Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cpu @ 100% When Limewire Runs


  • Please log in to reply
10 replies to this topic

#1 silver24

silver24

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 02 February 2008 - 10:39 AM

Hi all. 1st of all i did try to find a topic on this but couldnt find one like it so .... here we go.
I have been using limewire for a few years now & have had no problems. But now when i start up limewire it runs fine for a few min downloading @ great speeds then all of a sudden the speeds drop down to zero but it still says im downloading from how ever many hosts. My CPU usage goes to 100% & the computer slows really bad. If i leave it for a while it does go back to normal running but then repeats its odd behaviour again.I have cleaned with AdAware, Spybot, Windows Defender, Spyware Doc, but found nothing. I was using version 4.14.12. I have uninstalled java & re installed Java but still the same problem. Im only downloading a few vids & songs etc. maybe 10 at most
Im using windows xp.
Virgin cable modem upto 4gig download.
1.5 gig ram
600g hard drive
Mcafee internet security.
When cpu is 100% computer runs really silent. Then when it goes back to normal (low cpu) you can hear the processor really working overtime.
If anyone can help it would be appreciated. Or if you need anymore info about my system set up. Just ask me.
Here is a hijack log as well
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36:55, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.PDeskNet.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Macromed\Director\SwDnld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Matrox PowerDesk 8] C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.exe /silent
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MGAFGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgafg.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\DTR\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)

--
End of file - 9877 bytes
If anyone can help. Sorry couldnt do the link on the 1st attempt. Ive been away on holiday with no computer & 1st post was closed. Hope this is ok still ?

Edited by silver24, 02 February 2008 - 10:42 AM.


BC AdBot (Login to Remove)

 


#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:53 PM

Posted 12 February 2008 - 04:10 PM

Hi silver24, :thumbsup:

If you still need help please post a new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide for use before posting a HijackThis Log , and I'll be happy to look at it for you.

Thanks for your patience. :blink:

#3 silver24

silver24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 15 February 2008 - 05:33 AM

Hi. Thanks for the interest I have followed the cleaning process & scanned pc with both spyware. Here is my new log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:37, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.PDeskNet.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Matrox PowerDesk 8] C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.exe /silent
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-725345543-879983540-682003330-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-725345543-879983540-682003330-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-725345543-879983540-682003330-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Guest')
O4 - HKUS\S-1-5-21-725345543-879983540-682003330-501\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Guest')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MGAFGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgafg.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\DTR\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)

--
End of file - 9843 bytes

#4 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:53 PM

Posted 16 February 2008 - 01:49 PM

Hi silver24, :thumbsup:

Welcome to BleepingComputer Forums and thanks again for your patience.

1.

Cpu @ 100% When Limewire Runs


I would like to start with this: Limewire 4.14.12 may be a legitimate version but take a look at these articles:

ID THIEVES' NEW HANGOUT: FILE-SHARING SOFTWARE and
Risks of File-Sharing Technology

and be warned. It's up to you of course but if you want to get rid of it:

Click on Start, Settings, Control Panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following program if listed:

LimeWire 4.14.12

2. Are you using a firewall? I see nothing in your log that would indicate that you have one installed and active.

If not I urge you to install one since it's your first defense against malware. There are several good but for free programmes available like:

Comodo Firewall Pro
Online Armor Free edition
Kerio

For a tutorial on Firewalls click: Understanding and Using Firewalls!

3. We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

4. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 4...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Plattform: "Windows".
  • Select your Language: "English".
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • Click "Continue".
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.
5. Run HijackThis, click Scan and checkmark the following entries:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

6. Download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

7. Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts. If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply. If you have any problems with the logs, both can be found in C:\Deckard\System Scanner.
8. Finally run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

Please reboot and post the F-Secure report along with DSS main/extra logs

#5 silver24

silver24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 18 February 2008 - 01:55 PM

Hi. Followed all the steps. When i ran Hijack this it didnt have the 2 files you wanted me to delete.
Here is the F secure log

Result: 2 malware found
Tracking Cookie (spyware)
System (Disinfected)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 46188
System: 5977
Not scanned: 196
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 1
Submitted: 0
Files not scanned:
x}0�}3C-F3C135008713
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04B80B9C58AC51812A09422A7C17D69D_918949C2-D31C-4DAC-B03C-F3C135008713
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0652FC47508F23AC14C40ABA55176E79_918949C2-D31C-4DAC-B03C-F3C135008713
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0A2B765A267771D3D6359F135128B7CC_918949C2-D31C-4DAC-B03C-F3C135008713
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0BEC368086C4BF8FCB9C4481C17C90E3_918949C2-D31C-4DAC-B03C-F3C135008713
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C4B885A721F89B0D234F33C5E9F8382_918949C2-D31C-4DAC-B03C-F3C135008713
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C76D41210A278C4E29C1A0796FFC87A_918949C2-D31C-4DAC-B03C-F3C135008713
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0E0907B7F94FFE9B11ED5CEE3FF6A000_918949C2-D31C-4DAC-B03C-F3C135008713
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0F053EC47DEABD242CD3F77FA4F8C75E_918949C2-D31C-4DAC-B03C-F3C135008713
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1026302B3088C99172A12AB17FFFBFDB_918949C2-D31C-4DAC-B03C-F3C135008713
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\111330A37B48D626AE4EC902C30A6DF9_918949C2-D31C-4DAC-B03C-F3C135008713
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\114A564A6E7DBF6101AD00AB9161AB48_918949C2-D31C-4DAC-B03C-F3C135008713
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1288054BF88B1B7459F2DF1D6F999E9A_918949C2-D31C-4DAC-B03C-F3C135008713
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\12D91C5756F6FF978A114452E710C979_918949C2-D31C-4DAC-B03C-F3C135008713
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\140CC9EC8CC9BD475354697564987832_918949C2-D31C-4DAC-B03C-F3C135008713
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\14D9FE81FDA49E512ACF3A9F36419D65_918949C2-D31C-4DAC-B03C-F3C135008713
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\156D460C4231763B6CFA99D32A3A62B2_918949C2-D31C-4DAC-B03C-F3C135008713
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\164E537702DB77F9D28C135B0DD1707C_918949C2-D31C-4DAC-B03C-F3C135008713
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\16CB4720CD7AEDC8FEF9B8A5EC4603A1_918949C2-D31C-4DAC-B03C-F3C135008713
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\189673EAF5C76652D0Ez7A

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2008-02-18
F-Secure AVP: 7.0.171, 2008-02-18
F-Secure Orion: 1.2.37, 2008-02-18
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0648-150-72
F-Secure Pegasus: 1.20.0, 2008-01-13
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQXJPG SWF
Use Advanced heuristics

Deckard main txt

Deckard's System Scanner v20071014.68
Run by DTR on 2008-02-18 17:23:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as DTR.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:34, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.PDeskNet.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DTR\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DTR.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Matrox PowerDesk 8] C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.exe /silent
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203248260843
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - AppInit_DLLs: C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.3DAppHook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MGAFGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgafg.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\DTR\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)

--
End of file - 10072 bytes

-- Files created between 2008-01-18 and 2008-02-18 -----------------------------

2008-02-18 17:14:32 0 d-------- C:\Program Files\Sun
2008-02-18 17:10:38 0 d-------- C:\Program Files\Common Files\Java
2008-02-17 14:58:17 0 d-------- C:\Documents and Settings\DTR\Application Data\OnlineArmor
2008-02-17 14:58:17 0 d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-02-17 14:57:36 25600 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-02-17 14:57:36 68608 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-02-17 14:57:36 18944 --a------ C:\WINDOWS\system32\drivers\ndisrd.sys
2008-02-17 14:57:35 0 d-------- C:\Program Files\Tall Emu
2008-02-16 17:26:13 0 d-------- C:\Program Files\directx
2008-02-15 09:59:34 262144 --a------ C:\ntuser.dat
2008-02-14 22:43:49 0 d-------- C:\Program Files\Lavasoft
2008-02-14 22:43:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-14 22:43:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-10 10:39:26 0 d-------- C:\Documents and Settings\DTR\Application Data\FUJIFILM
2008-02-10 10:38:04 274432 --a------ C:\WINDOWS\system32\FFTIFF16.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM TIFF Image Library>
2008-02-10 10:38:04 208896 --a------ C:\WINDOWS\system32\FFRafShellEx.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FFRafShellEx>
2008-02-10 10:38:04 155648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM CCD-RAW LIBRARY>
2008-02-10 10:38:04 0 d-------- C:\Program Files\FinePixViewer
2008-02-10 10:37:12 45056 -----n--- C:\WINDOWS\system32\FINFCOPY.dll <Not Verified; FUJIFILM; FUJIFILM FINFCOPY>
2008-02-10 10:37:12 65536 -----n--- C:\WINDOWS\system32\FINFCHECK.dll <Not Verified; FUJIFILM; FUJIFILM FINFCHECK>
2008-02-10 10:37:12 0 d-------- C:\Program Files\REGSHAVE
2008-02-10 10:37:11 69632 -----n--- C:\WINDOWS\system32\FREGSHEX.DLL <Not Verified; FUJIFILM; FUJIFILM Fregshave>
2008-02-10 10:37:11 45056 -----n--- C:\WINDOWS\system32\FCLKBTN.DLL <Not Verified; FUJIFILM; FUJIFILM FCLKBTN>
2008-02-07 20:06:02 262144 --a------ C:\Documents and Settings\n\NTUSER.DAT
2008-02-07 20:02:33 0 d-------- C:\Program Files\Common Files\Logitech
2008-02-04 08:07:59 0 d-------- C:\Documents and Settings\DTR\Application Data\AVG7
2008-02-04 08:07:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-04 08:07:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-27 07:36:51 0 d-------- C:\Documents and Settings\DTR\Application Data\VSRevoGroup
2008-01-27 07:16:19 0 d-------- C:\Program Files\VS Revo Group


-- Find3M Report ---------------------------------------------------------------

2008-02-18 17:14:18 0 d-------- C:\Program Files\Java
2008-02-18 17:10:38 0 d-------- C:\Program Files\Common Files
2008-02-18 16:51:17 0 d-------- C:\Program Files\Dl_cats
2008-02-17 12:17:01 0 d-------- C:\Documents and Settings\DTR\Application Data\LimeWire
2008-02-17 11:39:45 0 d-------- C:\Program Files\THQ
2008-02-17 11:39:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-13 08:32:38 0 d-------- C:\Program Files\DivX
2008-02-10 11:01:52 0 d-------- C:\Documents and Settings\DTR\Application Data\Skype
2008-02-09 06:14:02 0 d-------- C:\Documents and Settings\DTR\Application Data\Adobe
2008-02-08 07:31:30 0 d-------- C:\Program Files\Google
2008-02-07 20:10:56 0 d-------- C:\Program Files\McAfee.com
2008-02-06 07:56:07 0 d-------- C:\Program Files\LimeWire
2008-02-03 19:51:56 0 d-------- C:\Program Files\Blaze Media Pro
2008-01-22 22:40:08 0 d-------- C:\Program Files\Trend Micro
2008-01-15 18:21:26 0 d-------- C:\Documents and Settings\DTR\Application Data\Ahead
2008-01-14 09:10:18 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-14 08:58:56 0 d-------- C:\Program Files\Nero
2008-01-14 07:59:57 0 d-------- C:\Program Files\Dan Elwell's Broadband Speed Test
2008-01-14 07:59:08 0 d-------- C:\Program Files\Ahead
2008-01-13 08:59:56 0 d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-01-12 19:36:30 0 d-------- C:\Documents and Settings\DTR\Application Data\DVD Flick
2008-01-12 13:30:56 0 d-------- C:\Program Files\Roxio
2008-01-12 13:30:55 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-01-12 13:27:27 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-01-09 11:18:12 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-09 11:16:10 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-09 11:16:10 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-09 11:16:02 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-09 11:16:02 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-09 11:16:02 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-09 11:16:02 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-06 10:41:04 0 d-------- C:\Program Files\WMA-MP3.com
2008-01-06 10:40:57 0 d-------- C:\Documents and Settings\DTR\Application Data\AccurateRip
2008-01-06 10:40:55 12896 -----n--- C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-01-06 10:40:50 0 d-------- C:\Program Files\Illustrate
2008-01-06 10:33:20 3222 --a------ C:\Documents and Settings\DTR\Application Data\NMM-MetaData.db
2008-01-04 12:36:42 3072 --a------ C:\Documents and Settings\DTR\Application Data\DMX.bmk
2008-01-04 09:04:22 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-03 12:29:07 0 d-------- C:\Program Files\Picasa2
2007-12-31 15:47:27 5852 -----n--- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-31 15:47:25 104 -----n--- C:\WINDOWS\system32\091BA29271.sys
2007-12-24 16:00:03 0 d-------- C:\Documents and Settings\DTR\Application Data\Google
2007-12-22 12:55:16 0 d-------- C:\Documents and Settings\DTR\Application Data\Roxio
2007-12-22 12:50:13 0 d-------- C:\Program Files\PCFriendly
2007-12-22 11:29:44 0 d-------- C:\Program Files\SmartSound Software
2007-12-22 11:21:47 0 d-------- C:\Documents and Settings\DTR\Application Data\WinRAR
2007-12-21 06:33:36 0 d-------- C:\Program Files\DVDFab Decrypter
2007-12-21 06:33:18 0 d-------- C:\Documents and Settings\DTR\Application Data\Vso
2007-12-21 06:33:18 33 --a------ C:\Documents and Settings\DTR\Application Data\pcouffin.log
2007-12-21 06:33:15 47360 --a------ C:\Documents and Settings\DTR\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-21 06:33:15 1144 --a------ C:\Documents and Settings\DTR\Application Data\pcouffin.inf
2007-12-21 06:33:15 7176 --a------ C:\Documents and Settings\DTR\Application Data\pcouffin.cat
2007-12-21 06:33:15 81920 --a------ C:\Documents and Settings\DTR\Application Data\ezpinst.exe
2007-12-19 10:18:19 0 d-------- C:\Program Files\Easy DVD Creator
2007-12-19 07:03:02 0 d-------- C:\Program Files\Corel
2007-12-11 19:43:44 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-09 11:14:37 1960 -----n--- C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [29/05/2003 15:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [30/05/2003 08:42]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 18:20]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [10/12/2005 14:57]
"PCLEPCI"="C:\PROGRA~1\Pinnacle\PPE\ppe.exe" [25/06/2002 14:35]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [14/11/2007 23:43]
"Matrox PowerDesk 8"="C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.exe" [11/02/2004 11:22]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [03/11/2006 22:09]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [03/11/2006 22:04]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [03/11/2006 22:04]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [11/09/2006 04:40]
"DLCXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [16/10/2006 05:31]
"RegistryMechanic"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"@"="" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/02/2008 08:07]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [23/01/2007 15:44 C:\WINDOWS\KHALMNPR.Exe]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 22:32]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [16/11/2007 07:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [14/12/2007 03:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:00]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [11/09/2006 04:40]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 20:05]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [13/09/2006 11:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [16/11/2007 07:50 633344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.3DAppHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME\TomTomHOME.exe" -s


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ea32f1c-6dfb-11dc-b664-001320224405}]
AutoRun\command- G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{481bfc04-6c65-11dc-b662-001320224405}]
AutoRun\command- G:\InstallTomTomHOME.exe




-- End of Deckard's System Scanner: finished at 2008-02-18 17:25:10 ------------

Extra text

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1534.73 MiB / 978.23 MiB
Pagefile Memory (total/avail): 2155.54 MiB / 1731.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.91 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.32 GiB total, 44.44 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 149.05 GiB total, 109.69 GiB free.
F: is CDROM (CDFS)
G: is CDROM (No Media)
H: is CDROM (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)
M: is Removable (No Media)
Q: is Fixed (NTFS) - 465.76 GiB total, 415.11 GiB free.

\\.\PHYSICALDRIVE2 - ST3500630AS - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.76 GiB - Q:

\\.\PHYSICALDRIVE0 - Maxtor 6 L080L0 SCSI Disk Device - 76.33 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.32 GiB - C:

\\.\PHYSICALDRIVE1 - ST316002 1A SCSI Disk Device - 149.05 GiB - 1 partition
\PARTITION0 - Installable File System - 149.05 GiB - E:

\\.\PHYSICALDRIVE4 - USB Card Reader USB Device

\\.\PHYSICALDRIVE5 - USB Card Reader USB Device

\\.\PHYSICALDRIVE6 - USB Card Reader USB Device

\\.\PHYSICALDRIVE7 - USB Card Reader USB Device

\\.\PHYSICALDRIVE3 - Dell USB Mass Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Online Armor Firewall v2.1.0.31 (Tall Emu)
AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\dlcxcoms.exe"="C:\\WINDOWS\\system32\\dlcxcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\DTR\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DAVE
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\DTR
LOGONSERVER=\\DAVE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;;C:\PROGRA~1\MOVIES~1\BIN
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DTR\LOCALS~1\Temp
TMP=C:\DOCUME~1\DTR\LOCALS~1\Temp
USERDOMAIN=DAVE
USERNAME=DTR
USERPROFILE=C:\Documents and Settings\DTR
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

DTR (admin)

Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {4F3FCD41-AD1C-4EE8-9D5C-35DBA58BA060}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Blaze Media Pro --> "C:\Documents and Settings\All Users\Application Data\{4C2CB1B6-C45E-4307-ACEE-27BE65138599}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
CDex extraction audio --> "C:\Program Files\CDex_150\uninstall.exe"
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Dan Elwell's Broadband Speed Test --> "C:\Program Files\Dan Elwell's Broadband Speed Test\unins000.exe"
dBpoweramp Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
Dell PC Fax --> C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe /R:faxunst
Dell Photo AIO Printer 926 --> C:\Program Files\Dell Photo AIO Printer 926\Install\x86\Uninst.exe
DirectXInstallService --> MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EMC 10 Content --> MsiExec.exe /X{FDB46DE7-9045-47BB-970A-3E4ED5369E03}
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Finding Nemo: Nemo's Underwater World of Fun --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BCB8D603-985E-4765-B4AB-B4B991A535B7} NemoUWFUninstall
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LimeWire 4.16.4 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Matrox PowerDesk-HF --> MsiExec.exe /X{BCB38B01-F0C7-4529-962B-C2505FC2E4ED}
Matrox PowerDesk-HF and Driver --> C:\WINDOWS\system32\PowerDesk8\ParheliaUninstaller.exe
Microsoft AutoRoute 2007 --> MsiExec.exe /I{C82185E8-C27B-4EF4-2007-3333BC2C2B6D}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft DirectX Transform optional components --> RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office OneNote 2003 --> MsiExec.exe /I{90A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
MovieStar --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MovieStar\MovieStar.isu"
MP3 Splitter & Joiner 3.02 (Build 5) Update Trial to Full --> "C:\Program Files\MP3 Splitter & Joiner\unins000.exe"
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero 7 Ultra Edition --> MsiExec.exe /I{8C30E1DC-D83E-4A90-AD02-1A275FC71033}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{E4DD8B33-6F9B-41C5-96FF-5DBF27ED23E7}
Nokia PC Connectivity Solution --> MsiExec.exe /I{588AA47B-9115-44D3-B2E5-4F10BC659D6C}
Nokia PC Suite --> MsiExec.exe /I{77296E63-8C19-462B-ABA1-F510750A8C51}
Online Armor 2.0 --> "C:\Program Files\Tall Emu\Online Armor\unins000.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Pinnacle Hollywood FX 4.6 --> C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX 4.6\uninstal.log
Pinnacle Systems PCI Performance Enhancer --> C:\PROGRA~1\Pinnacle\PPE\UNWISE.EXE C:\PROGRA~1\Pinnacle\PPE\INSTALL.LOG
Pinnacle Systems USB Installation --> C:\PROGRA~1\Pinnacle\PINNAC~1\UNWISE.EXE C:\PROGRA~1\Pinnacle\PINNAC~1\INSTALL.LOG
Power Rangers Ninja Storm --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED81F4BB-8479-405D-888D-D617C6F98FF7}\setup.exe" -l0x9
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Protected Music Converter 0.95 --> "C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
R-Studio 3.0 --> C:\Program Files\R-Studio\Uninstall.exe
RealSpeak Solo for UK English Emily --> MsiExec.exe /I{A182077A-8D6B-4194-B48A-B4DC37C69907}
Registry Mechanic 5.1 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Revo Uninstaller 1.42 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Roxio Activation Module --> MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio Central Audio --> MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Central Copy --> MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Central Core --> MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Central Data --> MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Central Tools --> MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio CinePlayer Decoder Pack --> MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Roxio Easy Media Creator 10 Suite --> MsiExec.exe /I{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}
Roxio MediaShare --> MsiExec.exe /I{9A9A1828-31D1-4590-A99F-022B7237AFAE}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Roxio WinOnCD 3.8 --> MsiExec.exe /I{11165A6A-9460-4FE6-921B-5CBFD86E382A}
S3 Gamma --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3 Gamma'
S3 Savage2000 Family Display Switch3 Utility --> S3Uninst.exe -reg 5 HKLM\SOFTWARE\S3\S3Uninst\S3Switch3
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sony Ericsson PC Suite --> MsiExec.exe /I{52809086-618D-4F0B-8BF1-B75A5BB817A4}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Studio 8 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53EF6570-21A4-47ED-A40A-E6470A5677A3}\Setup.exe" -l0x9 UNINSTALL-L0x9 -c
Studio Content CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C643986-DE3C-4737-8472-CCEC36CCC267}\setup.exe" -l0x9
Super Mp3 Recorder Professional v6.0 --> "C:\Program Files\Admiresoft\Super Mp3 Recorder Professional\unins000.exe"
TomTom HOME --> C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
UK-Info Pro V11 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{54ACE8DE-BD00-4660-A9D8-D6CDE8CFFA80}\setup.exe" -l0x9
WinAVI Video Converter 9.0 --> "C:\WINDOWS\WinAVI Video Converter 9.0\uninstall.exe" "/U:C:\Program Files\WinAVI Video Converter 9.0\Uninstall\uninstall.xml"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17) --> C:\PROGRA~1\DIFX\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_7F91C37896B530901B0665F9EF32E19FF06F5687\nokbtmdm.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XMLinst --> MsiExec.exe /I{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}


-- Application Event Log -------------------------------------------------------

Event Record #/Type8922 / Warning
Event Submitted/Written: 02/17/2008 05:42:40 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type8917 / Error
Event Submitted/Written: 02/17/2008 02:11:34 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application DivX Player.exe, version 6.7.0.21, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8906 / Warning
Event Submitted/Written: 02/17/2008 11:48:00 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type8888 / Warning
Event Submitted/Written: 02/17/2008 11:46:32 AM
Event ID/Source: 1020 / ASP.NET 2.0.50727.0
Event Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Event Record #/Type8854 / Warning
Event Submitted/Written: 02/16/2008 04:07:13 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type35472 / Error
Event Submitted/Written: 02/17/2008 06:35:42 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SessionLauncher service failed to start due to the following error:
%%3

Event Record #/Type35449 / Error
Event Submitted/Written: 02/17/2008 06:29:08 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SessionLauncher service failed to start due to the following error:
%%3

Event Record #/Type35426 / Error
Event Submitted/Written: 02/17/2008 05:45:30 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SessionLauncher service failed to start due to the following error:
%%3

Event Record #/Type35383 / Error
Event Submitted/Written: 02/17/2008 11:52:14 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SessionLauncher service failed to start due to the following error:
%%3

Event Record #/Type35367 / Warning
Event Submitted/Written: 02/17/2008 11:46:33 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DAVE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DAVE27 can't undo changes that you allow.

For more information please see the following:
%DAVE275

Scan ID: {F00A95AA-467E-4566-AF7F-1F56AB5984D6}

User: DAVE\DTR

Name: %DAVE271

ID: %DAVE272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DAVE276

Alert Type: %DAVE278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-02-17 19:07:52 ------------

Hope everything all ok now

#6 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:53 PM

Posted 19 February 2008 - 05:57 PM

Hi silver24, :thumbsup:

1. I notice from your log that you have Online Armor Firewall v2.1.0.31 running as your firewall with Auto-protect enabled. This firewall blocks incoming and outgoing traffic so is a good choice. But you also have Windows internal firewall enabled, which only blocks incoming traffic, so is not as good as Online Armor. having two firewalls with Auto-protect enabled isn't the right thing to have since rather than giving you extra protection, this can actually give problems because of incompatibility issues, can even cause BSODs and decrease reliability seriously!
Therefore click Start > Control Panel > Security Center and disable Windows Internal Firewall.

2. Click on Start, Settings, Control Panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following program:

Java™ 6 Update 3

Okay Limewire LimeWire 4.16.4 may be a legitimate version but take a look at these articles:

ID THIEVES' NEW HANGOUT: FILE-SHARING SOFTWARE and
Risks of File-Sharing Technology

and be warned. It's up to you of course but if you want to get rid of it:

From within Add or Remove Programs uninstall the following program:

LimeWire 4.16.4

3. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the following file in bold if it exists:

C:\WINDOWS\system32\091BA29271.sys

Let me know if you had problems with this step.

4. Underneath you see a fixs.reg; right-click it to download it to your desktop. Next doubleclick the file to run it.

5. Please reboot!

6. Download F-Secure Blacklight (fsbl.exe) and save to your C:\ drive.
  • Open a command window by going to Start > Run and typing: cmd
  • Copy/paste or type the following in the command window: C:\fsbl.exe /expert
  • Hit "Enter" to start the program and then close the cmd box.
  • Accept the user agreement and click "Next".
  • Click "Scan".
  • After the scan is complete, click "Next", then "Exit".
  • BlackLight will create a log in C:\ drive named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan).
  • The log will have a list of all items found. Do not choose to rename any yet!
    I want to see the log first because legitimate items can also be present...like "wbemtest.exe" and "tcptest.exe.
  • Exit Blacklight and post the contents of the log in your next reply.
7. You'll still have DSS.exe on your desktop.
Then click on Start > Run
copy and paste the following in bold in the open window and then click OK

"%userprofile%\desktop\dss.exe" /config

This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Post back both logs that open in notepad: main txt and extra txt!

Please post DSS main/extra logs along with the Blacklight log.

#7 silver24

silver24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 20 February 2008 - 02:48 AM

FSBL Log

02/20/08 07:30:44 [Info]: BlackLight Engine 1.0.67 initialized
02/20/08 07:30:44 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/20/08 07:30:44 [Note]: 7019 4
02/20/08 07:30:44 [Note]: 7005 0
02/20/08 07:30:48 [Note]: 7006 0
02/20/08 07:30:48 [Note]: 7011 1396
02/20/08 07:30:48 [Note]: 7026 0
02/20/08 07:30:48 [Note]: 7026 0
02/20/08 07:30:52 [Note]: FSRAW library version 1.7.1024
02/20/08 07:41:57 [Note]: 2000 1012
02/20/08 07:41:57 [Note]: 2000 1012
02/20/08 07:41:57 [Note]: 2000 1012
02/20/08 07:42:28 [Note]: 7007 0


DSS main text

Deckard's System Scanner v20071014.68
Run by DTR on 2008-02-20 07:43:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
102: 2008-02-20 07:43:21 UTC - RP602 - Deckard's System Scanner Restore Point
101: 2008-02-20 06:25:28 UTC - RP601 - System Checkpoint
100: 2008-02-18 17:13:33 UTC - RP600 - Installed Java™ 6 Update 4
99: 2008-02-18 17:10:33 UTC - RP599 - Installed Java™ SE Development Kit 6 Update 4
98: 2008-02-18 16:56:12 UTC - RP598 - Removed Java™ 6 Update 3


-- First Restore Point --
1: 2008-01-02 19:23:51 UTC - RP501 - Removed AVG 7.5


Performed disk cleanup.



-- HijackThis (run as DTR.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:43:41, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.PDeskNet.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DTR\desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DTR.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Matrox PowerDesk 8] C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.exe /silent
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203248260843
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - AppInit_DLLs: C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.3DAppHook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MGAFGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgafg.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\DTR\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)

--
End of file - 10090 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080217-183813-418 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
backup-20080217-183813-501 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 pnp680r (Silicon Image SiI 0680 Medley Raid Controller) - c:\windows\system32\drivers\pnp680r.sys <Not Verified; Silicon Image, Inc; Medley>
R1 Cdr4_2K - c:\windows\system32\drivers\cdr4_2k.sys <Not Verified; Roxio; Roxio's CD-R Helper Drivers>
R1 NDISRD - c:\windows\system32\drivers\ndisrd.sys
R1 NetworkX - c:\windows\system32\ckldrv.sys
R1 OADevice (OADriver) - c:\windows\system32\drivers\oadriver.sys
R1 OAmon - c:\windows\system32\drivers\oamon.sys
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 MgaFG - c:\windows\system32\drivers\mgafg.sys
R3 pfc (PADUS ASPI SHELL) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SMBios (Intel ® System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel ® System Management BIOS Driver>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S1 bdpredir - c:\program files\softwin\bitdefender10\bdpredir.sys (file missing)
S3 DzlUsb (Dazzle DVC USB Device) - c:\windows\system32\drivers\dzlusb.sys <Not Verified; Dazzle Multimedia, Inc.; Dazzle DVC>
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 tbntnd5 (USB Cable Modem NDIS driver) - c:\windows\system32\drivers\tbntnd5.sys <Not Verified; MCCI; USB Cable Modem>
S3 tbntunic (USB Cable Modem WDM driver) - c:\windows\system32\drivers\tbntunic.sys <Not Verified; MCCI; USB Cable Modem>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Crypkey License - crypserv.exe <Not Verified; CrypKey (Canada) Ltd.; CrypKey Software Licensing System>
R2 SvcOnlineArmor (Online Armor) - "c:\program files\tall emu\online armor\oasrv.exe" <Not Verified; Tall Emu; Online Armor Security Suite>

S2 MGAFGEXE - c:\windows\system32\mgafg.exe <Not Verified; Matrox Graphics Inc.; Matrox Graphics Inc. MGAFG>
S2 SessionLauncher - c:\docume~1\dtr\locals~1\temp\dx9\sessionlauncher.exe (file missing)
S2 winss (Windows Live OneCare) - c:\program files\microsoft windows onecare live\winss.exe (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Wireless-G PCI Adapter
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00131737&REV_02\4&2E98101C&0&20F0
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Wireless-G PCI Adapter #2
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00131737&REV_02\4&2E98101C&0&20F0
Service: BCM43XX


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 760)
2004-08-04 12:00:00 708096 -----n--- C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 15:52:53 984576 -----n--- C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 15:36:28 577536 -----n--- C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-02-11 11:21:52 45056 -----n--- C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.3DAppHook.dll

C:\WINDOWS\system32\svchost.exe (pid 972)
2004-08-04 12:00:00 708096 -----n--- C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 15:52:53 984576 -----n--- C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 15:36:28 577536 -----n--- C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-02-11 11:21:52 45056 -----n--- C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.3DAppHook.dll

C:\WINDOWS\system32\svchost.exe (pid 1068)
2004-08-04 12:00:00 708096 -----n--- C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 15:52:53 984576 -----n--- C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 15:36:28 577536 -----n--- C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-02-11 11:21:52 45056 -----n--- C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.3DAppHook.dll

C:\WINDOWS\system32\svchost.exe (pid 1236)
2004-08-04 12:00:00 708096 -----n--- C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 15:52:53 984576 -----n--- C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 15:36:28 577536 -----n--- C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-02-11 11:21:52 45056 -----n--- C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.3DAppHook.dll

C:\WINDOWS\system32\svchost.exe (pid 1352)
2004-08-04 12:00:00 708096 -----n--- C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 15:52:53 984576 -----n--- C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 15:36:28 577536 -----n--- C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-02-11 11:21:52 45056 -----n--- C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.3DAppHook.dll

C:\WINDOWS\system32\svchost.exe (pid 1484)
2004-08-04 12:00:00 708096 -----n--- C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 15:52:53 984576 -----n--- C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 15:36:28 577536 -----n--- C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-02-11 11:21:52 45056 -----n--- C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.3DAppHook.dll

C:\WINDOWS\explorer.exe (pid 1396)
2004-08-04 12:00:00 708096 -----n--- C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 15:52:53 984576 -----n--- C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 15:36:28 577536 -----n--- C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-02-11 11:21:52 45056 -----n--- C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.3DAppHook.dll
2007-11-16 07:50:52 743424 --a------ C:\Program Files\Tall Emu\Online Armor\oawatch.dll <Not Verified; Tall Emu; Online Armor Security Suite>
2006-04-10 09:07:24 532480 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll <Not Verified; Nokia; Phone Browser>
2006-03-21 13:01:12 552960 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll <Not Verified; Nokia; PCSCM>
2006-04-27 09:03:08 243712 -----n--- C:\WINDOWS\system32\ConnAPI.dll <Not Verified; Nokia.; Nokia Connectivity API>
2006-03-23 10:46:06 25088 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.NLR <Not Verified; Nokia; Nokia Phone Browser>
2006-03-21 13:31:12 585728 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.NGR <Not Verified; Nokia; Nokia Phone Browser>
2007-11-16 07:50:52 633344 --a------ C:\Program Files\Tall Emu\Online Armor\oaevent.dll <Not Verified; Tall Emu; Online Armor Security Suite>
2005-11-15 12:07:16 1802240 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll <Not Verified; Nero AG; Nero Digital Tools>
2008-01-06 10:40:50 172032 --a------ C:\Program Files\Illustrate\dBpoweramp\dBShell.dll <Not Verified; Illustrate; dBpoweramp>
2006-09-12 21:56:02 73728 --a------ C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll <Not Verified; Nero AG; Nero BackItUp>
2006-02-16 09:00:00 5120 --a------ C:\Program Files\WinZip\WZSHLSTB.DLL <Not Verified; WinZip Computing LP; WinZip>
2007-09-20 18:34:58 129024 --a------ C:\Program Files\WinRAR\RarExt.dll
2001-03-27 10:00:00 45056 -----n--- C:\WINDOWS\system32\CDRAL.DLL <Not Verified; Roxio; Roxio's CDRAL>

C:\WINDOWS\system32\svchost.exe (pid 1444)
2004-08-04 12:00:00 708096 -----n--- C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 15:52:53 984576 -----n--- C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 15:36:28 577536 -----n--- C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-02-11 11:21:52 45056 -----n--- C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.3DAppHook.dll

C:\WINDOWS\system32\svchost.exe (pid 2416)
2004-08-04 12:00:00 708096 -----n--- C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 15:52:53 984576 -----n--- C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 15:36:28 577536 -----n--- C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-02-11 11:21:52 45056 -----n--- C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.3DAppHook.dll


-- Scheduled Tasks -------------------------------------------------------------

2008-02-20 07:24:06 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-02-13 10:56:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-03-04 14:23:50 402 --ah----- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job


-- Files created between 2008-01-20 and 2008-02-20 -----------------------------

2008-02-18 17:14:32 0 d-------- C:\Program Files\Sun
2008-02-18 17:10:38 0 d-------- C:\Program Files\Common Files\Java
2008-02-17 14:58:17 0 d-------- C:\Documents and Settings\DTR\Application Data\OnlineArmor
2008-02-17 14:58:17 0 d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-02-17 14:57:36 25600 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-02-17 14:57:36 68608 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-02-17 14:57:36 18944 --a------ C:\WINDOWS\system32\drivers\ndisrd.sys
2008-02-17 14:57:35 0 d-------- C:\Program Files\Tall Emu
2008-02-16 17:26:13 0 d-------- C:\Program Files\directx
2008-02-15 09:59:34 262144 --a------ C:\ntuser.dat
2008-02-14 22:43:49 0 d-------- C:\Program Files\Lavasoft
2008-02-14 22:43:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-14 22:43:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-10 10:39:26 0 d-------- C:\Documents and Settings\DTR\Application Data\FUJIFILM
2008-02-10 10:38:04 274432 --a------ C:\WINDOWS\system32\FFTIFF16.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM TIFF Image Library>
2008-02-10 10:38:04 208896 --a------ C:\WINDOWS\system32\FFRafShellEx.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FFRafShellEx>
2008-02-10 10:38:04 155648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM CCD-RAW LIBRARY>
2008-02-10 10:38:04 0 d-------- C:\Program Files\FinePixViewer
2008-02-10 10:37:12 45056 -----n--- C:\WINDOWS\system32\FINFCOPY.dll <Not Verified; FUJIFILM; FUJIFILM FINFCOPY>
2008-02-10 10:37:12 65536 -----n--- C:\WINDOWS\system32\FINFCHECK.dll <Not Verified; FUJIFILM; FUJIFILM FINFCHECK>
2008-02-10 10:37:12 0 d-------- C:\Program Files\REGSHAVE
2008-02-10 10:37:11 69632 -----n--- C:\WINDOWS\system32\FREGSHEX.DLL <Not Verified; FUJIFILM; FUJIFILM Fregshave>
2008-02-10 10:37:11 45056 -----n--- C:\WINDOWS\system32\FCLKBTN.DLL <Not Verified; FUJIFILM; FUJIFILM FCLKBTN>
2008-02-07 20:06:02 262144 --a------ C:\Documents and Settings\n\NTUSER.DAT
2008-02-07 20:02:33 0 d-------- C:\Program Files\Common Files\Logitech
2008-02-04 08:07:59 0 d-------- C:\Documents and Settings\DTR\Application Data\AVG7
2008-02-04 08:07:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-04 08:07:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-27 07:36:51 0 d-------- C:\Documents and Settings\DTR\Application Data\VSRevoGroup
2008-01-27 07:16:19 0 d-------- C:\Program Files\VS Revo Group


-- Find3M Report ---------------------------------------------------------------

2008-02-20 07:42:28 1076 --a------ C:\Program Files\fsbl-20080220073044.log
2008-02-20 07:22:29 0 d-------- C:\Program Files\Dl_cats
2008-02-20 06:48:43 0 d-------- C:\Documents and Settings\DTR\Application Data\LimeWire
2008-02-18 17:14:18 0 d-------- C:\Program Files\Java
2008-02-18 17:10:38 0 d-------- C:\Program Files\Common Files
2008-02-17 11:39:45 0 d-------- C:\Program Files\THQ
2008-02-17 11:39:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-13 08:32:38 0 d-------- C:\Program Files\DivX
2008-02-10 11:01:52 0 d-------- C:\Documents and Settings\DTR\Application Data\Skype
2008-02-09 06:14:02 0 d-------- C:\Documents and Settings\DTR\Application Data\Adobe
2008-02-08 07:31:30 0 d-------- C:\Program Files\Google
2008-02-07 20:10:56 0 d-------- C:\Program Files\McAfee.com
2008-02-06 07:56:07 0 d-------- C:\Program Files\LimeWire
2008-02-03 19:51:56 0 d-------- C:\Program Files\Blaze Media Pro
2008-01-22 22:40:08 0 d-------- C:\Program Files\Trend Micro
2008-01-15 18:21:26 0 d-------- C:\Documents and Settings\DTR\Application Data\Ahead
2008-01-14 09:10:18 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-14 08:58:56 0 d-------- C:\Program Files\Nero
2008-01-14 07:59:57 0 d-------- C:\Program Files\Dan Elwell's Broadband Speed Test
2008-01-14 07:59:08 0 d-------- C:\Program Files\Ahead
2008-01-13 08:59:56 0 d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-01-12 19:36:30 0 d-------- C:\Documents and Settings\DTR\Application Data\DVD Flick
2008-01-12 13:30:56 0 d-------- C:\Program Files\Roxio
2008-01-12 13:30:55 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-01-12 13:27:27 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-01-09 11:18:12 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-09 11:16:10 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-09 11:16:10 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-09 11:16:02 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-09 11:16:02 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-09 11:16:02 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-09 11:16:02 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-06 10:41:04 0 d-------- C:\Program Files\WMA-MP3.com
2008-01-06 10:40:57 0 d-------- C:\Documents and Settings\DTR\Application Data\AccurateRip
2008-01-06 10:40:55 12896 -----n--- C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-01-06 10:40:50 0 d-------- C:\Program Files\Illustrate
2008-01-06 10:33:20 3222 --a------ C:\Documents and Settings\DTR\Application Data\NMM-MetaData.db
2008-01-04 12:36:42 3072 --a------ C:\Documents and Settings\DTR\Application Data\DMX.bmk
2008-01-04 09:04:22 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-03 12:29:07 0 d-------- C:\Program Files\Picasa2
2007-12-31 15:47:27 5852 -----n--- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-24 16:00:03 0 d-------- C:\Documents and Settings\DTR\Application Data\Google
2007-12-22 12:55:16 0 d-------- C:\Documents and Settings\DTR\Application Data\Roxio
2007-12-22 12:50:13 0 d-------- C:\Program Files\PCFriendly
2007-12-22 11:29:44 0 d-------- C:\Program Files\SmartSound Software
2007-12-22 11:21:47 0 d-------- C:\Documents and Settings\DTR\Application Data\WinRAR
2007-12-21 06:33:36 0 d-------- C:\Program Files\DVDFab Decrypter
2007-12-21 06:33:18 0 d-------- C:\Documents and Settings\DTR\Application Data\Vso
2007-12-21 06:33:18 33 --a------ C:\Documents and Settings\DTR\Application Data\pcouffin.log
2007-12-21 06:33:15 47360 --a------ C:\Documents and Settings\DTR\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-21 06:33:15 1144 --a------ C:\Documents and Settings\DTR\Application Data\pcouffin.inf
2007-12-21 06:33:15 7176 --a------ C:\Documents and Settings\DTR\Application Data\pcouffin.cat
2007-12-21 06:33:15 81920 --a------ C:\Documents and Settings\DTR\Application Data\ezpinst.exe
2007-12-11 19:43:44 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-09 11:14:37 1960 -----n--- C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [29/05/2003 15:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [30/05/2003 08:42]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 18:20]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [10/12/2005 14:57]
"PCLEPCI"="C:\PROGRA~1\Pinnacle\PPE\ppe.exe" [25/06/2002 14:35]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [14/11/2007 23:43]
"Matrox PowerDesk 8"="C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.exe" [11/02/2004 11:22]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [03/11/2006 22:09]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [03/11/2006 22:04]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [03/11/2006 22:04]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [11/09/2006 04:40]
"DLCXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [16/10/2006 05:31]
"RegistryMechanic"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"@"="" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/02/2008 08:07]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [23/01/2007 15:44 C:\WINDOWS\KHALMNPR.Exe]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 22:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [14/12/2007 03:42]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [16/11/2007 07:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:00]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [11/09/2006 04:40]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 20:05]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [13/09/2006 11:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [16/11/2007 07:50 633344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.3DAppHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME\TomTomHOME.exe" -s


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ea32f1c-6dfb-11dc-b664-001320224405}]
AutoRun\command- G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{481bfc04-6c65-11dc-b662-001320224405}]
AutoRun\command- G:\InstallTomTomHOME.exe




-- End of Deckard's System Scanner: finished at 2008-02-20 07:46:35 ------------



Extra text


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1534.73 MiB / 982.71 MiB
Pagefile Memory (total/avail): 2155.54 MiB / 1754.35 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1897.45 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.32 GiB total, 43.73 GiB free.
D: is CDROM (UDF)
E: is Fixed (NTFS) - 149.05 GiB total, 109.65 GiB free.
F: is CDROM (CDFS)
G: is CDROM (No Media)
H: is CDROM (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)
M: is Removable (No Media)
Q: is Fixed (NTFS) - 465.76 GiB total, 410.45 GiB free.

\\.\PHYSICALDRIVE2 - ST3500630AS - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.76 GiB - Q:

\\.\PHYSICALDRIVE0 - Maxtor 6 L080L0 SCSI Disk Device - 76.33 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.32 GiB - C:

\\.\PHYSICALDRIVE1 - ST316002 1A SCSI Disk Device - 149.05 GiB - 1 partition
\PARTITION0 - Installable File System - 149.05 GiB - E:

\\.\PHYSICALDRIVE4 - USB Card Reader USB Device

\\.\PHYSICALDRIVE5 - USB Card Reader USB Device

\\.\PHYSICALDRIVE6 - USB Card Reader USB Device

\\.\PHYSICALDRIVE7 - USB Card Reader USB Device

\\.\PHYSICALDRIVE3 - Dell USB Mass Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Online Armor Firewall v2.1.0.31 (Tall Emu)
AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\dlcxcoms.exe"="C:\\WINDOWS\\system32\\dlcxcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\DTR\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DAVE
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\DTR
LOGONSERVER=\\DAVE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;;C:\PROGRA~1\MOVIES~1\BIN
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DTR\LOCALS~1\Temp
TMP=C:\DOCUME~1\DTR\LOCALS~1\Temp
USERDOMAIN=DAVE
USERNAME=DTR
USERPROFILE=C:\Documents and Settings\DTR
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

DTR (admin)

Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {4F3FCD41-AD1C-4EE8-9D5C-35DBA58BA060}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Blaze Media Pro --> "C:\Documents and Settings\All Users\Application Data\{4C2CB1B6-C45E-4307-ACEE-27BE65138599}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
CDex extraction audio --> "C:\Program Files\CDex_150\uninstall.exe"
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Dan Elwell's Broadband Speed Test --> "C:\Program Files\Dan Elwell's Broadband Speed Test\unins000.exe"
dBpoweramp Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
Dell PC Fax --> C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe /R:faxunst
Dell Photo AIO Printer 926 --> C:\Program Files\Dell Photo AIO Printer 926\Install\x86\Uninst.exe
DirectXInstallService --> MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EMC 10 Content --> MsiExec.exe /X{FDB46DE7-9045-47BB-970A-3E4ED5369E03}
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Finding Nemo: Nemo's Underwater World of Fun --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BCB8D603-985E-4765-B4AB-B4B991A535B7} NemoUWFUninstall
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ SE Development Kit 6 Update 4 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160040}
LimeWire 4.16.4 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Matrox PowerDesk-HF --> MsiExec.exe /X{BCB38B01-F0C7-4529-962B-C2505FC2E4ED}
Matrox PowerDesk-HF and Driver --> C:\WINDOWS\system32\PowerDesk8\ParheliaUninstaller.exe
Microsoft AutoRoute 2007 --> MsiExec.exe /I{C82185E8-C27B-4EF4-2007-3333BC2C2B6D}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft DirectX Transform optional components --> RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office OneNote 2003 --> MsiExec.exe /I{90A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
MovieStar --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MovieStar\MovieStar.isu"
MP3 Splitter & Joiner 3.02 (Build 5) Update Trial to Full --> "C:\Program Files\MP3 Splitter & Joiner\unins000.exe"
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero 7 Ultra Edition --> MsiExec.exe /I{8C30E1DC-D83E-4A90-AD02-1A275FC71033}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{E4DD8B33-6F9B-41C5-96FF-5DBF27ED23E7}
Nokia PC Connectivity Solution --> MsiExec.exe /I{588AA47B-9115-44D3-B2E5-4F10BC659D6C}
Nokia PC Suite --> MsiExec.exe /I{77296E63-8C19-462B-ABA1-F510750A8C51}
Online Armor 2.0 --> "C:\Program Files\Tall Emu\Online Armor\unins000.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Pinnacle Hollywood FX 4.6 --> C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX 4.6\uninstal.log
Pinnacle Systems PCI Performance Enhancer --> C:\PROGRA~1\Pinnacle\PPE\UNWISE.EXE C:\PROGRA~1\Pinnacle\PPE\INSTALL.LOG
Pinnacle Systems USB Installation --> C:\PROGRA~1\Pinnacle\PINNAC~1\UNWISE.EXE C:\PROGRA~1\Pinnacle\PINNAC~1\INSTALL.LOG
Power Rangers Ninja Storm --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED81F4BB-8479-405D-888D-D617C6F98FF7}\setup.exe" -l0x9
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Protected Music Converter 0.95 --> "C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
R-Studio 3.0 --> C:\Program Files\R-Studio\Uninstall.exe
RealSpeak Solo for UK English Emily --> MsiExec.exe /I{A182077A-8D6B-4194-B48A-B4DC37C69907}
Registry Mechanic 5.1 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Revo Uninstaller 1.42 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Roxio Activation Module --> MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio Central Audio --> MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Central Copy --> MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Central Core --> MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Central Data --> MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Central Tools --> MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio CinePlayer Decoder Pack --> MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Roxio Easy Media Creator 10 Suite --> MsiExec.exe /I{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}
Roxio MediaShare --> MsiExec.exe /I{9A9A1828-31D1-4590-A99F-022B7237AFAE}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Roxio WinOnCD 3.8 --> MsiExec.exe /I{11165A6A-9460-4FE6-921B-5CBFD86E382A}
S3 Gamma --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3 Gamma'
S3 Savage2000 Family Display Switch3 Utility --> S3Uninst.exe -reg 5 HKLM\SOFTWARE\S3\S3Uninst\S3Switch3
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sony Ericsson PC Suite --> MsiExec.exe /I{52809086-618D-4F0B-8BF1-B75A5BB817A4}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Studio 8 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53EF6570-21A4-47ED-A40A-E6470A5677A3}\Setup.exe" -l0x9 UNINSTALL-L0x9 -c
Studio Content CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C643986-DE3C-4737-8472-CCEC36CCC267}\setup.exe" -l0x9
Super Mp3 Recorder Professional v6.0 --> "C:\Program Files\Admiresoft\Super Mp3 Recorder Professional\unins000.exe"
TomTom HOME --> C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
UK-Info Pro V11 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{54ACE8DE-BD00-4660-A9D8-D6CDE8CFFA80}\setup.exe" -l0x9
WinAVI Video Converter 9.0 --> "C:\WINDOWS\WinAVI Video Converter 9.0\uninstall.exe" "/U:C:\Program Files\WinAVI Video Converter 9.0\Uninstall\uninstall.xml"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17) --> C:\PROGRA~1\DIFX\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_7F91C37896B530901B0665F9EF32E19FF06F5687\nokbtmdm.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XMLinst --> MsiExec.exe /I{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}


-- Application Event Log -------------------------------------------------------

Event Record #/Type8922 / Warning
Event Submitted/Written: 02/17/2008 05:42:40 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type8917 / Error
Event Submitted/Written: 02/17/2008 02:11:34 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application DivX Player.exe, version 6.7.0.21, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8906 / Warning
Event Submitted/Written: 02/17/2008 11:48:00 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type8888 / Warning
Event Submitted/Written: 02/17/2008 11:46:32 AM
Event ID/Source: 1020 / ASP.NET 2.0.50727.0
Event Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Event Record #/Type8854 / Warning
Event Submitted/Written: 02/16/2008 04:07:13 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type35607 / Error
Event Submitted/Written: 02/20/2008 07:22:54 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SessionLauncher service failed to start due to the following error:
%%3

Event Record #/Type35580 / Error
Event Submitted/Written: 02/20/2008 06:09:27 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SessionLauncher service failed to start due to the following error:
%%3

Event Record #/Type35574 / Warning
Event Submitted/Written: 02/19/2008 04:02:35 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type35573 / Warning
Event Submitted/Written: 02/19/2008 02:28:23 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type35569 / Warning
Event Submitted/Written: 02/19/2008 07:09:15 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-02-20 07:46:35 ------------

I had no problem deleting the C:\WINDOWS\system32\091BA29271.sys file either

Thanks

Dave

#8 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:53 PM

Posted 21 February 2008 - 05:44 PM

Hi silver24, :thumbsup:

Logs are looking good so I think we're getting there.

I must appologize for not attaching the regfix. So we have to do that part once more.

Underneath you see a fixs.reg; right-click it to download it to your desktop. Next doubleclick the file to run it.

Attached File  fixs.reg   290bytes   38 downloads

Run DSS again. It will only produce the main report this time, which is what I want to see.

Please post DSS main log and let me know how things are running now. Any complaints?

#9 silver24

silver24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 23 February 2008 - 04:14 AM

Here is the DSS log

Deckard's System Scanner v20071014.68
Run by DTR on 2008-02-23 09:01:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as DTR.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:02:11, on 23/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.PDeskNet.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DTR\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DTR.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Matrox PowerDesk 8] C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.exe /silent
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203248260843
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - AppInit_DLLs: C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.3DAppHook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MGAFGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgafg.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\DTR\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)

--
End of file - 10163 bytes

-- Files created between 2008-01-23 and 2008-02-23 -----------------------------

2008-02-18 17:14:32 0 d-------- C:\Program Files\Sun
2008-02-18 17:10:38 0 d-------- C:\Program Files\Common Files\Java
2008-02-17 14:58:17 0 d-------- C:\Documents and Settings\DTR\Application Data\OnlineArmor
2008-02-17 14:58:17 0 d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-02-17 14:57:36 25600 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-02-17 14:57:36 68608 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-02-17 14:57:36 18944 --a------ C:\WINDOWS\system32\drivers\ndisrd.sys
2008-02-17 14:57:35 0 d-------- C:\Program Files\Tall Emu
2008-02-16 17:26:13 0 d-------- C:\Program Files\directx
2008-02-15 09:59:34 262144 --a------ C:\ntuser.dat
2008-02-14 22:43:49 0 d-------- C:\Program Files\Lavasoft
2008-02-14 22:43:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-14 22:43:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-10 10:39:26 0 d-------- C:\Documents and Settings\DTR\Application Data\FUJIFILM
2008-02-10 10:38:04 274432 --a------ C:\WINDOWS\system32\FFTIFF16.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM TIFF Image Library>
2008-02-10 10:38:04 208896 --a------ C:\WINDOWS\system32\FFRafShellEx.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FFRafShellEx>
2008-02-10 10:38:04 155648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM CCD-RAW LIBRARY>
2008-02-10 10:38:04 0 d-------- C:\Program Files\FinePixViewer
2008-02-10 10:37:12 45056 -----n--- C:\WINDOWS\system32\FINFCOPY.dll <Not Verified; FUJIFILM; FUJIFILM FINFCOPY>
2008-02-10 10:37:12 65536 -----n--- C:\WINDOWS\system32\FINFCHECK.dll <Not Verified; FUJIFILM; FUJIFILM FINFCHECK>
2008-02-10 10:37:12 0 d-------- C:\Program Files\REGSHAVE
2008-02-10 10:37:11 69632 -----n--- C:\WINDOWS\system32\FREGSHEX.DLL <Not Verified; FUJIFILM; FUJIFILM Fregshave>
2008-02-10 10:37:11 45056 -----n--- C:\WINDOWS\system32\FCLKBTN.DLL <Not Verified; FUJIFILM; FUJIFILM FCLKBTN>
2008-02-07 20:06:02 262144 --a------ C:\Documents and Settings\n\NTUSER.DAT
2008-02-07 20:02:33 0 d-------- C:\Program Files\Common Files\Logitech
2008-02-04 08:07:59 0 d-------- C:\Documents and Settings\DTR\Application Data\AVG7
2008-02-04 08:07:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-04 08:07:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-27 07:36:51 0 d-------- C:\Documents and Settings\DTR\Application Data\VSRevoGroup
2008-01-27 07:16:19 0 d-------- C:\Program Files\VS Revo Group


-- Find3M Report ---------------------------------------------------------------

2008-02-23 07:17:42 0 d-------- C:\Documents and Settings\DTR\Application Data\LimeWire
2008-02-23 07:01:27 0 d-------- C:\Program Files\Dl_cats
2008-02-20 07:42:28 1076 --a------ C:\Program Files\fsbl-20080220073044.log
2008-02-18 17:14:18 0 d-------- C:\Program Files\Java
2008-02-18 17:10:38 0 d-------- C:\Program Files\Common Files
2008-02-17 11:39:45 0 d-------- C:\Program Files\THQ
2008-02-17 11:39:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-13 08:32:38 0 d-------- C:\Program Files\DivX
2008-02-10 11:01:52 0 d-------- C:\Documents and Settings\DTR\Application Data\Skype
2008-02-09 06:14:02 0 d-------- C:\Documents and Settings\DTR\Application Data\Adobe
2008-02-08 07:31:30 0 d-------- C:\Program Files\Google
2008-02-07 20:10:56 0 d-------- C:\Program Files\McAfee.com
2008-02-06 07:56:07 0 d-------- C:\Program Files\LimeWire
2008-02-03 19:51:56 0 d-------- C:\Program Files\Blaze Media Pro
2008-01-22 22:40:08 0 d-------- C:\Program Files\Trend Micro
2008-01-15 18:21:26 0 d-------- C:\Documents and Settings\DTR\Application Data\Ahead
2008-01-14 09:10:18 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-14 08:58:56 0 d-------- C:\Program Files\Nero
2008-01-14 07:59:57 0 d-------- C:\Program Files\Dan Elwell's Broadband Speed Test
2008-01-14 07:59:08 0 d-------- C:\Program Files\Ahead
2008-01-13 08:59:56 0 d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-01-12 19:36:30 0 d-------- C:\Documents and Settings\DTR\Application Data\DVD Flick
2008-01-12 13:30:56 0 d-------- C:\Program Files\Roxio
2008-01-12 13:30:55 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-01-12 13:27:27 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-01-09 11:18:12 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-09 11:16:10 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-09 11:16:10 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-09 11:16:02 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-09 11:16:02 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-09 11:16:02 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-09 11:16:02 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-06 10:41:04 0 d-------- C:\Program Files\WMA-MP3.com
2008-01-06 10:40:57 0 d-------- C:\Documents and Settings\DTR\Application Data\AccurateRip
2008-01-06 10:40:55 12896 -----n--- C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-01-06 10:40:50 0 d-------- C:\Program Files\Illustrate
2008-01-06 10:33:20 3222 --a------ C:\Documents and Settings\DTR\Application Data\NMM-MetaData.db
2008-01-04 12:36:42 3072 --a------ C:\Documents and Settings\DTR\Application Data\DMX.bmk
2008-01-04 09:04:22 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-03 12:29:07 0 d-------- C:\Program Files\Picasa2
2007-12-31 15:47:27 5852 -----n--- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-24 16:00:03 0 d-------- C:\Documents and Settings\DTR\Application Data\Google
2007-12-21 06:33:18 33 --a------ C:\Documents and Settings\DTR\Application Data\pcouffin.log
2007-12-21 06:33:15 47360 --a------ C:\Documents and Settings\DTR\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-21 06:33:15 1144 --a------ C:\Documents and Settings\DTR\Application Data\pcouffin.inf
2007-12-21 06:33:15 7176 --a------ C:\Documents and Settings\DTR\Application Data\pcouffin.cat
2007-12-21 06:33:15 81920 --a------ C:\Documents and Settings\DTR\Application Data\ezpinst.exe
2007-12-11 19:43:44 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-09 11:14:37 1960 -----n--- C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [29/05/2003 15:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [30/05/2003 08:42]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 18:20]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [10/12/2005 14:57]
"PCLEPCI"="C:\PROGRA~1\Pinnacle\PPE\ppe.exe" [25/06/2002 14:35]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [14/11/2007 23:43]
"Matrox PowerDesk 8"="C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.exe" [11/02/2004 11:22]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [03/11/2006 22:09]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [03/11/2006 22:04]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [03/11/2006 22:04]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [11/09/2006 04:40]
"DLCXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [16/10/2006 05:31]
"RegistryMechanic"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"@"="" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/02/2008 08:07]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [23/01/2007 15:44 C:\WINDOWS\KHALMNPR.Exe]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 22:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [14/12/2007 03:42]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [16/11/2007 07:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:00]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [11/09/2006 04:40]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 20:05]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [13/09/2006 11:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [16/11/2007 07:50 633344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.3DAppHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME\TomTomHOME.exe" -s




-- End of Deckard's System Scanner: finished at 2008-02-23 09:04:09 ------------

Thanks for all your help Falu
System seems to be smoother. Will give it a few days to see how pc runs on different tasks etc

#10 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:53 PM

Posted 23 February 2008 - 05:38 PM

Hi silver24, :thumbsup:

System seems to be smoother. Will give it a few days to see how pc runs on different tasks etc


That's good news.

Logs look very clean to me.

Let me know how it goes in the coming days and I'll have some last instructions for you.

#11 silver24

silver24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 06 March 2008 - 03:22 AM

Hi Falu
Some strange things have happened since last post. When i go to control panel & click sound & audio devices. It comes up with an error saying cannot find the MMDRIVER.inf. The file maybe damaged.
Sound is working fine though.

Also limewire working a bit better. When i use Nero to burn stuff cpu goes to 100% & i cant do anything else on pc. Everything freezes or if i had pages of internet open it just says page not responding. Its only when it finished burning everything returns to normal. This only happens when limewire is running though. Its almost like my pc cant manage more than one task.
If i shut limewire down it takes a good 5 mins from it to disappear from task manger. Once shut down cpu for LW goes to 0% but mem usage still reamains high for the 5 odd mins its left on their.
I think LW going in the bin as had enough of it

Do you think its worth a format & re install ?

Going on holiday to oz next week wont be back til 5 Apr

Cheers
Dave




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users