Tech Support banner

Worse each day! downloaded memory eating virus from torrent

Jump to Latest Follow

Status
Not open for further replies.
21 - 35 of 35 Posts
N

·
Registered
Joined
·
21 Posts
Discussion Starter #21
ComboFix 08-02-15.2 - Tony 2008-02-21 2:37:34.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.152 [GMT -5:00]
Running from: C:\Documents and Settings\Tony\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tony\Desktop\CFScript.txt
* Created a new restore point

FILE
G:\3g08.bat
.

((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.

2008-02-17 15:27 . 2008-02-17 16:00 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\skypePM
2008-02-17 15:27 . 2008-02-17 15:27 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-17 15:22 . 2008-02-21 01:58 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Skype
2008-02-17 15:21 . 2008-02-17 15:21 <DIR> d-------- C:\Program Files\Skype
2008-02-17 15:21 . 2008-02-17 15:21 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-02-17 15:21 . 2008-02-17 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-17 12:08 . 2008-02-17 12:08 244 --ah----- C:\sqmnoopt16.sqm
2008-02-17 12:08 . 2008-02-17 12:08 232 --ah----- C:\sqmdata16.sqm
2008-02-17 12:07 . 2008-02-17 12:07 244 --ah----- C:\sqmnoopt15.sqm
2008-02-17 12:07 . 2008-02-17 12:07 232 --ah----- C:\sqmdata15.sqm
2008-02-16 19:01 . 2008-02-16 19:01 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\vlc
2008-02-16 17:39 . 2008-02-16 17:39 244 --ah----- C:\sqmnoopt14.sqm
2008-02-16 17:39 . 2008-02-16 17:39 232 --ah----- C:\sqmdata14.sqm
2008-02-16 17:26 . 2008-02-16 17:26 244 --ah----- C:\sqmnoopt13.sqm
2008-02-16 17:26 . 2008-02-16 17:26 232 --ah----- C:\sqmdata13.sqm
2008-02-16 16:31 . 2008-02-16 16:31 244 --ah----- C:\sqmnoopt12.sqm
2008-02-16 16:31 . 2008-02-16 16:31 232 --ah----- C:\sqmdata12.sqm
2008-02-16 12:07 . 2008-02-16 12:07 244 --ah----- C:\sqmnoopt11.sqm
2008-02-16 12:07 . 2008-02-16 12:07 232 --ah----- C:\sqmdata11.sqm
2008-02-15 18:10 . 2008-02-15 18:10 <DIR> d-------- C:\Deckard
2008-02-15 18:04 . 2008-02-15 18:04 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-15 18:04 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-15 16:59 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-02-15 16:45 . 2008-02-15 17:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-15 16:45 . 2008-02-15 16:47 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-15 16:45 . 2008-02-15 16:47 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-15 16:45 . 2008-02-15 16:47 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-15 02:27 . 2008-02-15 02:29 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-15 00:55 . 2008-02-15 00:55 <DIR> d-------- C:\Program Files\CCleaner
2008-02-15 00:25 . 2008-02-15 00:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-14 22:54 . 2008-02-14 22:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-12 16:12 . 2008-02-12 16:12 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-12 16:12 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-12 16:12 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-12 16:12 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-12 16:12 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-12 16:12 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-12 16:12 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-12 16:12 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-12 16:12 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-12 15:52 . 2008-02-12 15:52 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Grisoft
2008-02-12 15:51 . 2008-02-12 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 15:51 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 15:40 . 2008-02-15 17:18 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-12 14:56 . 2008-02-12 14:56 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Uniblue
2008-02-12 01:28 . 2008-02-15 01:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-12 01:24 . 2008-02-15 01:54 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-12 01:20 . 2008-02-12 01:20 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Symantec
2008-02-12 01:00 . 2008-02-15 17:15 <DIR> d-------- C:\Program Files\D-Tools
2008-02-12 01:00 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-02-12 01:00 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-02-12 00:58 . 2008-02-12 00:58 <DIR> d-------- C:\Program Files\VideoLAN
2008-02-11 23:39 . 2008-02-15 00:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-11 20:59 . 2008-02-11 20:59 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Kingsoft
2008-02-11 20:59 . 2008-02-11 21:00 66 --a------ C:\WINDOWS\xdict.INI
2008-02-11 20:34 . 2008-02-11 20:34 <DIR> d-------- C:\Program Files\Kingsoft
2008-02-11 20:34 . 2008-02-11 20:34 <DIR> d-------- C:\Program Files\Common Files\KingSoft
2008-02-11 20:34 . 2002-11-28 03:34 2,986,038 --a------ C:\WINDOWS\CIBAH.BMP
2008-02-11 01:12 . 2008-02-11 01:12 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Move Networks
2008-02-01 02:35 . 2008-02-01 02:35 244 --ah----- C:\sqmnoopt10.sqm
2008-02-01 02:35 . 2008-02-01 02:35 232 --ah----- C:\sqmdata10.sqm
2008-02-01 00:18 . 2008-02-01 00:18 244 --ah----- C:\sqmnoopt09.sqm
2008-02-01 00:18 . 2008-02-01 00:18 232 --ah----- C:\sqmdata09.sqm
2008-02-01 00:15 . 2008-02-01 00:15 244 --ah----- C:\sqmnoopt08.sqm
2008-02-01 00:15 . 2008-02-01 00:15 232 --ah----- C:\sqmdata08.sqm
2008-01-31 10:49 . 2008-01-31 10:49 <DIR> d-------- C:\Program Files\iPod
2008-01-31 01:40 . 2008-01-31 01:40 244 --ah----- C:\sqmnoopt07.sqm
2008-01-31 01:40 . 2008-01-31 01:40 232 --ah----- C:\sqmdata07.sqm
2008-01-31 01:35 . 2008-01-31 01:35 244 --ah----- C:\sqmnoopt06.sqm
2008-01-31 01:35 . 2008-01-31 01:35 232 --ah----- C:\sqmdata06.sqm
2008-01-30 12:54 . 2008-01-30 12:54 244 --ah----- C:\sqmnoopt05.sqm
2008-01-30 12:54 . 2008-01-30 12:54 232 --ah----- C:\sqmdata05.sqm
2008-01-30 00:00 . 2008-01-30 00:00 244 --ah----- C:\sqmnoopt04.sqm
2008-01-30 00:00 . 2008-01-30 00:00 232 --ah----- C:\sqmdata04.sqm
2008-01-29 23:29 . 2008-01-29 23:29 244 --ah----- C:\sqmnoopt03.sqm
2008-01-29 23:29 . 2008-01-29 23:29 232 --ah----- C:\sqmdata03.sqm
2008-01-29 23:26 . 2008-01-29 23:26 244 --ah----- C:\sqmnoopt02.sqm
2008-01-29 23:26 . 2008-01-29 23:26 232 --ah----- C:\sqmdata02.sqm
2008-01-28 03:25 . 2008-01-28 03:25 244 --ah----- C:\sqmnoopt01.sqm
2008-01-28 03:25 . 2008-01-28 03:25 232 --ah----- C:\sqmdata01.sqm
2008-01-24 00:33 . 2008-01-24 00:33 <DIR> d--h----- C:\BJPrinter
2008-01-24 00:33 . 2002-11-09 08:00 88,576 --a------ C:\WINDOWS\system32\CNMLM4o.DLL
2008-01-24 00:33 . 2002-10-03 18:23 73,728 -ra------ C:\WINDOWS\system32\CNMCP4o.exe
2008-01-24 00:33 . 2002-11-09 08:00 5,632 --a------ C:\WINDOWS\system32\CNMVS4o.DLL
2008-01-24 00:29 . 2008-01-24 00:33 <DIR> d-------- C:\Temp\i70_2KXP_v163
2008-01-24 00:29 . 2008-01-24 00:33 <DIR> d-------- C:\Temp\Canon_i70_2KXP_v163
2008-01-24 00:29 . 2008-01-24 00:29 <DIR> d-------- C:\Temp
2008-01-24 00:20 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-24 00:20 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-23 00:53 . 2008-01-23 00:53 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\DivX
2008-01-23 00:52 . 2008-01-23 00:52 <DIR> d-------- C:\Program Files\DivX
2008-01-23 00:45 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-01-23 00:45 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-01-23 00:45 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-01-22 11:20 . 2008-01-22 11:20 <DIR> d-------- C:\Program Files\Xvid
2008-01-22 11:20 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-22 11:20 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-22 11:20 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-21 23:42 . 2008-01-21 23:42 <DIR> d-------- C:\Program Files\Gabest
2008-01-21 23:24 . 2008-01-21 23:24 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\BSplayer Pro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 22:16 --------- d-----w C:\Program Files\Launch Manager
2008-02-15 22:15 --------- d-----w C:\Program Files\iTunes
2008-02-15 22:15 --------- d-----w C:\Program Files\Google
2008-02-15 22:13 --------- d-----w C:\Program Files\Arcade
2008-02-12 01:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 20:55 --------- d-----w C:\Documents and Settings\Tony\Application Data\Apple Computer
2008-01-31 15:47 --------- d-----w C:\Program Files\QuickTime
2008-01-21 18:17 --------- d-----w C:\Program Files\BitSpirit
2008-01-19 06:24 --------- d-s---w C:\Documents and Settings\All Users\Application Data\Memeo
2008-01-18 05:56 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-18 05:50 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-17 02:39 --------- d-----w C:\Documents and Settings\Tony\Application Data\BitSpirit
2008-01-15 05:16 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-15 02:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-15 02:01 --------- d-----w C:\Program Files\Common Files\Apple
2008-01-15 02:01 --------- d-----w C:\Program Files\Apple Software Update
2008-01-15 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-14 08:58 --------- d-----w C:\Program Files\Windows Journal Viewer
2008-01-14 07:34 --------- d-----w C:\Program Files\Logitech
2008-01-14 07:34 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-14 05:46 --------- d-----w C:\Program Files\Western Digital
2008-01-14 05:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-14 05:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-14 05:41 --------- d-----w C:\Program Files\Western Digital Technologies
2008-01-14 05:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-14 04:55 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-14 04:30 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-14 04:10 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-14 04:10 --------- d-----w C:\Program Files\Windows Live
2008-01-14 04:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-14 01:18 --------- d-----w C:\Program Files\Phoenix Technologies Ltd
2008-01-14 01:17 --------- d-----w C:\Program Files\Synaptics
2008-01-14 01:16 --------- d-----w C:\Program Files\sisagp
2008-01-14 01:16 --------- d-----w C:\Program Files\SiS VGA Utilities V3.65f
2008-01-14 01:14 --------- d-----w C:\Program Files\Realtek AC97
2008-01-14 01:09 --------- d-----w C:\Program Files\CyberLink
2008-01-14 01:06 --------- d-----w C:\Program Files\WIDCOMM
2008-01-14 01:05 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-14 00:30 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-04 21:58 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-10-03 07:43 2,402,550 ----a-w C:\WINDOWS\inf\SET337.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-02-12 02:19 287040]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 10:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-02-23 11:04 315392]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 16:22 577536 C:\WINDOWS\soundman.exe]
"SiSPower"="SiSPower.dll" [2005-02-25 19:35 49152 C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 13:13 32768]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43 688218]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 07:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [ ]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-05-25 15:38:42 565309]
Powerword 2003.lnk - C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE [2008-02-11 20:34:32 823296]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-01-13 20:16:09 331776]

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 16:43]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cef68e81-c25f-11dc-bd5e-00c09fb89fe6}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 00:48:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-21 06:59:22 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 02:40:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Kingsoft\Powerword 2003\Cjktl32.dll
.
Completion time: 2008-02-21 2:41:01
ComboFix-quarantined-files.txt 2008-02-21 07:40:44
ComboFix2.txt 2008-02-21 06:48:34
ComboFix3.txt 2008-02-17 22:25:22
ComboFix4.txt 2008-02-15 06:12:44
.
2008-02-15 07:32:40 --- E O F ---



Kaspersky is coming along (slowly) 26%...
 
N

·
Registered
Joined
·
21 Posts
Discussion Starter #22
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, February 21, 2008 3:48:27 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/02/2008
Kaspersky Anti-Virus database records: 574229
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 57255
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:41:16

Infected Object Name / Virus Name / Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-02122008-154033.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tony\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{57F2DB72-B17C-48A2-8C6B-7967194503A0} Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\Temp\Perflib_Perfdata_214.dat Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tony\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Tony\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{9230E6BA-65D3-45A8-B23E-2FA18D1E781E}\RP65\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{D94B2E90-2F95-4956-AD23-24C3645C975C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_60c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{9230E6BA-65D3-45A8-B23E-2FA18D1E781E}\RP65\change.log Object is locked skipped
D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped

Scan process completed.


It skipped a lot, is that normal?? I'm going to head to bed right now. Its 350am and I have class coming up soon. Thanks for your help so far!!
 
N

·
Registered
Joined
·
21 Posts
Discussion Starter #23
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, February 21, 2008 3:48:27 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/02/2008
Kaspersky Anti-Virus database records: 574229
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 57255
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:41:16

Infected Object Name / Virus Name / Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-02122008-154033.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tony\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{57F2DB72-B17C-48A2-8C6B-7967194503A0} Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\Temp\Perflib_Perfdata_214.dat Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tony\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Tony\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{9230E6BA-65D3-45A8-B23E-2FA18D1E781E}\RP65\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{D94B2E90-2F95-4956-AD23-24C3645C975C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_60c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{9230E6BA-65D3-45A8-B23E-2FA18D1E781E}\RP65\change.log Object is locked skipped
D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped

Scan process completed.


----------------------------
It skipped a lot. Is that normal? I didn't use anyone elses usb stick or other devices.

I'm going to head to bed now, I have class in the morning and its 4am here. Thanks so much for your help so far. I'll come back on tomorrow.
 
Ried

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
#24
No worries about the skipped items--those are locked and/or in use and are all legit.

Kaspersky is coming up clean.

When did you uninstall Symantec/Norton? I still see remnants on your system, and they need to be cleared out as that may be causing some of your issue.

Here is a guide for uninstalling Norton, including uninstallers. Be sure to use the uninstaller for the version of Norton/Symantec that was installed on your system. http://basconotw.mvps.org/SymRem.htm

If your issues still persist, boot into Safe Mode--how does the system behave there?
 
Save Share
Reply
N

·
Registered
Joined
·
21 Posts
Discussion Starter #25
I downloaded, used, and deleted Norton Anti-virus sometime around the 15th. Some of the forums said having more than 1 anti-virus program was bad, so I got rid of it. It never found anything during any of the scans.

Any ideas yet on what the problem could be?
 
Ried

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
#26 (Edited)
No, not sure yet what the problem is here. Do you happen to recall if the problems began before, or after you uninstalled Norton?

Did you run the Norton uninstaller I linked you to?

I'd also like to see a new main.txt and extra.txt

Please run dss.exe again, but use these instructions:

Click Start>Select 'Run' - then copy/paste the following text into the run box & click OK

"%userprofile%\desktop\dss.exe" /config

Click on "Check All"

Click Scan!

When finished, it shall produce main.txt and extra.txt for you.
 
Save Share
Reply
N

·
Registered
Joined
·
21 Posts
Discussion Starter #27
Deckard's System Scanner v20071014.68
Run by Tony on 2008-02-23 15:13:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
67: 2008-02-23 20:13:57 UTC - RP67 - Deckard's System Scanner Restore Point
66: 2008-02-23 19:53:26 UTC - RP66 - Software Distribution Service 3.0
65: 2008-02-21 07:37:04 UTC - RP65 - ComboFix created restore point
64: 2008-02-21 05:34:06 UTC - RP64 - ComboFix created restore point
63: 2008-02-20 01:04:22 UTC - RP63 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-14 00:39:41 UTC - RP1 - System Checkpoint


Performed disk cleanup.

Percentage of Memory in Use: 87% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Tony.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:14:22 PM, on 2/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE
C:\WINDOWS\system32\sistray.exe
C:\DOCUME~1\Tony\LOCALS~1\Temp\RtkBtMnt.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Tony\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Tony.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alivenotdead.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Powerword 2003.lnk = C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PowerWord - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9656 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 3.0.1.904>
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 3.0.1.904>
R3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\dkbfltr.sys <Not Verified; Dritek System Inc.; Dritek Keyboard Filter>

S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\rundll32.exe (pid 684)
2005-02-25 19:35:12 49152 -ra------ C:\WINDOWS\system32\SiSPower.dll <Not Verified; Silicon Integrated Systems Corporation; SiS Power Scheme Library>
2002-11-28 17:56:00 53248 --a------ C:\Program Files\Kingsoft\Powerword 2003\Cjktl32.dll

C:\WINDOWS\explorer.exe (pid 2356)
2002-11-28 17:56:00 53248 --a------ C:\Program Files\Kingsoft\Powerword 2003\Cjktl32.dll
2004-08-27 16:42:36 49152 --a------ C:\Program Files\CyberLink\Shared Files\CLRCEngine.dll <Not Verified; CyberLink Corp.; Cyberlink PowerCinema 3.0>
2004-05-24 17:57:32 65536 --a------ C:\WINDOWS\system32\BTNCopy.dll <Not Verified; WIDCOMM, Inc.; Bluetooth Software 3.0.1.904>
2004-05-25 15:39:56 53248 --a------ C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
2005-09-23 07:28:38 83456 --a------ C:\WINDOWS\system32\dfshim.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2007-04-13 03:21:14 271360 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 07:28:56 107520 --a------ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 07:28:50 9216 --a------ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 07:28:58 17920 --a------ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 07:29:00 85504 --a------ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>


-- Scheduled Tasks -------------------------------------------------------------

2008-02-23 15:04:36 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-01-21 19:48:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-01-23 and 2008-02-23 -----------------------------

2008-02-21 02:47:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-21 02:47:56 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-21 01:43:15 0 drahs---- C:\autorun.inf
2008-02-21 00:35:05 0 d-------- C:\cmdcons
2008-02-17 15:27:13 0 d-------- C:\Documents and Settings\Tony\Application Data\skypePM
2008-02-17 15:27:13 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-17 15:22:52 0 d-------- C:\Documents and Settings\Tony\Application Data\Skype
2008-02-17 15:21:23 0 d-------- C:\Program Files\Skype
2008-02-17 15:21:22 0 d-------- C:\Program Files\Common Files\Skype
2008-02-17 15:21:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-16 19:01:11 0 d-------- C:\Documents and Settings\Tony\Application Data\vlc
2008-02-15 18:04:10 0 d-------- C:\Program Files\SpywareBlaster
2008-02-15 16:59:15 8576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-02-15 16:45:32 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-15 01:04:44 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-15 01:04:44 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-15 01:04:44 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-15 01:04:44 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-15 00:56:34 0 dr-h----- C:\Documents and Settings\Tony\Recent
2008-02-15 00:55:12 0 d-------- C:\Program Files\CCleaner
2008-02-15 00:48:38 0 d-------- C:\WINDOWS\pss
2008-02-15 00:42:36 0 d-------- C:\WINDOWS\system32\appmgmt
2008-02-15 00:25:03 0 d-------- C:\Program Files\Trend Micro
2008-02-14 22:54:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-12 16:19:41 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-02-12 16:19:41 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-02-12 16:19:41 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-02-12 16:19:41 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-02-12 16:19:41 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-02-12 16:19:40 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-02-12 16:19:40 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-02-12 16:19:40 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-02-12 16:19:40 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-02-12 16:19:40 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-02-12 16:19:40 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-02-12 16:19:40 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-02-12 16:19:40 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-02-12 16:19:39 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-02-12 16:12:23 0 d-------- C:\Program Files\Alwil Software
2008-02-12 15:52:02 0 d-------- C:\Documents and Settings\Tony\Application Data\Grisoft
2008-02-12 15:51:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 15:40:21 0 d-------- C:\Program Files\Windows Defender
2008-02-12 14:56:48 0 d-------- C:\Documents and Settings\Tony\Application Data\Uniblue
2008-02-12 01:24:00 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-12 01:01:19 0 d-------- C:\Documents and Settings\Tony\Application Data\WinRAR
2008-02-12 01:00:10 5248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-02-12 01:00:10 155136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-02-12 01:00:09 0 d-------- C:\Program Files\D-Tools
2008-02-12 00:58:42 0 d-------- C:\Program Files\VideoLAN
2008-02-11 23:39:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-11 20:59:54 0 d-------- C:\Documents and Settings\Tony\Application Data\Kingsoft
2008-02-11 20:35:27 368912 --a------ C:\WINDOWS\system32\VBAR332.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-02-11 20:35:27 44304 --a------ C:\WINDOWS\system32\msrpfs35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:27 415504 --a------ C:\WINDOWS\system32\msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-02-11 20:35:27 330000 --a------ C:\WINDOWS\system32\msexch35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:27 39424 --a------ C:\WINDOWS\system32\JETCOMP.exe <Not Verified; Microsoft Corporation; Microsoft® Database Compact Utility>
2008-02-11 20:35:26 287504 --a------ C:\WINDOWS\system32\msxbse35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:26 166672 --a------ C:\WINDOWS\system32\mstext35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:26 252176 --a------ C:\WINDOWS\system32\msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:26 250128 --a------ C:\WINDOWS\system32\mspdox35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:26 168720 --a------ C:\WINDOWS\system32\msltus35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:26 1238288 --a------ C:\WINDOWS\system32\msjt4jlt.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:25 24848 --a------ C:\WINDOWS\system32\msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:25 123664 --a------ C:\WINDOWS\system32\msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:25 1050896 --a------ C:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:35:25 252688 --a------ C:\WINDOWS\system32\msexcl35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-11 20:34:39 539968 --a------ C:\WINDOWS\system32\Voctool.dll <Not Verified; Kingsoft, Co.; VocTool>
2008-02-11 20:34:39 525824 --a------ C:\WINDOWS\system32\VOCTL32.DLL <Not Verified; Voxware, Inc.; ToolVox>
2008-02-11 20:34:39 19760 --a------ C:\WINDOWS\system32\Ractdnet.dll <Not Verified; Progressive Networks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2008-02-11 20:34:39 53568 --a------ C:\WINDOWS\system32\Ract14_4.dll <Not Verified; Progressive Networks, Inc.; 14.4 Audio Codec for RealAudio(tm) (16-bit) Version 3.0>
2008-02-11 20:34:39 14848 --a------ C:\WINDOWS\system32\Ra32dnet.dll <Not Verified; Progressive Networks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2008-02-11 20:34:39 72704 --a------ C:\WINDOWS\system32\Ra3228_8.dll <Not Verified; Progressive Networks, Inc.; 28.8 Audio Codec for RealAudio(tm) (32-bit) Version 3.0>
2008-02-11 20:34:39 81920 --a------ C:\WINDOWS\system32\Ra3214_4.dll <Not Verified; Progressive Networks, Inc.; 14.4 Audio Codec for RealAudio(tm) (32-bit) Version 3.0>
2008-02-11 20:34:39 189952 --a------ C:\WINDOWS\system32\Pnui3230.dll <Not Verified; Progressive Networks, Inc.; High-level Support Library for RealAudio® (32-bit) Version 3.0>
2008-02-11 20:34:39 27024 --a------ C:\WINDOWS\system32\Pnloader.dll <Not Verified; Progressive Networks, Inc.; Dynamic Load and Bind Support for RealAudio® (16-bit) Version 3.0>
2008-02-11 20:34:39 163328 --a------ C:\WINDOWS\system32\Pnen3230.dll <Not Verified; Progressive Networks, Inc.; Core Support Library for RealAudio® (32-bit) Version 3.0>
2008-02-11 20:34:39 61440 --a------ C:\WINDOWS\system32\Decdnet.dll <Not Verified; Progressive Networks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2008-02-11 20:34:08 0 d-------- C:\Program Files\Kingsoft
2008-02-11 20:34:08 0 d-------- C:\Program Files\Common Files\KingSoft
2008-02-11 01:12:13 0 d-------- C:\Documents and Settings\Tony\Application Data\Move Networks
2008-01-31 10:49:07 0 d-------- C:\Program Files\iPod
2008-01-24 00:33:39 73728 -ra------ C:\WINDOWS\system32\CNMCP4o.exe <Not Verified; CANON INC.; Canon BJ Raster Printer Driver Installer>
2008-01-24 00:33:38 0 d--h----- C:\BJPrinter
2008-01-24 00:29:14 0 d-------- C:\Temp
2008-01-23 00:53:17 0 d-------- C:\Documents and Settings\Tony\Application Data\DivX
2008-01-23 00:52:16 0 d-------- C:\Program Files\DivX


-- Find3M Report ---------------------------------------------------------------

2008-02-23 15:11:43 0 d-------- C:\Documents and Settings\Tony\Application Data\DNA
2008-02-17 22:34:29 0 d-------- C:\Documents and Settings\Tony\Application Data\BitTorrent
2008-02-17 15:21:22 0 d-------- C:\Program Files\Common Files
2008-02-15 17:16:12 0 d-------- C:\Program Files\Launch Manager
2008-02-15 17:15:55 0 d-------- C:\Program Files\iTunes
2008-02-15 17:15:17 0 d-------- C:\Program Files\Google
2008-02-15 17:15:16 0 d-------- C:\Program Files\DNA
2008-02-15 17:13:31 0 d-------- C:\Program Files\Arcade
2008-02-11 20:34:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-03 15:55:48 0 d-------- C:\Documents and Settings\Tony\Application Data\Apple Computer
2008-01-31 10:47:44 0 d-------- C:\Program Files\QuickTime
2008-01-22 11:20:27 0 d-------- C:\Program Files\Xvid
2008-01-21 23:42:56 0 d-------- C:\Program Files\Gabest
2008-01-21 23:31:22 0 d-------- C:\Documents and Settings\Tony\Application Data\BSplayer
2008-01-21 23:24:09 0 d-------- C:\Documents and Settings\Tony\Application Data\BSplayer Pro
2008-01-21 23:05:45 0 d-------- C:\Program Files\AC3Filter
2008-01-21 13:17:23 0 d-------- C:\Program Files\BitSpirit
2008-01-21 13:15:40 0 d-------- C:\Program Files\BitTorrent
2008-01-18 00:56:15 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-18 00:50:17 0 d-------- C:\Program Files\Microsoft.NET
2008-01-16 21:39:38 0 d-------- C:\Documents and Settings\Tony\Application Data\BitSpirit
2008-01-15 00:16:10 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-14 21:01:55 0 d-------- C:\Program Files\Apple Software Update
2008-01-14 21:01:13 0 d-------- C:\Program Files\Common Files\Apple
2008-01-14 03:58:51 0 d-------- C:\Program Files\Windows Journal Viewer
2008-01-14 02:34:47 0 d-------- C:\Program Files\Common Files\Logitech
2008-01-14 02:34:21 0 d-------- C:\Program Files\Logitech
2008-01-14 02:25:09 0 d-------- C:\Documents and Settings\Tony\Application Data\Google
2008-01-14 00:46:55 0 d-------- C:\Program Files\Western Digital
2008-01-14 00:46:32 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-14 00:41:04 0 d-------- C:\Program Files\Western Digital Technologies
2008-01-14 00:22:36 0 d-------- C:\Documents and Settings\Tony\Application Data\Adobe
2008-01-14 00:18:04 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-13 23:55:00 0 d-------- C:\Program Files\MSXML 4.0
2008-01-13 23:30:16 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-13 23:10:51 0 d-------- C:\Program Files\Windows Live
2008-01-13 23:10:29 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-13 22:41:20 0 d-------- C:\Program Files\Messenger
2008-01-13 20:18:23 0 d-------- C:\Program Files\Phoenix Technologies Ltd
2008-01-13 20:17:29 0 d-------- C:\Program Files\Synaptics
2008-01-13 20:16:46 0 d-------- C:\Program Files\SiS VGA Utilities V3.65f
2008-01-13 20:16:30 0 d-------- C:\Program Files\sisagp
2008-01-13 20:16:07 1 --a------ C:\WINDOWS\~sisRslt
2008-01-13 20:14:18 0 d-------- C:\Program Files\Realtek AC97
2008-01-13 20:09:34 0 d-------- C:\Program Files\CyberLink
2008-01-13 20:06:31 0 d-------- C:\Program Files\WIDCOMM
2008-01-13 20:00:46 0 d-------- C:\Documents and Settings\Tony\Application Data\Macromedia
2008-01-13 19:39:24 0 d-------- C:\Documents and Settings\Tony\Application Data\Identities
2008-01-13 19:30:14 0 d-------- C:\Program Files\microsoft frontpage
2008-01-13 19:29:57 0 -rahs---- C:\MSDOS.SYS
2008-01-13 19:29:57 0 -rahs---- C:\IO.SYS
2008-01-13 19:29:57 0 --a------ C:\CONFIG.SYS
2008-01-13 19:29:57 0 --a------ C:\AUTOEXEC.BAT
2008-01-13 19:28:22 0 d--h----- C:\Program Files\WindowsUpdate
2008-01-13 19:28:17 0 d-------- C:\Program Files\Online Services
2008-01-13 19:27:21 0 d-------- C:\Program Files\Common Files\MSSoap
2008-01-13 19:27:02 0 d-------- C:\Program Files\Movie Maker
2008-01-13 19:25:43 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-13 19:25:05 0 d-------- C:\Program Files\MSN Gaming Zone
2008-01-13 19:24:55 0 d-------- C:\Program Files\Windows NT
2008-01-13 14:10:52 0 d-------- C:\Program Files\Common Files\ODBC
2008-01-13 14:10:46 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-01-13 14:10:09 62 --ahs---- C:\Documents and Settings\Tony\Application Data\desktop.ini
2008-01-04 16:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 16:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 16:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 16:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 16:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [10/08/2004 10:50 AM C:\WINDOWS\AGRSMMSG.exe]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [03/09/2005 06:59 PM]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [02/23/2005 11:04 AM]
"SoundMan"="SOUNDMAN.EXE" [03/01/2006 04:22 PM C:\WINDOWS\soundman.exe]
"SiSPower"="SiSPower.dll" [02/25/2005 07:35 PM C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [03/04/2005 01:13 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [10/08/2004 02:44 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/08/2004 02:43 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 07:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 07:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 07:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 07:00 AM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" []
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [07/19/2005 05:32 PM]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [06/08/2005 03:24 PM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [06/08/2005 03:14 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/10/2008 03:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [08/22/2004 05:05 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 08:00 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [06/08/2005 02:44 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [02/12/2008 02:19 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 05:22 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [5/25/2004 3:38:42 PM]
Powerword 2003.lnk - C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE [2/11/2008 8:34:32 PM]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [1/13/2008 8:16:09 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cef68e81-c25f-11dc-bd5e-00c09fb89fe6}]
AutoRun\command- wd_windows_tools\setup.exe




-- End of Deckard's System Scanner: finished at 2008-02-23 15:15:46 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile AMD Sempron(tm) Processor 3000+
Percentage of Memory in Use: 84%
Physical Memory (total/avail): 446.48 MiB / 69.58 MiB
Pagefile Memory (total/avail): 1052.2 MiB / 558.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1901.88 MiB

C: is Fixed (NTFS) - 35.71 GiB total, 16.66 GiB free.
D: is Fixed (FAT32) - 35.87 GiB total, 0.42 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9808210A - 74.53 GiB - 3 partitions
\PARTITION0 - Unknown - 2.93 GiB
\PARTITION1 (bootable) - Installable File System - 35.71 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 35.88 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1098 [VPS 080207-0] v4.7.1098 (ALWIL Software) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Disabled:btdna"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Tony\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LINK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Tony
LOGONSERVER=\\LINK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Tony\LOCALS~1\Temp
TMP=C:\DOCUME~1\Tony\LOCALS~1\Temp
USERDOMAIN=LINK
USERNAME=Tony
USERPROFILE=C:\Documents and Settings\Tony
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Tony (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Acer eManager for Notebook --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Agere Systems AC'97 Modem --> agrsmdel
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Arcade 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
Broadcom 802.11 Network Adapter --> C:\WINDOWS\system32\BCMWLU00.exe verbose
Canon i70 --> C:\WINDOWS\system32\CNMCP4o.exe "-PRINTERNAMECanon i70" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i70 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i70 Installer\Inst2\cnmi0409.dll"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Launch Manager --> C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Tony\Application Data\Move Networks\ie_bin\Uninst.exe
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Powerword 2003 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{988EA0EA-E702-4106-8953-BF9E13DF0AED}\setup.exe"
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\WINDOWS\SiS\900\Uninst.exe
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem9.inf
SiSAGP driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WIDCOMM Bluetooth Software --> MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPhlash --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Phoenix Technologies Ltd\WinPhlash\Uninst.isu"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type640 / Error
Event Submitted/Written: 02/23/2008 03:04:52 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application taskmgr.exe, version 5.1.2600.2180, faulting module user32.dll, version 5.1.2600.3099, fault address 0x0000dcfa.
Processing media-specific event for [taskmgr.exe!ws!]

Event Record #/Type638 / Error
Event Submitted/Written: 02/23/2008 03:04:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module user32.dll, version 5.1.2600.3099, fault address 0x0000d2b1.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type635 / Error
Event Submitted/Written: 02/23/2008 03:04:12 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application taskmgr.exe, version 5.1.2600.2180, faulting module user32.dll, version 5.1.2600.3099, fault address 0x0000db8d.
Processing media-specific event for [taskmgr.exe!ws!]

Event Record #/Type630 / Warning
Event Submitted/Written: 02/23/2008 03:00:19 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type629 / Error
Event Submitted/Written: 02/23/2008 02:59:33 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application taskmgr.exe, version 5.1.2600.2180, faulting module user32.dll, version 5.1.2600.3099, fault address 0x0000d7f9.
Processing media-specific event for [taskmgr.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3334 / Error
Event Submitted/Written: 02/23/2008 03:02:41 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The avast! Mail Scanner service failed to start due to the following error:
%%1053

Event Record #/Type3333 / Error
Event Submitted/Written: 02/23/2008 03:02:41 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service to connect.

Event Record #/Type3331 / Warning
Event Submitted/Written: 02/23/2008 03:01:47 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A4214DB3. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type3329 / Warning
Event Submitted/Written: 02/23/2008 03:01:47 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A4214DB3. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type3328 / Warning
Event Submitted/Written: 02/23/2008 03:01:42 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A4214DB3. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-02-23 15:15:46 ------------



There are no problems when loading in safe mode. Only when starting up normally.
 
Ried

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
#29
We'll dig a bit more. Please download SREng.

1. Extract it to Desktop & double click SREng.exe to run it

2. Select 'Smart Scan' & tick "Verify Digital Signatures"

3. Click on the [Scan] button

4. When finished, click on the [Save Reports] button & save the log to Desktop

5. Attach the log in your next reply. Dont post it.

You may have to rename SREngLOG.log to SREngLOG.txt to upload it.
 
Save Share
Reply
Ried

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
#31
I'm still not finding any malware.

-- Application Event Log -------------------------------------------------------

Event Record #/Type640 / Error
Event Submitted/Written: 02/23/2008 03:04:52 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application taskmgr.exe, version 5.1.2600.2180, faulting module user32.dll, version 5.1.2600.3099, fault address 0x0000dcfa.
Processing media-specific event for [taskmgr.exe!ws!]

Event Record #/Type638 / Error
Event Submitted/Written: 02/23/2008 03:04:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module user32.dll, version 5.1.2600.3099, fault address 0x0000d2b1.
Processing media-specific event for [explorer.exe!ws!]
Click to expand...
Let's try invoking Windows File Protection.

Click Start>Run and type in sfc /scannow (there is a space between sfc and /) and let it scan for missing/corrupt files. This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem. If it finds any problems, it will prompt you for the Windows XP Install disc so have it handy.

Please let me know how that went.
 
Save Share
Reply
N

·
Registered
Joined
·
21 Posts
Discussion Starter #32
I don't have my windows xp disks. I'm not even sure if my computer came with them. It says:

Files that are required for Windows to run properly must be copied to the DLL Cache
Insert your Windows XP Professional Service Pack 2 CD now
 
Ried

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
#33
Is there someone you can borrow a Windows XP Pro SP2 disc from?

If not, I would suggest talking to the folks in the Windows XP Support section.
 
Save Share
Reply
N

·
Registered
Joined
·
21 Posts
Discussion Starter #34
I'll start asking around. I'm in college and everyone owns a laptop. Someone has got to have that CD. I'll run the scan when I get them.
 
Ried

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
#35
You'd think so. :wink:

Just be sure it is XP Pro SP2. I'll remain subscribed to this thread and await your reply.
 
Save Share
Reply
21 - 35 of 35 Posts
Status
Not open for further replies.
About this Discussion
34 Replies
2 Participants
Last post:
Ried
Tech Support
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Recommended Communities
Community avatar for Overclocking
Overclocking
590K+ members
Community avatar for AVS Forum
AVS Forum
1M+ members
Community avatar for Volvo XC100 Forum
Volvo XC100 Forum
NEW!
30+ members
Top