Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help! I have problem about this AVGSSIE.dll


  • Please log in to reply

#1
wengvain

wengvain

    New Member

  • Member
  • Pip
  • 2 posts
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-08-12 10:28:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
39: 2008-08-12 02:28:44 UTC - RP169 - Deckard's System Scanner Restore Point
38: 2008-08-11 23:52:20 UTC - RP168 - Installed OpenOffice.org Installer 1.0
37: 2008-08-11 23:50:41 UTC - RP167 - Installed Java™ 6 Update 10
36: 2008-08-11 23:42:37 UTC - RP166 - Removed Java™ 6 Update 7
35: 2008-08-11 23:26:35 UTC - RP165 - Uniblue RegistryBooster


-- First Restore Point --
1: 2008-08-10 06:40:41 UTC - RP131 - Removed Ad-Aware


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:37 AM, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\MyDocs\Downloads\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {59CF8D60-F8D7-42F5-9808-CD4594816FD0} - C:\WINDOWS\system32\xxyYolIx.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {8F87ED11-9A8A-4AB4-99D6-DB9105E6407A} - (no file)
O2 - BHO: (no name) - {8FD0A742-49D5-4D73-8C13-04EDD5BD3A33} - C:\WINDOWS\system32\xxyYolIx.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: (no name) - {AAC4C52D-F672-4E5B-9F91-11FE0062853c} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [pibewizoge] Rundll32.exe "C:\Program Files\AVG\AVG8\avgssie.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1217228488953
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\hafasego.dll,avgrsstx.dll
O20 - Winlogon Notify: xxyvTLeC - xxyvTLeC.dll (file missing)
O20 - Winlogon Notify: xxyYolIx - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 6589 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 NTProcDrv (Process creation detector for NT.) - e:\waw\ntprocdrv.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 aswUpdSv (avast! iAVS4 Control Service) - "c:\program files\alwil software\avast4\aswupdsv.exe" (file missing)
S2 avast! Antivirus - "c:\program files\alwil software\avast4\ashserv.exe" (file missing)
S3 avast! Mail Scanner - "c:\program files\alwil software\avast4\ashmaisv.exe" /service (file missing)
S3 avast! Web Scanner - "c:\program files\alwil software\avast4\ashwebsv.exe" /service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-12 10:20:36 502 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-08-11 19:55:02 354 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job


-- Files created between 2008-07-12 and 2008-08-12 -----------------------------

2008-08-12 10:30:03 0 d-------- C:\Program Files\Trend Micro
2008-08-12 07:52:21 0 d-------- C:\Program Files\Sun
2008-08-12 07:50:50 0 d-------- C:\Program Files\Java
2008-08-12 06:49:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-08-12 06:48:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-11 21:56:11 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-08-11 21:21:41 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-11 21:21:11 0 d-------- C:\Program Files\AVG
2008-08-11 19:44:26 0 d--hs---- C:\Documents and Settings\Administrator\Recent
2008-08-11 17:14:08 65536 --a------ C:\WINDOWS\system32\LogonDll.dll
2008-08-11 13:02:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-08-10 13:20:43 0 d--h----- C:\$AVG8.VAULT$
2008-08-10 10:38:03 0 d-------- C:\WINDOWS\CSC
2008-08-10 08:35:56 1491799 --ahs---- C:\WINDOWS\system32\iqevhxxj.ini2
2008-08-10 07:51:11 0 d-------- C:\AvgBack up
2008-08-09 21:19:37 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-09 18:50:09 62564 --a------ C:\WINDOWS\system32\jkkmfwvm.dll
2008-08-09 18:35:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-09 17:08:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-09 13:52:01 4456448 --a------ C:\Documents and Settings\Administrator\ntuser.dat
2008-08-09 13:48:46 62564 --a------ C:\WINDOWS\system32\whuwlecp.dll
2008-08-09 07:32:14 57169 --ahs---- C:\WINDOWS\system32\UBLmWvut.ini2
2008-08-09 07:26:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-08 21:09:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-08-08 19:03:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-08-08 17:51:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\ESET
2008-08-08 17:48:02 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-08 14:14:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-07 18:17:18 67021 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-08-07 18:13:18 6033 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-08-07 18:12:32 0 d-------- C:\WINDOWS\BricoPacks
2008-08-05 21:27:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Winamp
2008-08-05 17:29:54 0 d-------- C:\Program Files\Stardock
2008-08-05 17:29:54 0 d-------- C:\Program Files\Common Files\Stardock
2008-08-05 13:17:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\Opera
2008-08-05 13:08:55 0 d-------- C:\WINDOWS\%DownloadedProgramFiles%
2008-08-05 12:31:08 0 d-------- C:\Program Files\Windows Media Connect 2
2008-08-05 12:28:34 0 d-------- C:\WINDOWS\system32\LogFiles
2008-08-05 06:52:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-08-04 10:36:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-08-03 20:32:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\vlc(2)
2008-08-03 13:20:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Thinking Minds Budiling Bytes
2008-08-03 08:23:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\ViStart
2008-08-03 08:14:03 0 d-------- C:\WINDOWS\system32\VITrans
2008-08-02 21:23:39 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-02 17:01:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Anti-AD Guard 2
2008-08-02 14:32:31 0 d-------- C:\WINDOWS\ie8updates
2008-08-02 14:24:51 0 d--h---c- C:\WINDOWS\ie8
2008-08-02 13:20:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-02 13:20:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\VersionTracker Pro
2008-08-02 13:03:16 0 d-------- C:\WINDOWS\RegisteredPackages
2008-08-01 13:28:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\IDM
2008-08-01 13:28:12 0 d-------- C:\Program Files\Internet Download Manager
2008-07-31 19:24:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\DNA
2008-07-31 18:11:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Protexis
2008-07-29 17:56:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-29 17:22:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\mIRC
2008-07-29 17:16:06 1802240 --a------ C:\WINDOWS\system32\Jetpack6.dll <Not Verified; Chisel Software http://www.chiselsoftware.com; JetPack>
2008-07-29 12:42:35 0 d-------- C:\Program Files\DNA
2008-07-29 06:58:54 0 d-------- C:\WINDOWS\Sun
2008-07-29 06:58:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-07-28 14:25:18 0 d-------- C:\WINDOWS\network diagnostic
2008-07-28 12:18:48 203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2008-07-27 15:26:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Thunderbird
2008-07-27 14:35:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-07-27 09:56:51 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-07-26 13:24:03 327168 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-07-26 13:05:24 0 d-------- C:\Program Files\MSXML 6.0
2008-07-26 08:41:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-07-26 07:54:01 335 --a------ C:\WINDOWS\mozregistry.dat
2008-07-26 06:33:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-07-25 20:37:48 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-25 19:30:42 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-07-25 19:07:10 0 d--h----- C:\WINDOWS\$hf_mig$
2008-07-25 18:51:03 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-25 18:40:51 0 d-------- C:\Program Files\OpenSource Flash Video Splitter
2008-07-25 18:34:05 0 d-------- C:\Program Files\DirectVobSub
2008-07-25 18:19:41 0 d--hs---- C:\Documents and Settings\Administrator\UserData
2008-07-25 17:17:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-07-25 16:55:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-07-25 16:05:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-25 16:02:58 0 d-------- C:\Program Files\Yahoo!
2008-07-25 15:49:07 1160 --a------ C:\WINDOWS\mozver.dat
2008-07-25 15:41:04 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-25 13:26:33 0 d-------- C:\Program Files\Diablo II
2008-07-24 21:10:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\DMCache
2008-07-21 20:30:45 0 d-------- C:\Program Files\Real
2008-07-21 20:30:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-07-18 11:11:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-07-18 10:21:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-07-18 09:59:45 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-18 09:59:44 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-07-18 09:59:43 0 d-------- C:\Program Files\ffdshow
2008-07-17 20:00:30 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-17 20:00:11 0 d-------- C:\WINDOWS\Applian FLV Player
2008-07-17 19:12:53 0 d-------- C:\Documents and Settings\Guest\Templates
2008-07-17 19:12:53 786432 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2008-07-17 19:12:53 0 d-------- C:\Documents and Settings\Guest\Local Settings
2008-07-17 19:12:53 0 d-------- C:\Documents and Settings\Guest\Favorites
2008-07-17 19:12:53 0 d-------- C:\Documents and Settings\Guest\Cookies
2008-07-17 19:12:53 0 d-------- C:\Documents and Settings\Guest\Application Data
2008-07-17 19:12:53 0 d-------- C:\Documents and Settings\Guest\Application Data\Microsoft


-- Find3M Report ---------------------------------------------------------------

2008-08-12 10:28:17 6456 --ah----- C:\WINDOWS\system32\vujekema
2008-08-12 07:43:27 0 d-------- C:\Program Files\Common Files
2008-08-11 13:10:16 0 d-------- C:\Program Files\Movie Maker
2008-08-07 18:17:17 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-08-05 18:05:17 0 d-------- C:\Program Files\Ahead
2008-08-05 18:04:53 0 d-------- C:\Program Files\Common Files\Ahead
2008-07-28 10:52:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-27 13:04:27 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-26 17:00:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-21 20:31:11 0 d-------- C:\Program Files\Common Files\Real
2008-07-13 13:05:01 10 --a------ C:\WINDOWS\popcinfo.dat
2008-07-11 17:19:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\funkitron
2008-07-11 13:10:53 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-07 17:24:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-17 19:25:01 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-17 19:24:58 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-17 19:24:39 62 ---hs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-06-17 14:40:57 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-17 14:38:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-06-17 14:14:41 0 d-------- C:\Program Files\VIA
2008-06-17 14:07:08 0 d-------- C:\Program Files\S3
2008-06-17 13:21:26 0 d-------- C:\Program Files\Common Files\L&H
2008-06-17 13:21:18 0 d-------- C:\Program Files\Microsoft.NET
2008-06-17 13:21:10 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-17 13:20:31 0 d-------- C:\Program Files\Microsoft Works
2008-06-17 13:15:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-17 11:36:56 0 d-------- C:\Program Files\microsoft frontpage
2008-06-17 11:36:33 0 -r-hs---- C:\MSDOS.SYS
2008-06-17 11:36:33 0 -r-hs---- C:\IO.SYS
2008-06-17 11:36:33 0 --------- C:\CONFIG.SYS
2008-06-17 11:36:33 0 --------- C:\AUTOEXEC.BAT
2008-06-17 11:34:44 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-17 11:34:38 0 d-------- C:\Program Files\Online Services
2008-06-17 11:33:47 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-17 11:32:42 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-17 11:31:58 0 d-------- C:\Program Files\Messenger
2008-06-17 11:31:53 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-17 11:31:44 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59CF8D60-F8D7-42F5-9808-CD4594816FD0}]
05/09/2008 01:49 PM 62564 --ahs---- C:\WINDOWS\system32\xxyYolIx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F87ED11-9A8A-4AB4-99D6-DB9105E6407A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FD0A742-49D5-4D73-8C13-04EDD5BD3A33}]
05/09/2008 01:49 PM 62564 --ahs---- C:\WINDOWS\system32\xxyYolIx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AAC4C52D-F672-4E5B-9F91-11FE0062853c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
08/12/2008 07:51 AM 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/21/2008 08:30 PM]
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" [01/21/2008 12:02 PM]
"S3Trayp"="S3trayp.exe" [06/11/2007 11:15 AM C:\WINDOWS\system32\S3Trayp.exe]
"VTTimer"="VTTimer.exe" [09/21/2006 04:36 PM C:\WINDOWS\system32\VTTimer.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [08/11/2008 09:21 PM]
"pibewizoge"="C:\Program Files\AVG\AVG8\avgssie.dll" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:56 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/29/2008 10:18 PM]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [8/5/2008 5:29:56 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{59CF8D60-F8D7-42F5-9808-CD4594816FD0}"= C:\WINDOWS\system32\xxyYolIx.dll [05/09/2008 01:49 PM 62564]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvTLeC]
xxyvTLeC.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyYolIx]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\hafasego.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\tuvWmLBU
"Notification Packages"= scecli C:\WINDOWS\system32\hafasego.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pibewizoge]
Rundll32.exe "C:\Program Files\AVG\AVG8\avgssie.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8emc"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{144cf48e-3da5-11dd-a860-001e90d7ef58}]
AutoRun\command- scvshosts.exe
Open\command- scvshosts.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

8971 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-12 10:33:02 ------------







Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU E1200 @ 1.60GHz
CPU 1: Intel® Celeron® CPU E1200 @ 1.60GHz
Percentage of Memory in Use: 82%
Physical Memory (total/avail): 446.17 MiB / 78.12 MiB
Pagefile Memory (total/avail): 1054.8 MiB / 770.26 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.32 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 17.58 GiB total, 9.86 GiB free.
D: is Fixed (NTFS) - 11.05 GiB total, 9.6 GiB free.

\\.\PHYSICALDRIVE0 - Maxtor 2F030J0 - 28.63 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 17.58 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 11.05 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"
"C:\\WINDOWS\\system32\\lsass.exe"="C:\\WINDOWS\\system32\\lsass.exe:*:Enabled:lsass"
"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:winlogon"
"C:\\WINDOWS\\system32\\services.exe"="C:\\WINDOWS\\system32\\services.exe:*:Enabled:services"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"="C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE:*:Enabled:MDM"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WINXPUSE-AE418F
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\WINXPUSE-AE418F
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=WINXPUSE-AE418F
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "D:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 6.0 Tryout --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0 Tryout\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0 Tryout\Uninst.dll"
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
DirectVobSub (remove only) --> "C:\Program Files\DirectVobSub\uninstall.exe"
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
ffdshow [rev 2019] [2008-06-22] --> "C:\Program Files\ffdshow\unins000.exe"
GameGuard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9280CD93-B2D6-4D02-B53B-8FC5CF3B6D78}\Setup.exe" -l0x9
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\PROGRA~1\TRENDM~1\HIJACK~1\HijackThis.exe" /uninstall
Internet Download Manager --> C:\Program Files\Internet Download Manager\Uninstall.exe
Java™ 6 Update 10 --> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
LimeWire PRO 4.18.3 --> "D:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware --> "D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
ObjectDock --> C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
OpenSource Flash Video Splitter (remove only) --> "C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Windows Internet Explorer 8 (KB951804) --> "C:\WINDOWS\ie8updates\KB951804-IE8\spuninst\spuninst.exe"
Uniblue RegistryBooster 2 --> "D:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
VIA Display Driver 6.14.10.0099 --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast-Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Windows Internet Explorer 8 Beta 1 --> "C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type2103 / Error
Event Submitted/Written: 08/12/2008 06:58:42 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application jucheck.exe, version 6.0.70.6, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.
Processing media-specific event for [jucheck.exe!ws!]

Event Record #/Type2084 / Error
Event Submitted/Written: 08/11/2008 05:13:28 PM
Event ID/Source: 11705 / MsiInstaller
Event Description:
Product: Deep Freeze Standard -- Error 1705. A previous installation for this product is in progress. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Event Record #/Type2082 / Error
Event Submitted/Written: 08/11/2008 05:11:40 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.2180, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type2078 / Error
Event Submitted/Written: 08/11/2008 01:33:36 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application spyeraser.exe, version 2.0.1.1531, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00011ec3.
Processing media-specific event for [spyeraser.exe!ws!]

Event Record #/Type2073 / Error
Event Submitted/Written: 08/11/2008 10:08:38 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.2180, faulting module explorer.exe, version 6.0.2900.2180, fault address 0x0002054e.
Processing media-specific event for [explorer.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7545 / Error
Event Submitted/Written: 08/12/2008 10:21:37 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The avast! Antivirus service depends on the avast! Standard Shield Support service which failed to start because of the following error:
%%2

Event Record #/Type7544 / Error
Event Submitted/Written: 08/12/2008 10:21:37 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The avast! Standard Shield Support service failed to start due to the following error:
%%2

Event Record #/Type7543 / Error
Event Submitted/Written: 08/12/2008 10:21:37 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The avast! iAVS4 Control Service service failed to start due to the following error:
%%3

Event Record #/Type7542 / Error
Event Submitted/Written: 08/12/2008 10:21:37 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The aswFsBlk service failed to start due to the following error:
%%2

Event Record #/Type7541 / Error
Event Submitted/Written: 08/12/2008 10:20:28 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.2 for the Network Card with network address 001E90D7EF58 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).



-- End of Deckard's System Scanner: finished at 2008-08-12 10:33:02 ------------
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP