22 replies to this topic

[Ace9696]

Ya Here are the Logs ....thANKS fOR THE hELP .....


BitDefender Online Scanner





HIGHjACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:39 PM, on 01/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Soulseek-Test\slsk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\mpcodecplg.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

--
End of file - 8351 bytes


SPYBOT S&D LOG
27/01/2008 1:38:10 PM Allowed (based on user decision) value "ZoneAlarm Client" (new data: ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"") added in System Startup global entry!
27/01/2008 3:42:36 PM Allowed (based on user decision) value "MSConfig" (new data: "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto") added in System Startup global entry!
27/01/2008 4:11:12 PM Allowed (based on user decision) value "MSMSGS" (new data: "") deleted in System Startup user entry!
27/01/2008 4:11:15 PM Allowed (based on user decision) value "DAEMON Tools Lite" (new data: "") deleted in System Startup user entry!
27/01/2008 4:11:26 PM Denied (based on user decision) value "Logitech Hardware Abstraction Layer" (new data: "") deleted in System Startup global entry!
27/01/2008 4:12:17 PM Allowed (based on user decision) value "Kernel and Hardware Abstraction Layer" (new data: "") deleted in System Startup global entry!
27/01/2008 4:12:36 PM Allowed (based on user decision) value "nwiz" (new data: "") deleted in System Startup global entry!
27/01/2008 4:12:42 PM Allowed (based on user decision) value "Media Codec Update Service" (new data: "") deleted in System Startup global entry!
28/01/2008 6:00:24 PM Allowed (based on user decision) value "MSConfig" (new data: "") deleted in System Startup global entry!
31/01/2008 4:26:50 PM Allowed (based on user decision) value "{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}" (new data: "") added in ActiveX Distribution Unit!





Thanks ...Let me kno if there is anything else

Attached Files

•  Bitlog.html   21.94K   2 downloads

[__RiP_ChAiN_]

I see the problem and the solution here:

Using Windows Explorer delete the following folder (if present): (To get into Windows Explorer, right click the START button and select "explore.")

C:\Program Files\BitLord

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\mpcodecplg.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
  
• A new window will open...click the Check Now button
  
• Enter your Country
  
• Enter your State/Province
  
• Enter your e-mail address and click send
  
• Select either Home User or Company
  
• Click the big Scan Now button
  
• If it wants to install an ActiveX component allow it
  
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  
• When download is complete, click on My Computer to start the scan
  
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

[Ace9696]

Ok ..deleted the Bitlord folder
ran HJT and Checked the box
Tryed to do Panda Scan but it wouldn't let me Click on the My Computer scan for somereason ....any ideas ?
kept sayin Page has errors

[__RiP_ChAiN_]

Try this one instead:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
  
• Once the files have been downloaded click on NEXT
  
  
• Now click on Scan Settings
  
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
  
• Now under select a target to scan:
  Select My Computer
• This will program will start and scan your system.
  
• The scan will take a while so be patient and let it run.
  
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
  
• Copy and paste that information in your next post.

[Ace9696]

still findinf that not a virus thing
here is the log

Attached Files

•  Kaspersky_log.txt   1.25K   2 downloads

[Ace9696]

not-a-virus:AdTool.Win32.MyWebSearch.bm
Is what Kaspersky found

[__RiP_ChAiN_]

Hello Ace9696

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\mpcodecplg.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
  
• Double-click on dss.exe and follow the prompts.
  
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[Ace9696]

Here are the new logs .....thanks again for the support




Deckard's System Scanner v20071014.68
Run by Dustin on 2008-02-04 06:15:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
99: 2008-02-04 11:15:53 UTC - RP99 - Deckard's System Scanner Restore Point
98: 2008-02-03 16:54:52 UTC - RP98 - Installed Java™ 6 Update 3
97: 2008-02-03 06:04:57 UTC - RP97 - Installed Kaspersky Anti-Virus 6.0 SOS.
96: 2008-02-01 06:37:18 UTC - RP96 - System Checkpoint
95: 2008-01-31 05:41:03 UTC - RP95 - System Checkpoint


-- First Restore Point --
1: 2007-12-20 03:24:51 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Dustin.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:16:59 AM, on 04/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Dustin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dustin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoft....com/activescan (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

--
End of file - 9310 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080202-163016-773 O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\mpcodecplg.dll (file missing)

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface x86 Driver>
R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT>
R2 XAudio - c:\windows\system32\drivers\xaudio.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSF_DPV - c:\windows\system32\drivers\hsx_dpv.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSXHWAZL - c:\windows\system32\drivers\hsxhwazl.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 winachsf - c:\windows\system32\drivers\hsx_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S3 Bulk (HDJBulk) - c:\windows\system32\drivers\hdjbulk.sys <Not Verified; Hercules Technologies; Hercules DJ Console>
S3 hcw85bda (Hauppauge WinTV 885 Video Capture) - c:\windows\system32\drivers\hcw85bda.sys <Not Verified; Hauppauge Computer Works; hcw85bda.sys>
S3 HDJAsioK - c:\windows\system32\drivers\hdjasiok.sys <Not Verified; Hercules Technologies; Hercules DJ Console>
S3 HDJMidi (Hercules DJ Console MIDI) - c:\windows\system32\drivers\hdjmidi.sys <Not Verified; Hercules Technologies; Hercules DJ Series>
S3 SeratoUsb (SeratoUsb driver) - c:\windows\system32\drivers\seratousb.sys <Not Verified; Cristalink Ltd; Serato USB Device Driver>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 XAudioService - c:\windows\system32\drivers\xaudio.exe <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-01-04 and 2008-02-04 -----------------------------

2008-02-04 01:20:58 0 d-------- C:\WINDOWS\system32\LogFiles
2008-02-03 12:00:19 0 d-------- C:\WINDOWS\Sun
2008-02-03 12:00:18 0 d-------- C:\Documents and Settings\Dustin\Application Data\Sun
2008-02-03 11:57:39 0 d-------- C:\Program Files\Java
2008-02-03 11:55:08 0 d-------- C:\Program Files\Common Files\Java
2008-02-03 11:53:16 0 d-------- C:\Program Files\uTorrent
2008-02-03 11:53:11 0 d-------- C:\Documents and Settings\Dustin\Application Data\uTorrent
2008-02-03 01:05:04 0 d-------- C:\Program Files\Kaspersky Lab
2008-02-03 01:05:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-03 01:04:15 0 d-------- C:\KAV
2008-02-01 15:40:19 0 d-------- C:\Program Files\Trend Micro
2008-01-31 16:25:58 0 d-------- C:\WINDOWS\BDOSCAN8
2008-01-27 23:17:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Geek Squad
2008-01-27 13:36:21 3053600 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-27 13:31:23 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-27 13:31:04 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-01-27 13:08:48 0 d-------- C:\WINDOWS\Internet Logs
2008-01-27 13:04:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-27 10:44:27 0 d-------- C:\WINDOWS\CSC
2008-01-20 13:42:26 0 d-------- C:\Program Files\TweakNow RegCleaner Std
2008-01-19 03:21:51 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-15 23:47:21 0 d-------- C:\Documents and Settings\Dustin\Application Data\Nero
2008-01-15 23:43:53 0 d-------- C:\Program Files\Nero
2008-01-15 23:43:52 0 d-------- C:\Program Files\Common Files\Nero
2008-01-15 23:43:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-15 23:43:28 4980736 --a------ C:\Documents and Settings\Dustin\ntuser.dat
2008-01-14 23:30:06 0 d-------- C:\Program Files\Essentials Codec Pack
2008-01-14 23:22:19 0 d-------- C:\Documents and Settings\Dustin\Application Data\Media Player Classic
2008-01-14 00:13:09 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-01-14 00:13:08 0 d-------- C:\WINDOWS\MVUNINST
2008-01-14 00:13:08 0 d-------- C:\Program Files\SureThing
2008-01-13 23:17:20 0 d-------- C:\Program Files\EA GAMES
2008-01-13 23:08:40 0 d-------- C:\Documents and Settings\Dustin\Application Data\DAEMON Tools
2008-01-13 23:08:18 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-01-09 15:01:48 53248 --a------ C:\WINDOWS\bdoscandel.exe


-- Find3M Report ---------------------------------------------------------------

2008-02-03 12:00:51 1397 --a------ C:\WINDOWS\mozver.dat
2008-02-03 11:55:08 0 d-------- C:\Program Files\Common Files
2008-01-31 16:46:50 0 d-------- C:\Program Files\ChrisTV
2008-01-27 11:03:01 0 d-------- C:\Program Files\MSN Messenger
2008-01-27 11:02:29 0 d-------- C:\Program Files\Winamp
2008-01-13 23:17:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-05 19:08:30 0 d-------- C:\Documents and Settings\Dustin\Application Data\Sony
2008-01-04 22:27:09 0 d-------- C:\Program Files\VirtualDJ
2008-01-03 21:46:38 0 d-------- C:\Program Files\Steam
2008-01-01 17:59:12 2368 --a------ C:\WINDOWS\system32\SVKP.sys <Not Verified; AntiCracking; SVKP driver for NT>
2007-12-31 21:04:22 0 d-------- C:\Documents and Settings\Dustin\Application Data\Google
2007-12-31 21:03:37 0 d-------- C:\Program Files\Google
2007-12-30 17:41:30 0 d-------- C:\Program Files\Hewlett-Packard
2007-12-30 17:40:45 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-30 17:38:41 0 d-------- C:\Documents and Settings\Dustin\Application Data\AdobeUM
2007-12-30 17:35:28 0 d-------- C:\Program Files\WinAce
2007-12-30 16:50:53 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-30 16:50:53 0 d-------- C:\Documents and Settings\Dustin\Application Data\Adobe
2007-12-30 16:18:10 0 d-------- C:\Program Files\WinTV
2007-12-29 12:50:24 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-12-27 20:49:44 0 d-------- C:\Documents and Settings\Dustin\Application Data\Winamp
2007-12-27 14:59:30 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-25 04:10:57 0 d-------- C:\Program Files\Serato
2007-12-25 04:05:48 0 d-------- C:\Documents and Settings\Dustin\Application Data\Talkback
2007-12-25 04:05:21 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-25 04:05:19 0 d-------- C:\Documents and Settings\Dustin\Application Data\Mozilla
2007-12-24 18:17:09 0 d-------- C:\Program Files\AVI Codec Pack
2007-12-24 14:48:31 0 d-------- C:\Program Files\2search
2007-12-24 14:45:18 0 d-------- C:\Program Files\Windows Live
2007-12-23 19:52:24 0 d-------- C:\Program Files\Image-Line
2007-12-23 19:52:20 0 d-------- C:\Program Files\VSTplugins
2007-12-23 19:50:04 0 d-------- C:\Documents and Settings\Dustin\Application Data\Publish Providers
2007-12-23 19:46:33 0 d-------- C:\Program Files\Sony
2007-12-23 19:37:03 0 d-------- C:\Program Files\PowerISO
2007-12-23 19:18:36 0 d-------- C:\Program Files\Soulseek-Test
2007-12-22 03:20:49 0 d-------- C:\Program Files\MSXML 4.0
2007-12-22 03:20:33 0 d-------- C:\Program Files\Hercules
2007-12-22 03:01:08 0 d-------- C:\Program Files\MSXML 6.0
2007-12-22 02:21:55 0 d-------- C:\Program Files\Guillemot
2007-12-22 02:21:06 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-22 02:15:39 0 d-------- C:\Program Files\Alwil Software
2007-12-22 02:00:24 0 d-------- C:\Program Files\HP Analog TV Tuner
2007-12-22 01:54:03 0 d-------- C:\Program Files\DIFX
2007-12-22 01:53:50 0 d-------- C:\Program Files\HP 1.3MP Webcam
2007-12-22 01:35:20 0 d-------- C:\Documents and Settings\Dustin\Application Data\Macromedia
2007-12-22 01:32:58 0 d-------- C:\Program Files\Broadcom
2007-12-22 01:30:51 0 d-------- C:\Program Files\CONEXANT
2007-12-21 00:57:58 0 d-------- C:\Documents and Settings\Dustin\Application Data\Logitech
2007-12-21 00:56:57 0 d-------- C:\Program Files\Common Files\LogiShared
2007-12-21 00:56:48 0 d-------- C:\Program Files\Logitech
2007-12-21 00:55:53 0 d-------- C:\Program Files\Common Files\Logitech
2007-12-21 00:36:55 0 d-------- C:\Program Files\Hp
2007-12-21 00:36:08 0 d-------- C:\Program Files\HPQ
2007-12-21 00:36:04 0 d-------- C:\Program Files\Common Files\LightScribe
2007-12-19 23:51:35 0 d-------- C:\Documents and Settings\Dustin\Application Data\InstallShield
2007-12-19 22:24:32 0 d-------- C:\Documents and Settings\Dustin\Application Data\Identities
2007-12-19 22:20:08 0 d-------- C:\Program Files\microsoft frontpage
2007-12-19 22:19:52 0 -rahs---- C:\MSDOS.SYS
2007-12-19 22:19:52 0 -rahs---- C:\IO.SYS
2007-12-19 22:19:52 0 --a------ C:\CONFIG.SYS
2007-12-19 22:19:52 0 --a------ C:\AUTOEXEC.BAT
2007-12-19 22:18:24 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-19 22:17:29 0 d-------- C:\Program Files\Common Files\MSSoap
2007-12-19 22:17:19 0 d-------- C:\Program Files\Movie Maker
2007-12-19 22:16:17 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-19 22:15:51 0 d-------- C:\Program Files\Online Services
2007-12-19 22:15:40 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-19 22:15:27 0 d-------- C:\Program Files\Messenger
2007-12-19 22:15:22 0 d-------- C:\Program Files\MSN Gaming Zone
2007-12-19 22:15:14 0 d-------- C:\Program Files\Windows NT
2007-12-19 17:05:59 0 d-------- C:\Program Files\Common Files\ODBC
2007-12-19 17:05:56 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-12-19 17:05:31 62 --ahs---- C:\Documents and Settings\Dustin\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 11:11 PM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [11/05/2007 01:21 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [23/08/2007 05:15 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [23/08/2007 05:15 PM]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [26/07/2006 10:44 PM C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 08:00 AM]
"DJ Console Mk2"="C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [18/01/2006 10:50 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [20/12/2007 10:16 AM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/11/2006 10:58 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [14/11/2007 04:05 PM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [11/04/2007 03:32 PM C:\WINDOWS\KHALMNPR.Exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" [19/11/2007 02:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 06:56 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [04/01/2008 11:46 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 04:46 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [21/12/2007 12:56:52 AM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [21/12/2007 12:55:43 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
"C:\Program Files\DAEMON Tools Lite\daemon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
C:\Program Files\Essentials Codec Pack\update.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

*Newly Created Service* - AVP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7873 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-02-04 06:17:48 ------------





Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 X2 Mobile Technology TL-58
CPU 1: AMD Turion™ 64 X2 Mobile Technology TL-58
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 1982.85 MiB / 1428.27 MiB
Pagefile Memory (total/avail): 3875.68 MiB / 3302.9 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.08 MiB

C: is Fixed (NTFS) - 103.38 GiB total, 53.73 GiB free.
D: is Fixed (NTFS) - 111.79 GiB total, 51.67 GiB free.
E: is Fixed (NTFS) - 8.41 GiB total, 1.8 GiB free.
F: is CDROM (No Media)
H: is CDROM (No Media)
I: is Fixed (FAT32) - 279.41 GiB total, 135.77 GiB free.

\\.\PHYSICALDRIVE1 - WDC WD1200BEVS-60UST0 - 111.79 GiB - 1 partition
\PARTITION0 - Installable File System - 111.79 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD1200BEVS-60UST0 - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 103.38 GiB - C:
\PARTITION1 - Installable File System - 8.41 GiB - E:

\\.\PHYSICALDRIVE2 - Maxtor 6 L300R0 USB Device - 279.47 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 279.47 GiB - I:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Anti-virus Firewall v7.0.462.000 (Check Point, LTD.)
AV: ZoneAlarm Anti-virus Antivirus v7.0.462.000 (Check Point, LTD.)
AV: avast! antivirus 4.7.1098 [VPS 080203-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Guillemot\\tools\\giWebUpdater.exe"="C:\\Program Files\\Guillemot\\tools\\giWebUpdater.exe:*:Enabled:Guillemot Web Updater"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Soulseek-Test\\slsk.exe"="C:\\Program Files\\Soulseek-Test\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\Steam\\steamapps\\ace451\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\ace451\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault™"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dustin\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DUSTIN-46EAFB98
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dustin
LOGONSERVER=\\DUSTIN-46EAFB98
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Dustin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Dustin\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=DUSTIN-46EAFB98
USERNAME=Dustin
USERPROFILE=C:\Documents and Settings\Dustin
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Dustin (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x9 anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVI Codec Pack --> C:\Program Files\AVI Codec Pack\uninstall.exe
Broadcom 802.11 Wireless LAN Adapter --> "C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Broadcom Driver v4.150.22.0_Foxconn Installation Program --> C:\Program Files\InstallShield Installation Information\{88410D8F-8529-492B-B556-2394A29B811B}\setup.exe -runfromtemp -l0x0009 -removeonly
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
ChrisTV Professional 4.99 --> "C:\Program Files\ChrisTV\unins000.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Dscaler DirectShow Deinterlace Filter --> "C:\Program Files\ChrisTV\Deinterlace\Uninstall.exe" "C:\Program Files\ChrisTV\Deinterlace\install.log"
FL Studio 5 --> C:\Program Files\Image-Line\FLStudio5\uninstall.exe
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Half-Life 2: Episode One --> "C:\Program Files\Steam\steam.exe" steam://uninstall/380
Hauppauge MCE XP/Vista Software Encoder (2.0.24341) --> C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7\UIU32m.EXE -U -IwqcVenz.inf
Hercules audio files --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{865EE32E-B8D1-4378-9567-203DCAABE75A}\setup.exe" -l0x9 -removeonly
Hercules DJ Console Series drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E4BC9EE4-67F8-4335-BF46-BDACE314BCF6}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Quick Launch Buttons 6.10 B9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP Webcam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2BC4969-2DE3-499A-9A3D-1B7C34ED12C3}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant --> MsiExec.exe /I{0289B18A-F99F-423F-B79F-1150D0F85492}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Anti-Virus 6.0 SOS --> MsiExec.exe /I{3AD203DE-D2DE-47F3-B319-76C411E465AC}
Kaspersky Anti-Virus 6.0 SOS --> MsiExec.exe /I{3AD203DE-D2DE-47F3-B319-76C411E465AC}
KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech Registration --> MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
Medal of Honor Pacific Assault™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}\Setup.exe" -l0x9 -removeonly
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Scratch LIVE 1.8 (18048) --> MsiExec.exe /I{3BDFCF84-67A3-4C52-A708-FDD4135CF64C}
Sony Sound Forge 8.0 --> MsiExec.exe /X{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}
SoulSeek Client 157 test 12c --> "C:\Program Files\Soulseek-Test\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SureThing CD Labeler 4 SE --> C:\WINDOWS\mvuninst\App1\mvuninst.exe "SureThing CD Labeler 4 SE"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
WinAce Archiver --> "C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Driver Package - usbvm326 (usbvm328) Image (10/12/2006 326.1.061012.25) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\usbvm326_49CA82027FB353A22BAC4204862D30BB8A51CBB7\usbvm326.inf
Windows Essentials Media Codec Pack 1.0 --> C:\Program Files\Essentials Codec Pack\uninst.exe
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ZoneAlarm Anti-virus --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1993 / Success
Event Submitted/Written: 02/03/2008 00:21:30 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1979 / Success
Event Submitted/Written: 02/02/2008 04:30:55 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1974 / Error
Event Submitted/Written: 02/02/2008 02:50:36 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.1.15, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1898 / Success
Event Submitted/Written: 01/30/2008 08:19:55 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1887 / Success
Event Submitted/Written: 01/30/2008 07:15:27 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3831 / Warning
Event Submitted/Written: 02/03/2008 00:35:01 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type3808 / Error
Event Submitted/Written: 02/03/2008 00:20:40 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The XAudioService service failed to start due to the following error:
%%193

Event Record #/Type3804 / Error
Event Submitted/Written: 02/03/2008 00:19:46 AM / 02/03/2008 00:20:16 AM
Event ID/Source: 4191 / Tcpip
Event Description:
IP could not open the registry key for adapter TCPIP\Parameters\Adapters\NDISWANIP.
Interfaces on this adapter will not be initialized.

Event Record #/Type3801 / Warning
Event Submitted/Written: 02/02/2008 11:55:04 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk2\D during a paging operation.

Event Record #/Type3800 / Warning
Event Submitted/Written: 02/02/2008 11:54:44 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk2\D during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-02-04 06:17:48 ------------

[__RiP_ChAiN_]

Hello Ace9696

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

[__RiP_ChAiN_]

Hello Ace9696

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

[Ace9696]

My comp wont let me run that scan ...it gets to the point of downloading and an error comes up
I have tried disabling zone alarm ...and avast ....
Still error comes up

[__RiP_ChAiN_]

Hello Ace9696

Let's try this instead:

Download AVG Anti-Spyware v7.5 and save it to your Desktop <- (Important! Vista Users should install from that same location).
(This is Ewdio 4.0 renamed and updated with a special "clean driver" for removing persistent malware.)

• After download, double click on the file to launch the install process.
  
• Choose a language, click "OK" and then click "Next".
  
• Read the "License Agreement" and click "I Agree".
  
• Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  
• After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  
• Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually download and update with the AVG Anti-Spyware Full database installer.
  
• Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them unaccessible for doing a scan. If this is the case, press the WINKEY + M key or Alt + Spacebar to "Minimize" the AVG display. Then right-click on AVG in the Task Bar and select "Maximize". If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

Scan with AVG Anti-Spyware as follows:

• Click on the "Scanner" button and choose the "Settings" tab.
  
• Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  
• Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  
• Under "Reports" select "Do not automatically generate reports".
  
• Click the "Scan" tab to return to scanning options.
  
• Click "Complete System Scan" to start.
  
• When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
  
• You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the :Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.

• Click on "Save Report" to view all completed scans. Click on the most recent scan you performed, select "Save report as" and save to your desktop. The default file name will be in date/time format: Report-Scan-200706-1606. A copy of each report will be saved in C:\Documents and Settings\<user profile>\Application Data\Grisoft\AVG Antispyware 7.5\Reports.
  
  • If you installed AVG AS over a previous version, reports are saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
    
  • If you are a Vista user, reports are saved in C:\Users\<username>\AppData\Roaming\Grisoft\AVG Antispyware 7.5\Reports\
• Exit AVG Anti-Spyware when done, reboot normally and post the log report in your next response.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can continue to use as an on-demand scanner or you may purchase a license to use the full version.

[Ace9696]

here are the scan results

Attached Files

•  AVG_LoG.txt   6.58K   3 downloads

[__RiP_ChAiN_]

Hello Ace9696

The log from AVG Anti-Spyware turned up relatively nothing, how is your computer running at this point?

[Ace9696]

Slugish i have 2 gb of ram .....and it takes like 10-12 sec to open winamp from clickin on a song ,.....
but im not too sure that is a problem....boot up isslow and shut down too .....anyideas ?

[Ace9696]

Ace9696, on Feb 5 2008, 09:57 PM, said:

Slugish i have 2 gb of ram .....and it takes like 10-12 sec to open winamp from clickin on a song ,.....
but im not too sure that is a problem....boot up isslow and shut down too .....anyideas ?

My Internet connection keeps sayin ...connected .....everyso often ....
Had a really Long Boot Up this time ...And Can i now Delete the Quarentened Item in AVG's Quarnteen ?
Adware.webDir

[__RiP_ChAiN_]

Hello Ace9696

Quote

And Can i now Delete the Quarentened Item in AVG's Quarnteen ?

Go ahead.

Quote

Slugish i have 2 gb of ram .....and it takes like 10-12 sec to open winamp from clickin on a song ,.....
but im not too sure that is a problem....boot up isslow and shut down too .....anyideas ?

We can check the file syetm for errors and empty out the temp folders, but no guarantees it will make it that much faster.

Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:

• Click on START-->RUN and type sfc /scannow (note the space) (Let this run undisturbed until the window with the blue progress bar goes away)

SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

If you want to see what was replaced, right-click My Computer and click on Manage. In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.

[Ace9696]

Here is the log for the SfC events I couldnt find a genuine xp cd i had to use the cracked one i have

Attached Files

•  System_Log.txt   406.85K   3 downloads
•  System_Log.txt   406.85K   1 downloads

[__RiP_ChAiN_]

Hello Ace9696

Please go HERE (Microsoft website) using Internet Explorer (not Firefox or any other browser as they won't work)

• Click on Windows Validation Assistant
  
• Click on the Validate Now button.
  
• Be patient while the ActiveX loads, do not click on any links.
  
• Read the instructions on this page while it's loading. You will be prompted to install - click YES.
  
• Enter your product key then click continue
  
• When it says "Validation Complete" please click Continue to return to your previous activity
  
• Copy what it says and paste it here.

[Ace9696]

ya I got one Question about doing that ....
i have a cracked copy of Windows in use. What happens if i install that validaion software .....its gonna tell me im not genuine and annoy the hell out of me right ?