Files\DevalVR\installdevalvr.exe /u
DiskeeperWorkstation --> MsiExec.exe /I{66C6F7B6-12D9-4042-976A-BF74D0AAFC84}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Manager 2.3.6 --> C:\Program Files\Download Manager\uninst.exe
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM
EPSON PRINT Image Framer Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD04987D-96A6-4FE1-813B-82B77B8B809C}\SETUP.EXE" -l0x9 anything
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON TWAIN 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\Setup.exe" UNINSTALL
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESPR320 Reference Guide --> C:\Program Files\EPSON\TPMANUAL\ESPR320\REF_G\DOCUNINS.EXE
FinePixViewer Ver.4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Get Yahoo! Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9 /remove
Ghost Recon Advanced Warfighter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFC97089-04D6-42CE-A707-A343B4A7D2CD}\setup.exe" -l0x9
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HouseCall 6.6 --> "C:\Documents and Settings\Rusty\Application Data\HouseCall 6.6\uninstaller.exe"
ImageMixer VCD2 for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934E9442-D305-4ACF-AD87-A6C11D677CB9}\setup.exe"
IMVU Avatar Chat Software --> C:\Program Files\IMVU\Uninstall.exe
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LG PC Suite --> C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe -runfromtemp -l0x0009 -removeonly
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 LG -removeonly
LimeWire 4.18.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.75 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
McDonald's Dragons --> C:\Program Files\McDonaldsDragons\uninstall.exe
McDonald's Fairies --> C:\Program Files\McDonaldsFairies\uninstall.exe
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WorldWide Telescope --> MsiExec.exe /I{A5C16084-032F-4A6D-B19A-2E700421F9FB}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}
Nokia Multimedia Factory --> "C:\Documents and Settings\All Users\Application Data\Installations\{4CFB3821-1582-4f3b-BF8D-30986923B36B}\Nokia_Multimedia_Factory_2_0.exe" /MAINTENANCE /SILENT="SWLPCER" /LANG="2057" /MSI_COMMON_OPTIONS="PCSLANG= MMFLANG=eng"
Nokia Multimedia Factory --> MsiExec.exe /I{4CFB3821-1582-4F3B-BF8D-30986923B36B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC Connectivity Solution --> MsiExec.exe /I{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}
PIF DESIGNER --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything
Presto! PageManager for EPSON --> C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PageManager\DeIsL1.isu"
Quick Notes Plus 5.0 --> "C:\Program Files\Conceptworld\QNPlus\unins000.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Skype 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
Star Defender --> "C:\Program Files\Star Defender\uninstall.exe"
Studio 9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9 UNINSTALL
TextBridge Classic 2.0 --> "C:\Program Files\TextBridge Classic 2.0\bin\setup.exe" -funinst.ins
Trend Micro Internet Security --> C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security --> MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
Tux Paint 0.9.20 --> "C:\Program Files\TuxPaint\unins000.exe"
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Driver Package - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! uC --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type5510 / Success
Event Submitted/Written: 08/02/2008 09:09:09 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type5508 / Error
Event Submitted/Written: 08/02/2008 09:08:15 PM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: SmartSound Quicktracks Plugin -- Error 1706.No valid source could be found for product SmartSound Quicktracks Plugin. The Windows Installer cannot continue.

Event Record #/Type5507 / Error
Event Submitted/Written: 08/02/2008 09:08:15 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application sgliveupdate.exe, version 2.2.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type5506 / Warning
Event Submitted/Written: 08/02/2008 09:07:45 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}', feature 'Quicktracks' failed during request for component '{397D1016-A762-11D2-B97E-006097C4DE24}'

Event Record #/Type5505 / Warning
Event Submitted/Written: 08/02/2008 09:07:45 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}', feature 'Quicktracks', component '{39B7CD2D-62D5-4F79-8FEB-963EEF2DF1E2}' failed. The resource 'C:\WINDOWS\system32\Quicktime\' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12805 / Warning
Event Submitted/Written: 08/02/2008 10:41:05 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type12803 / Warning
Event Submitted/Written: 08/02/2008 09:17:45 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type12774 / Error
Event Submitted/Written: 08/02/2008 08:50:03 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type12773 / Error
Event Submitted/Written: 08/02/2008 08:49:50 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type12772 / Error
Event Submitted/Written: 08/02/2008 08:49:06 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}



-- End of Deckard's System Scanner: finished at 2008-08-03 16:21:29 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Quad CPU @ 2.40GHz
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 3007.11 MiB / 2215.82 MiB
Pagefile Memory (total/avail): 4893.31 MiB / 4133.53 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.97 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 127.99 GiB total, 108.39 GiB free.
D: is Fixed (NTFS) - 337.77 GiB total, 337.7 GiB free.
E: is Fixed (NTFS) - 465.76 GiB total, 406.13 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD5000AAKS-00YGA0 - 465.76 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 337.77 GiB - D:

\\.\PHYSICALDRIVE1 - WDC WD5000AAKS-00YGA0 - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.76 GiB - E:

\\.\PHYSICALDRIVE2 - EPSON Stylus Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Rusty\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KELSA
ComSpec=C:\WINDOWS\system32\cmd.exe
DiskeeperIcon=C:\Program Files\Executive Software\DiskeeperWorkstation\
FP_NO_HOST_CHECK=NO
HOMEDRI
  • 0

Advertisements


#17
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Rusty,

I strongly recommand to uninstall Limewire. This program is a P2P program. The problem with these kinds of problem is that it can cause a lot of viruses. Also the use of it is illegal in many countries due to copyrightinfrigments.

Please download DAFT and save it to your desktop:
  • Double-click the daft.exe icon.
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\qmknvkbc.dll
    C:\WINDOWS\system32\owywjgrj.dll
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply. Please post also a new log of DSS and tell me how your computer is running.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Thunderbird1988
  • 0

#18
Rusty1

Rusty1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello Thunderbird 1988

I done as you suggested (including uninstall of Limewire) and pasted the results below.

I don't understand your request for a new log of DSS? I hope what I am posting is correct?

Regards, Rusty

Explorer killed successfully
LoadLibrary failed for C:\WINDOWS\system32\qmknvkbc.dll
C:\WINDOWS\system32\qmknvkbc.dll NOT unregistered.
C:\WINDOWS\system32\qmknvkbc.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\owywjgrj.dll
C:\WINDOWS\system32\owywjgrj.dll NOT unregistered.
C:\WINDOWS\system32\owywjgrj.dll moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Rusty\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Rusty\LOCALS~1\Temp\~DF4515.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Rusty\LOCALS~1\Temp\~DFADDC.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Rusty\LOCALS~1\Temp\~DFD73E.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08042008_151910

Files moved on Reboot...
C:\DOCUME~1\Rusty\LOCALS~1\Temp\WCESLog.log moved successfully.
C:\DOCUME~1\Rusty\LOCALS~1\Temp\~DF4515.tmp moved successfully.
C:\DOCUME~1\Rusty\LOCALS~1\Temp\~DFADDC.tmp moved successfully.
C:\DOCUME~1\Rusty\LOCALS~1\Temp\~DFD73E.tmp moved successfully.

The above is a copy of the results that came up automatically - they are the same as those in c:\_OTMoveIt\MovedFiles (I believe).

I hope this helps = Thanks
  • 0

#19
Rusty1

Rusty1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello Thunderbird 1988,

I have rebooted my pc to find out how it is running now . . . . it is still quite slow to start (slower than before these problems) and I remain unable to send or receive emails via Outlook Express?

Regards, Rusty
  • 0

#20
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Rusty,

Please post a new log of DSS.

Thunderbird1988
  • 0

#21
Rusty1

Rusty1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello Thunderbird,

I am so sorry, I don't remember how to perform "DSS" so that I can give you the log.
Please advise and I will perform and forward to you.

AVG found the following on start up:

C:\System Volume Information\_restore{A4943D2D-73D6-46BF-9FD9-366383D91CF7\RP206\A0032369.exe

And others, ending in: A0032367.exe A0032368.dll

These are three reported by resident shield (and not removed by it) - when I selected "Remove" AVG reorted that it was unable to find them?

AVG also reported 7 Trojans found and removed on start up, it has moved those to the virus vault apparently.

C:\System Volume Information\_restore{A4943D2D-73D6-46BF-9FD9-366383D91CF7}\RP206\A0032367.exe

plus others ending in .exe and in .dll
  • 0

#22
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Rusty,

To Run DSS. Please Doubleclick on the program deckards system scanner.exe on your desktop and follow the prompts. When it has ran, please post the log of it.
If it is no longer on your desktop, please redownload it from here.

Thunderbird1988
  • 0

#23
Rusty1

Rusty1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I reviewed your help and realised/remembered what DSS is.

There is a problem however; when I attempt to run DSS Trend Micro brings up a window saying that a virus has been prevented from running.

I am also getting the following message (Trend Micro):

"Your Unathorized Change Prevention Service has shut down. Trying restarting Trend Micro Internet Security to restore your Unauthorized Change Prevention Service. If the problem persists, please restart your computer. If you continue to receive this warning, please contact Technical Support. I have tried restarting Trend but the problem persists?

I am unable to run DSS due to the above - when I try, I get the following:

Infected file quarantined

"Trend Micro Internet Security found a virus but could not clean the infected file. Click the button below to check the files currently quarantined."

The opening message is the same and the information is as follows:

Infected file: C:\...\md5deep.exe
Name: PAK Generic.001
Moved to quarantine

Infected file: C:\...\sed.exe
Name: PAK Generic.001
Quarantined

Infected file: C:\...\dss.dll
Name: PAK Generic.001
Quarantined

Please advise? I am at an absolute loss now and continue to be extremely grateful for your help and patience.

Rusty
  • 0

#24
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Rusty,

Deckard System Scanner is "packed" on a way many malware is packed. Therefore Trend Micro thinks it might be a virus.

Does Trend Micro gives you the option to ignore those files? If so, please use the ignore option.

If that doesn't work. Please post a new Hijackthislog.

Thunderbird1988
  • 0

#25
Rusty1

Rusty1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello Thunderbird,

I have managed to run DSS (I disabled Trend Micro temporarily). The log is below.

Deckard's System Scanner v20071014.68
Run by Rusty on 2008-08-04 21:34:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Rusty.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:18, on 04/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Conceptworld\QNPlus\QNPlus.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Rusty\Desktop\Virus Utilities\deckards system scanner.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Rusty.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R3 - URLSearchHook: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: QXK Olive - {59D7AC76-FEE5-4B08-A97C-79AAED487514} - C:\WINDOWS\nfavxwdbfvm.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {D5E5F66C-3802-489A-9A16-540EA1C3F33B} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QNPlus] C:\Program Files\Conceptworld\QNPlus\QNPlus.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rusty\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201046449237
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1201046921639
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 11518 bytes

-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-04 08:08:45 23 --a------ C:\Documents and Settings\Guest\jagex_runescape_preferences.dat
2008-08-04 08:08:36 0 d-------- C:\.jagex_cache_32
2008-08-04 08:08:21 0 d-------- C:\Documents and Settings\Guest\Application Data\Sun
2008-08-03 15:12:19 0 d-------- C:\Documents and Settings\Guest\Application Data\TuxPaint
2008-08-03 07:54:24 0 d-------- C:\Documents and Settings\Guest\Application Data\Skype
2008-08-02 20:25:19 0 d-------- C:\WINDOWS\pss
2008-08-02 00:27:08 4638 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-01 21:01:10 0 d-------- C:\Program Files\Lavasoft
2008-08-01 21:01:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-01 20:48:02 0 d-------- C:\Program Files\SpywareGuard
2008-08-01 20:46:36 0 d-------- C:\Program Files\SpywareBlaster
2008-08-01 15:09:22 0 d-------- C:\WINDOWS\Prefetch
2008-08-01 15:02:45 0 d-------- C:\WINDOWS\system32\scripting
2008-08-01 15:02:44 0 d-------- C:\WINDOWS\l2schemas
2008-08-01 15:02:43 0 d-------- C:\WINDOWS\system32\en
2008-08-01 12:05:54 0 d-------- C:\Documents and Settings\Rusty\Application Data\Malwarebytes
2008-08-01 12:05:42 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-01 12:05:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-01 12:05:11 0 d-------- C:\Program Files\Common Files\Download Manager
2008-08-01 02:21:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-08-01 02:20:25 0 d-------- C:\Program Files\Trend Micro
2008-08-01 01:56:24 0 d-------- C:\Documents and Settings\Rusty\Application Data\HouseCall 6.6
2008-07-31 10:56:37 0 d-------- C:\Documents and Settings\Rusty\Application Data\TuxPaint
2008-07-31 10:56:26 0 d-------- C:\Program Files\TuxPaint
2008-07-24 16:43:35 0 d-------- C:\Documents and Settings\James\Application Data\Apple Computer
2008-07-17 20:00:14 0 d-------- C:\Program Files\Safari
2008-07-16 15:38:39 0 d-------- C:\temp
2008-07-16 15:37:59 0 d-------- C:\Program Files\Microsoft Research
2008-07-16 15:31:32 0 d-------- C:\Program Files\MSBuild
2008-07-16 15:31:28 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-07-16 15:31:24 0 d-------- C:\Program Files\Reference Assemblies
2008-07-16 15:29:30 0 d-------- C:\Program Files\MSXML 6.0
2008-07-15 21:10:25 0 d--h----- C:\WINDOWS\PIF
2008-07-11 22:18:43 0 d-------- C:\Documents and Settings\Rusty\Application Data\Help


-- Find3M Report ---------------------------------------------------------------

2008-08-04 13:38:47 0 d-------- C:\Program Files\Spyware Doctor
2008-08-01 21:00:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-01 15:03:14 0 d-------- C:\Program Files\Messenger
2008-08-01 15:02:42 0 d-------- C:\Program Files\Movie Maker
2008-08-01 14:58:30 0 d-------- C:\Program Files\Windows NT
2008-08-01 12:05:11 0 d-------- C:\Program Files\Common Files
2008-08-01 01:10:16 0 d-------- C:\Program Files\DivX
2008-08-01 01:03:12 0 d-------- C:\Documents and Settings\Rusty\Application Data\LimeWire
2008-07-25 00:11:45 0 d-------- C:\Documents and Settings\Rusty\Application Data\Mozilla
2008-07-24 19:14:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-14 15:25:33 0 d-------- C:\Documents and Settings\Rusty\Application Data\ZoomBrowser EX
2008-06-28 19:16:58 0 d-------- C:\Documents and Settings\Rusty\Application Data\vlc
2008-06-28 18:13:15 0 d-------- C:\Documents and Settings\Rusty\Application Data\dvdcss
2008-06-28 18:12:02 0 d-------- C:\Program Files\VideoLAN
2008-06-28 18:04:22 0 d-------- C:\Documents and Settings\Rusty\Application Data\DivX
2008-06-26 23:06:32 0 d-------- C:\Program Files\EPSON Print CD
2008-06-21 11:35:03 0 d-------- C:\Documents and Settings\Rusty\Application Data\AVGTOOLBAR
2008-06-20 22:35:14 0 d-------- C:\Documents and Settings\Rusty\Application Data\Apple Computer
2008-06-20 22:34:33 0 d-------- C:\Program Files\QuickTime
2008-06-20 22:33:58 0 d-------- C:\Program Files\Apple Software Update
2008-06-20 21:33:03 0 d-------- C:\Program Files\Star Defender
2008-06-20 21:32:15 0 d-------- C:\Program Files\Arcade Classic Pack
2008-06-20 21:21:29 0 d-------- C:\Program Files\Ashampoo
2008-06-14 01:31:31 0 d-------- C:\Program Files\AVG
2008-06-11 01:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 01:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 01:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 01:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-06-11 01:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-06-11 01:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-06-05 23:12:42 2528 --a------ C:\Documents and Settings\Rusty\Application Data\$_hpcst$.hpc
2008-06-05 23:11:33 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-22 23:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59D7AC76-FEE5-4B08-A97C-79AAED487514}]
C:\WINDOWS\nfavxwdbfvm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
03/07/2008 20:27 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5E5F66C-3802-489A-9A16-540EA1C3F33B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [28/10/2007 09:52]
"nwiz"="nwiz.exe" [28/10/2007 09:52 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [28/10/2007 09:52]
"VF0060 STISvc"="V0060Pin.dll" [01/11/2004 02:00 C:\WINDOWS\system32\V0060Pin.dll]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [13/06/2008 08:51]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 23:32]
"EPSON Stylus Photo R320 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.exe" [16/12/2004 04:00]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [18/03/2004 09:33]
"Logitech Utility"="Logi_MwX.Exe" [08/11/2002 11:50 C:\WINDOWS\LOGI_MWX.EXE]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [07/07/1998 17:04]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [07/07/1998 17:20]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [03/07/2008 20:27]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [18/12/2006 14:34]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [13/07/2006 07:12]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [16/02/2008 00:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"QNPlus"="C:\Program Files\Conceptworld\QNPlus\QNPlus.exe" [10/04/2007 17:43]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [05/03/2007 22:57]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [13/11/2006 13:39]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 21:05]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [15/02/2008 23:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

C:\Documents and Settings\Rusty\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29/08/2003 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 02:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-08-04 21:34:52 ------------
  • 0

Advertisements


#26
Rusty1

Rusty1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I am sorry to trouble you again.

Please note that I am away now until Saturday 9th August. I have not lost interest and remain very grateful for the help you are giving. I will complete all the steps you suggest as soon as I return.

Many thanks,

Rusty
  • 0

#27
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Rusty,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: QXK Olive - {59D7AC76-FEE5-4B08-A97C-79AAED487514} - C:\WINDOWS\nfavxwdbfvm.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {D5E5F66C-3802-489A-9A16-540EA1C3F33B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

After that, please post a new log of DSS and let me know how your computer is running.

Thunderbird1988
  • 0

#28
Rusty1

Rusty1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello Thunderbird 1988,

I have followed your instructions and posted the HJT Log below - is that the same as a DSS log? I am now home . . . as I imagine you have realised and very eager to complete the "full clean" of my system.

Regards, Rusty

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:08, on 09/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Conceptworld\QNPlus\QNPlus.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R3 - URLSearchHook: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QNPlus] C:\Program Files\Conceptworld\QNPlus\QNPlus.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rusty\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201046449237
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1201046921639
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 10801 bytes
  • 0

#29
Rusty1

Rusty1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello Thunderbird 1988,

I have shut down my pc and restarted it to see how it is running now.

It is still quite slow to start (slower than originally that is)?

I downloaded Trend Micro PCCillin as suggest and this expires soon - should I suscribe to PCCillin to have it permanently OR is AVG Free sufficient for my needs.

Perhaps there is a 'better' Anti-virus/Firewall product which I should have?

Many thanks for your continued help and support,

Rusty
  • 0

#30
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Rusty,

It is still quite slow to start (slower than originally that is)?


Try the steps discribed here and see if that helps a bit.

I downloaded Trend Micro PCCillin as suggest and this expires soon - should I suscribe to PCCillin to have it permanently OR is AVG Free sufficient for my needs.

Perhaps there is a 'better' Anti-virus/Firewall product which I should have?


Well if you would like to have a "Security Suite" (all the security software you need in one package) Try Kaspersky Internet Security or Eset Smart Security. Those are better then Trend Micro.

You can use AVG Free. I think it will suit your needs.

You will then also need a firewall. You can find a list of free protection tools via the link in my signature. If you choose to install Comodo, please make sure you read the User Guide first.

Do you have any other questions?

Thunderbird1988
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP