Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

May Have Virus, Repeater Trojan Horse, Or Plain Trojan Horse


  • This topic is locked This topic is locked
26 replies to this topic

#1 moondreamer1

moondreamer1

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:ca
  • Local time:08:19 PM

Posted 20 June 2008 - 10:47 PM

The computer takes a long time to open up, sometimes the desktop item disappear but will reappear upon reboot, I often find it impossible to go from one part of a web site to another, and my google popup blocker stopped working, and clearing the count didn't make a difference. Ran Spybot R&D, AVG, did a defrag, and a cleaner, ran CCleaner, CCleaner Register cleaner All to no avail. Here's my HiJack results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:32 PM, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\mail.com\mcalert.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Owner\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PrintUtil] C:\Program Files\HP\HP Print Utility\PrintUtil.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [885e0d18] rundll32.exe "C:\WINDOWS\system32\exnmrfoy.dll",b
O4 - HKLM\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [GoldMinerSESetup.exe] C:\DOCUME~1\Owner\Desktop\GOLDMI~1.EXE /r
O4 - HKCU\..\Run: [Weather] C:\My Backup -- 21-07-07 2153\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\Owner\Desktop\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas9.exe" /minimize
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleG...PluginIEWin.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190397239843
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/A...ersion=1,0,0,10
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by132fd.bay132.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcz_device - Unknown owner - C:\WINDOWS\system32\lxczcoms.exe (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 11149 bytes

BC AdBot (Login to Remove)

 


m

#2 moondreamer1

moondreamer1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:ca
  • Local time:08:19 PM

Posted 25 June 2008 - 04:58 PM

Doesn't anyone ever read this site?

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 28 June 2008 - 04:32 AM

Hello moondreamer1, my name is fenzodahl512 and welcome to BC.. Apology for our late reply.. Real-life commitment has intrude us.. Please do the following...


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 moondreamer1

moondreamer1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:ca
  • Local time:08:19 PM

Posted 30 June 2008 - 08:03 PM

This is a copy of one of the Notepads:
Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-30 17:53:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
100: 2008-07-01 00:53:47 UTC - RP309 - Deckard's System Scanner Restore Point
99: 2008-06-30 23:07:42 UTC - RP308 - Installed Windows Media Player 10
98: 2008-06-28 00:12:26 UTC - RP307 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
97: 2008-06-27 19:12:21 UTC - RP306 - Microsoft OneCare Protection Checkpoint
96: 2008-06-27 07:48:15 UTC - RP305 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-06-14 16:38:51 UTC - RP210 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:52 PM, on 6/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\9XAFR1HO\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {2F72F5EF-881A-4CA4-B667-5560C8E21BBF} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4FA46FA3-55A4-427F-B0D5-F483C65920A2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {78837FAD-3F64-4A9A-A32B-DC2B386E58E1} - (no file)
O2 - BHO: (no name) - {95358574-5806-48E2-A695-58F295732648} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {A30B575B-0E87-446B-BB58-DD22D0F61DE0} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FB0275C4-6575-497C-9BD9-370ADD8B44B0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PrintUtil] C:\Program Files\HP\HP Print Utility\PrintUtil.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleG...PluginIEWin.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190397239843
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/A...ersion=1,0,0,10
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by132fd.bay132.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 11453 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080622-141058-973 O3 - Toolbar: (no name) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - (no file)
backup-20080622-141821-161 O4 - HKCU\..\Run: [GoldMinerSESetup.exe] C:\DOCUME~1\Owner\Desktop\GOLDMI~1.EXE /r
backup-20080622-141821-663 O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
backup-20080622-141821-695 O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
backup-20080622-141821-698 O23 - Service: lxcz_device - Unknown owner - C:\WINDOWS\system32\lxczcoms.exe (file missing)
backup-20080622-141821-829 O4 - HKCU\..\Run: [Weather] C:\My Backup -- 21-07-07 2153\Program Files\AWS\WeatherBug\Weather.exe 1
backup-20080622-141821-872 O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
backup-20080622-141821-962 O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
backup-20080622-150944-102 O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
backup-20080622-150946-292 O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
backup-20080622-150946-381 O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
backup-20080622-150947-660 O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleG...PluginIEWin.cab
backup-20080622-150949-121 O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
backup-20080622-150950-643 O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
backup-20080622-150951-240 O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
backup-20080622-150952-140 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
backup-20080622-150952-559 O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/A...ersion=1,0,0,10

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R2 HIDKbFlt (HIDKbFlt.SvcDesc%) - c:\windows\system32\drivers\hidkbflt.sys <Not Verified; Dritek System Inc.; Dritek USB Keyboard HID Filter Driver>
R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 BulkUsb (rylm100.sys) - c:\windows\system32\drivers\rylm100.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 lxcz_device - c:\windows\system32\lxczcoms.exe -service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-30 17:55:00 422 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{61CAB245-3580-495F-B5D6-29D449EEEDFE}.job
2008-05-18 03:30:00 418 --a------ C:\WINDOWS\Tasks\ErrorSweeper Scheduled Scan.job


-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2008-06-26 11:13:40 0 d-------- C:\WINDOWS\system32\bits
2008-06-26 11:03:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-06-26 11:01:40 0 d-------- C:\Program Files\Common Files\iS3
2008-06-26 11:01:39 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-06-26 10:55:42 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-06-25 17:38:23 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-25 17:01:05 0 d-------- C:\Program Files\Pogo Games
2008-06-24 12:35:19 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-06-24 12:35:19 0 d-------- C:\Program Files\Belarc
2008-06-23 13:36:23 0 d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies
2008-06-23 13:35:34 0 dr-h----- C:\Documents and Settings\Owner\Application Data\SecuROM
2008-06-20 11:56:46 0 d-------- C:\Program Files\GamesBar
2008-06-19 19:42:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-06-19 19:06:20 0 d-------- C:\Program Files\Trend Micro
2008-06-18 22:45:58 0 d-------- C:\Documents and Settings\Owner\Application Data\Astro Gemini Software
2008-06-18 12:03:38 0 d-------- C:\Program Files\Rockstar Games
2008-06-18 12:03:27 0 d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-06-18 12:02:26 0 d-------- C:\Program Files\Lexmark 1200 Series
2008-06-18 12:02:25 0 d-------- C:\Program Files\Lexmark Fax Solutions
2008-06-16 14:58:46 693075 --ahs---- C:\WINDOWS\system32\JQrBdMoq.ini2
2008-06-15 21:07:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2008-06-14 19:03:42 107013 --a------ C:\WINDOWS\hpqins13.dat
2008-06-14 09:39:34 6029312 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-06-14 09:38:36 266105 --ahs---- C:\WINDOWS\system32\LlUxayxx.ini2
2008-06-13 20:57:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-06-12 21:49:29 0 d-------- C:\Documents and Settings\Owner\Application Data\iWin
2008-06-11 12:23:57 0 --a------ C:\Program Files\uninstall.dat
2008-06-11 00:51:58 375348 --ahs---- C:\WINDOWS\system32\FPXwDJjl.ini2
2008-05-30 20:44:09 0 d-------- C:\Program Files\Micro Innovations


-- Find3M Report ---------------------------------------------------------------

2008-06-29 13:54:41 54 --a------ C:\WINDOWS\popcinfo.dat
2008-06-26 11:01:40 0 d-------- C:\Program Files\Common Files
2008-06-22 16:06:10 0 d-------- C:\Program Files\Oberon Media
2008-06-20 11:56:41 0 d-------- C:\Program Files\Common Files\Oberon Media
2008-06-19 14:44:14 1274 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-06-18 14:41:50 0 d-------- C:\Program Files\Alawar
2008-06-18 12:03:27 0 d-------- C:\Program Files\HP
2008-06-18 12:00:14 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-17 17:44:09 0 d-------- C:\Program Files\MSN Games
2008-06-16 17:25:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-13 00:06:08 0 d-------- C:\Documents and Settings\Owner\Application Data\StumbleUpon
2008-06-07 23:10:13 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-06-06 19:32:47 0 d-------- C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-06-06 13:54:45 0 d-------- C:\Program Files\Google
2008-06-05 15:15:55 58592 --a------ C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-05-29 22:28:46 0 --a------ C:\Program Files\temp01
2008-05-29 22:28:44 0 d-------- C:\Program Files\bfgclient
2008-05-26 11:45:42 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-25 18:50:44 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-05-22 11:53:03 0 d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-05-11 15:09:33 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-05 17:29:06 0 d-------- C:\Program Files\Nick Arcade
2008-05-04 18:40:24 0 d-------- C:\Program Files\AVG
2008-04-26 21:00:37 140691 --a------ C:\WINDOWS\hpoins14.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
03/02/2007 05:52 PM 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 05:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F72F5EF-881A-4CA4-B667-5560C8E21BBF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4FA46FA3-55A4-427F-B0D5-F483C65920A2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78837FAD-3F64-4A9A-A32B-DC2B386E58E1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95358574-5806-48E2-A695-58F295732648}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/04/2008 06:40 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A30B575B-0E87-446B-BB58-DD22D0F61DE0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB0275C4-6575-497C-9BD9-370ADD8B44B0}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/04/2008 06:40 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/21/2007 11:30 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/17/2005 09:05 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"SoundMan"="SOUNDMAN.EXE" [12/01/2004 04:54 PM C:\WINDOWS\SOUNDMAN.EXE]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/24/2005 08:51 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 10:34 PM]
"PrintUtil"="C:\Program Files\HP\HP Print Utility\PrintUtil.exe" [01/02/2008 03:48 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/04/2008 06:40 PM]
"KEMailKb"="C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE" [08/09/2005 01:27 AM]
"KPDrv4XP"="C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [02/21/2005 04:15 AM]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [03/13/2008 09:34 AM]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [05/28/2008 12:35 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]
"Yahoo! Pager"="1" []
"Mail.com"="C:\Program Files\mail.com\mcalert.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 10:26:24 PM]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [12/6/2007 3:04:42 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxyaxUlL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cb6c6f0-3bce-11dc-9d0c-00038a000015}]
AutoRun\command- J:\LaunchU3.exe -a




-- Hosts -----------------------------------------------------------------------

127.0.0.1 ie3.proxy.aol.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

8374 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-30 17:57:03 ------------

This is the extra.txt notepad below:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3000+
Percentage of Memory in Use: 78%
Physical Memory (total/avail): 894.48 MiB / 196.32 MiB
Pagefile Memory (total/avail): 2664.24 MiB / 1972.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.59 MiB

A: is Removable (FAT)
C: is Fixed (NTFS) - 71.23 GiB total, 41.32 GiB free.
D: is Fixed (FAT32) - 3.3 GiB total, 0.64 GiB free.
E: is CDROM (CDFS)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 71.23 GiB - C:
\PARTITION1 - Unknown - 3.3 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AV: Windows Live OneCare v1.0.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\WINDOWS\\system32\\lxczcoms.exe"="C:\\WINDOWS\\system32\\lxczcoms.exe:*:Enabled:Lexmark Communications System"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\My Backup -- 13-03-06 1047\\Program Files\\Pogo Games\\Zuma Deluxe\\Zuma.exe"="C:\\My Backup -- 13-03-06 1047\\Program Files\\Pogo Games\\Zuma Deluxe\\Zuma.exe:*:Enabled:Zuma"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Gold Miner\\GoldMiner.exe"="C:\\Program Files\\Gold Miner\\GoldMiner.exe:*:Enabled:Gold Miner "
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KIMNUKE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\KIMNUKE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Support Tools\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=KIMNUKE
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AquaPark --> "C:\Program Files\MSN Games\AquaPark\Uninstall.exe" "C:\Program Files\MSN Games\AquaPark\install.log"
AT&T Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATT-AACE --> C:\PROGRA~1\ATT\UNWISE.EXE C:\PROGRA~1\ATT\INSTALL.LOG
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bejeweled Deluxe 1.87 --> C:\Program Files\PopCap Games\Bejeweled Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled Deluxe\Install.log"
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
Bricks of Atlantis --> "C:\Program Files\MSN Games\Bricks of Atlantis\Uninstall.exe" "C:\Program Files\MSN Games\Bricks of Atlantis\install.log"
CCleaner (remove only) --> "C:\Documents and Settings\Owner\Desktop\CCleaner\uninst.exe"
Cradle of Persia --> "C:\Program Files\Oberon Media\Cradle of Persia\Uninstall.exe" "C:\Program Files\Oberon Media\Cradle of Persia\install.log"
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTOneCare --> MsiExec.exe /X{CA40DD4F-D30E-4622-8783-1ED1E81340C2}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 9.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet All-In-One Software 9.0 --> C:\Program Files\HP\Digital Imaging\{706BB40A-4102-4c89-8107-DC68C4EBD19B}\setup\hpzscr01.exe -datfile hposcr14.dat
HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 3.0 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat -forcereboot
HP Print Diagnostic Utility --> MsiExec.exe /I{5E06C076-E4E7-4239-A886-B3D8AC84C166}
HP Smart Web Printing --> MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Hyperballoid 2 --> C:\Program Files\Alawar\Hyperballoid2\Uninstall.exe
Internet Keyboard Elite --> C:\WINDOWS\UnInst32.exe KEMailKb.UNI
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Jewel of Atlantis --> "C:\Program Files\MSN Games\Jewel of Atlantis\Uninstall.exe" "C:\Program Files\MSN Games\Jewel of Atlantis\install.log"
Luxor - Amun Rising --> "C:\Program Files\Oberon Media\Luxor - Amun Rising\Uninstall.exe" "C:\Program Files\Oberon Media\Luxor - Amun Rising\install.log"
Microsoft Interactive Training --> C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Standard for Students and Teachers --> MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
Microsoft Protection Service --> MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Live OneCare Resources v2.0.2500.32 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{E6A31482-989E-4E3C-B0C0-1ED4DBD5BC83}
Microsoft Windows OneCare Live v2.0.2500.32 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Windows OneCare Live v2.0.2500.32 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
PDO Desktop --> c:\program files\pdo desktop\companionlink.exe -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Recovery Software Suite eMachines --> MsiExec.exe /I{15377C3E-9655-400F-B441-E69F0A6BEAFE}
ScrabbleScam 1.3 --> "C:\Program Files\ScrabbleScam\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SIW version 2008-04-02 --> "C:\Program Files\SIW\unins000.exe"
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Terminal Server Client for Windows CE, H/PC v3.0 --> C:\WINDOWS\IsUninst.exe -f".\Terminal Server Client for Windows CE, Handheld PC Edition\Uninst.isu"
The Rise of Atlantis --> "C:\Program Files\Smiley Arcade\The Rise of Atlantis\Uninstall.exe" "C:\Program Files\Smiley Arcade\The Rise of Atlantis\install.log"
Watchtower Library 2001 - English Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14764080-0446-11D5-8D2B-0060976F99A1}\setup.exe"
Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Support Tools --> MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Zuma Deluxe 1.0 --> C:\Program Files\Pogo Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\Pogo Games\Zuma Deluxe\Install.log"


-- Application Event Log -------------------------------------------------------

Event Record #/Type3949 / Error
Event Submitted/Written: 06/30/2008 04:44:23 PM / 06/30/2008 04:44:24 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 767637487.

Event Record #/Type3948 / Error
Event Submitted/Written: 06/30/2008 04:24:41 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3939 / Warning
Event Submitted/Written: 06/30/2008 01:44:39 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type3938 / Error
Event Submitted/Written: 06/30/2008 01:43:38 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3937 / Error
Event Submitted/Written: 06/30/2008 01:43:37 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type21311 / Warning
Event Submitted/Written: 06/30/2008 00:50:33 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%KIMNUKE29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KIMNUKE29 can't undo changes that you allow.

For more information please see the following:
%KIMNUKE295

Scan ID: {44036181-CF9A-4F00-95BE-6D0326C94CA8}

Agent: %KIMNUKE43

User: KIMNUKE\Owner

Name: %KIMNUKE291

ID: %KIMNUKE292

Severity: 1.5.1944.05

Category: 1.5.1944.06

Path Found: %KIMNUKE296

Alert Type: %KIMNUKE298

Process Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe

Detection Type: 1.5.1944.02

Status: 1.5.1944.00

Event Record #/Type21310 / Warning
Event Submitted/Written: 06/30/2008 00:50:33 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%KIMNUKE29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KIMNUKE29 can't undo changes that you allow.

For more information please see the following:
%KIMNUKE295

Scan ID: {3FA724A0-1702-4474-B612-7F1EB3A875D6}

Agent: %KIMNUKE43

User: KIMNUKE\Owner

Name: %KIMNUKE291

ID: %KIMNUKE292

Severity: 1.5.1944.05

Category: 1.5.1944.06

Path Found: %KIMNUKE296

Alert Type: %KIMNUKE298

Process Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe

Detection Type: 1.5.1944.02

Status: 1.5.1944.00

Event Record #/Type21309 / Warning
Event Submitted/Written: 06/30/2008 00:50:33 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%KIMNUKE29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KIMNUKE29 can't undo changes that you allow.

For more information please see the following:
%KIMNUKE295

Scan ID: {8E41DF63-BA98-4C90-A531-51D984A88A9A}

Agent: %KIMNUKE43

User: KIMNUKE\Owner

Name: %KIMNUKE291

ID: %KIMNUKE292

Severity: 1.5.1944.05

Category: 1.5.1944.06

Path Found: %KIMNUKE296

Alert Type: %KIMNUKE298

Process Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe

Detection Type: 1.5.1944.02

Status: 1.5.1944.00

Event Record #/Type21308 / Warning
Event Submitted/Written: 06/30/2008 00:50:33 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%KIMNUKE29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KIMNUKE29 can't undo changes that you allow.

For more information please see the following:
%KIMNUKE295

Scan ID: {6B4BA75C-1AE7-40FD-AE55-CF8B4D2442F1}

Agent: %KIMNUKE43

User: KIMNUKE\Owner

Name: %KIMNUKE291

ID: %KIMNUKE292

Severity: 1.5.1944.05

Category: 1.5.1944.06

Path Found: %KIMNUKE296

Alert Type: %KIMNUKE298

Process Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe

Detection Type: 1.5.1944.02

Status: 1.5.1944.00

Event Record #/Type21307 / Warning
Event Submitted/Written: 06/30/2008 00:50:33 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%KIMNUKE29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KIMNUKE29 can't undo changes that you allow.

For more information please see the following:
%KIMNUKE295

Scan ID: {53901023-D218-44C8-AE00-2A2DB9EFA43B}

Agent: %KIMNUKE43

User: KIMNUKE\Owner

Name: %KIMNUKE291

ID: %KIMNUKE292

Severity: 1.5.1944.05

Category: 1.5.1944.06

Path Found: %KIMNUKE296

Alert Type: %KIMNUKE298

Process Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe

Detection Type: 1.5.1944.02

Status: 1.5.1944.00



-- End of Deckard's System Scanner: finished at 2008-06-30 17:57:03 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3000+
Percentage of Memory in Use: 78%
Physical Memory (total/avail): 894.48 MiB / 196.32 MiB
Pagefile Memory (total/avail): 2664.24 MiB / 1972.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.59 MiB

A: is Removable (FAT)
C: is Fixed (NTFS) - 71.23 GiB total, 41.32 GiB free.
D: is Fixed (FAT32) - 3.3 GiB total, 0.64 GiB free.
E: is CDROM (CDFS)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 71.23 GiB - C:
\PARTITION1 - Unknown - 3.3 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AV: Windows Live OneCare v1.0.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\WINDOWS\\system32\\lxczcoms.exe"="C:\\WINDOWS\\system32\\lxczcoms.exe:*:Enabled:Lexmark Communications System"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\My Backup -- 13-03-06 1047\\Program Files\\Pogo Games\\Zuma Deluxe\\Zuma.exe"="C:\\My Backup -- 13-03-06 1047\\Program Files\\Pogo Games\\Zuma Deluxe\\Zuma.exe:*:Enabled:Zuma"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Gold Miner\\GoldMiner.exe"="C:\\Program Files\\Gold Miner\\GoldMiner.exe:*:Enabled:Gold Miner "
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KIMNUKE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\KIMNUKE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Support Tools\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=KIMNUKE
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AquaPark --> "C:\Program Files\MSN Games\AquaPark\Uninstall.exe" "C:\Program Files\MSN Games\AquaPark\install.log"
AT&T Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATT-AACE --> C:\PROGRA~1\ATT\UNWISE.EXE C:\PROGRA~1\ATT\INSTALL.LOG
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bejeweled Deluxe 1.87 --> C:\Program Files\PopCap Games\Bejeweled Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled Deluxe\Install.log"
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
Bricks of Atlantis --> "C:\Program Files\MSN Games\Bricks of Atlantis\Uninstall.exe" "C:\Program Files\MSN Games\Bricks of Atlantis\install.log"
CCleaner (remove only) --> "C:\Documents and Settings\Owner\Desktop\CCleaner\uninst.exe"
Cradle of Persia --> "C:\Program Files\Oberon Media\Cradle of Persia\Uninstall.exe" "C:\Program Files\Oberon Media\Cradle of Persia\install.log"
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTOneCare --> MsiExec.exe /X{CA40DD4F-D30E-4622-8783-1ED1E81340C2}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 9.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet All-In-One Software 9.0 --> C:\Program Files\HP\Digital Imaging\{706BB40A-4102-4c89-8107-DC68C4EBD19B}\setup\hpzscr01.exe -datfile hposcr14.dat
HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 3.0 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat -forcereboot
HP Print Diagnostic Utility --> MsiExec.exe /I{5E06C076-E4E7-4239-A886-B3D8AC84C166}
HP Smart Web Printing --> MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Hyperballoid 2 --> C:\Program Files\Alawar\Hyperballoid2\Uninstall.exe
Internet Keyboard Elite --> C:\WINDOWS\UnInst32.exe KEMailKb.UNI
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Jewel of Atlantis --> "C:\Program Files\MSN Games\Jewel of Atlantis\Uninstall.exe" "C:\Program Files\MSN Games\Jewel of Atlantis\install.log"
Luxor - Amun Rising --> "C:\Program Files\Oberon Media\Luxor - Amun Rising\Uninstall.exe" "C:\Program Files\Oberon Media\Luxor - Amun Rising\install.log"
Microsoft Interactive Training --> C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Standard for Students and Teachers --> MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
Microsoft Protection Service --> MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Live OneCare Resources v2.0.2500.32 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{E6A31482-989E-4E3C-B0C0-1ED4DBD5BC83}
Microsoft Windows OneCare Live v2.0.2500.32 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Windows OneCare Live v2.0.2500.32 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
PDO Desktop --> c:\program files\pdo desktop\companionlink.exe -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Recovery Software Suite eMachines --> MsiExec.exe /I{15377C3E-9655-400F-B441-E69F0A6BEAFE}
ScrabbleScam 1.3 --> "C:\Program Files\ScrabbleScam\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SIW version 2008-04-02 --> "C:\Program Files\SIW\unins000.exe"
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Terminal Server Client for Windows CE, H/PC v3.0 --> C:\WINDOWS\IsUninst.exe -f".\Terminal Server Client for Windows CE, Handheld PC Edition\Uninst.isu"
The Rise of Atlantis --> "C:\Program Files\Smiley Arcade\The Rise of Atlantis\Uninstall.exe" "C:\Program Files\Smiley Arcade\The Rise of Atlantis\install.log"
Watchtower Library 2001 - English Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14764080-0446-11D5-8D2B-0060976F99A1}\setup.exe"
Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Support Tools --> MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Zuma Deluxe 1.0 --> C:\Program Files\Pogo Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\Pogo Games\Zuma Deluxe\Install.log"


-- Application Event Log -------------------------------------------------------

Event Record #/Type3949 / Error
Event Submitted/Written: 06/30/2008 04:44:23 PM / 06/30/2008 04:44:24 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 767637487.

Event Record #/Type3948 / Error
Event Submitted/Written: 06/30/2008 04:24:41 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3939 / Warning
Event Submitted/Written: 06/30/2008 01:44:39 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type3938 / Error
Event Submitted/Written: 06/30/2008 01:43:38 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3937 / Error
Event Submitted/Written: 06/30/2008 01:43:37 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type21311 / Warning
Event Submitted/Written: 06/30/2008 00:50:33 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%KIMNUKE29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KIMNUKE29 can't undo changes that you allow.

For more information please see the following:
%KIMNUKE295

Scan ID: {44036181-CF9A-4F00-95BE-6D0326C94CA8}

Agent: %KIMNUKE43

User: KIMNUKE\Owner

Name: %KIMNUKE291

ID: %KIMNUKE292

Severity: 1.5.1944.05

Category: 1.5.1944.06

Path Found: %KIMNUKE296

Alert Type: %KIMNUKE298

Process Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe

Detection Type: 1.5.1944.02

Status: 1.5.1944.00

Event Record #/Type21310 / Warning
Event Submitted/Written: 06/30/2008 00:50:33 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%KIMNUKE29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KIMNUKE29 can't undo changes that you allow.

For more information please see the following:
%KIMNUKE295

Scan ID: {3FA724A0-1702-4474-B612-7F1EB3A875D6}

Agent: %KIMNUKE43

User: KIMNUKE\Owner

Name: %KIMNUKE291

ID: %KIMNUKE292

Severity: 1.5.1944.05

Category: 1.5.1944.06

Path Found: %KIMNUKE296

Alert Type: %KIMNUKE298

Process Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe

Detection Type: 1.5.1944.02

Status: 1.5.1944.00

Event Record #/Type21309 / Warning
Event Submitted/Written: 06/30/2008 00:50:33 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%KIMNUKE29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KIMNUKE29 can't undo changes that you allow.

For more information please see the following:
%KIMNUKE295

Scan ID: {8E41DF63-BA98-4C90-A531-51D984A88A9A}

Agent: %KIMNUKE43

User: KIMNUKE\Owner

Name: %KIMNUKE291

ID: %KIMNUKE292

Severity: 1.5.1944.05

Category: 1.5.1944.06

Path Found: %KIMNUKE296

Alert Type: %KIMNUKE298

Process Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe

Detection Type: 1.5.1944.02

Status: 1.5.1944.00

Event Record #/Type21308 / Warning
Event Submitted/Written: 06/30/2008 00:50:33 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%KIMNUKE29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KIMNUKE29 can't undo changes that you allow.

For more information please see the following:
%KIMNUKE295

Scan ID: {6B4BA75C-1AE7-40FD-AE55-CF8B4D2442F1}

Agent: %KIMNUKE43

User: KIMNUKE\Owner

Name: %KIMNUKE291

ID: %KIMNUKE292

Severity: 1.5.1944.05

Category: 1.5.1944.06

Path Found: %KIMNUKE296

Alert Type: %KIMNUKE298

Process Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe

Detection Type: 1.5.1944.02

Status: 1.5.1944.00

Event Record #/Type21307 / Warning
Event Submitted/Written: 06/30/2008 00:50:33 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%KIMNUKE29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KIMNUKE29 can't undo changes that you allow.

For more information please see the following:
%KIMNUKE295

Scan ID: {53901023-D218-44C8-AE00-2A2DB9EFA43B}

Agent: %KIMNUKE43

User: KIMNUKE\Owner

Name: %KIMNUKE291

ID: %KIMNUKE292

Severity: 1.5.1944.05

Category: 1.5.1944.06

Path Found: %KIMNUKE296

Alert Type: %KIMNUKE298

Process Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe

Detection Type: 1.5.1944.02

Status: 1.5.1944.00



-- End of Deckard's System Scanner: finished at 2008-06-30 17:57:03 ------------


will place extra.txt in next reply

#5 moondreamer1

moondreamer1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:ca
  • Local time:08:19 PM

Posted 30 June 2008 - 08:10 PM

Last reply may be too long. Will add the notepads as attachments: Ok think I did it correctly. Thank you for responding. I just wasn't sure if the site was active anymore. I've had that experience in other message forums before. Not referringl you BC.

Attached Files



#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 01 July 2008 - 01:22 AM

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\JQrBdMoq.ini2
    C:\WINDOWS\system32\LlUxayxx.ini2
    C:\WINDOWS\system32\FPXwDJjl.ini2
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F72F5EF-881A-4CA4-B667-5560C8E21BBF}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4FA46FA3-55A4-427F-B0D5-F483C65920A2}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78837FAD-3F64-4A9A-A32B-DC2B386E58E1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95358574-5806-48E2-A695-58F295732648}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A30B575B-0E87-446B-BB58-DD22D0F61DE0}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB0275C4-6575-497C-9BD9-370ADD8B44B0}
    HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Please include a fresh Deckard System Scanner log in your next reply..

Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 moondreamer1

moondreamer1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:ca
  • Local time:08:19 PM

Posted 04 July 2008 - 07:10 PM

Big question first - should I leave "unregister dlls and ocx's" checked?

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 05 July 2008 - 12:29 AM

Big question first - should I leave "unregister dlls and ocx's" checked?


Yup.. :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 moondreamer1

moondreamer1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:ca
  • Local time:08:19 PM

Posted 05 July 2008 - 05:42 PM

Am putting everything as attachment. First is "move it" notepad. Second attachment is DXS Main text. I've run the Deckard twice, and am not getting "Extra Text." What am I doing wrong?

Attached Files



#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 06 July 2008 - 01:37 AM

Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 moondreamer1

moondreamer1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:ca
  • Local time:08:19 PM

Posted 07 July 2008 - 05:26 PM

Right now I'm going bonkers trying to get to the Windows XP recovery console download. So far I've gotten to various sites that describe problems that could happen when downloading it and their solutions. In download center search results there is a list of products, with "Windows XP Embedded" being the only Windows XP on the list.

I have 4 CD's I copied from instructions I had when the puter was new. Could one of those be the recovery console? Are all of them the recovery console? How do I check with Stop/run to see if I have it already? I have SP2 & 3. Do those have it?

#12 moondreamer1

moondreamer1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:ca
  • Local time:08:19 PM

Posted 07 July 2008 - 05:32 PM

This is the only thing I get when I type "Windows XP Home Edition Recovery Console" in the search bar:

Windows XP Home and Professional Edition Patch: NTFS chkdsk.exe Update

This update resolves an issue that prevents chkdsk.exe from running at system boot. The issue can occur on systems with an IDE drive and is discussed in Microsoft Knowledge Base (KB) Article Q315403

Not positive, but highly doubtful that's what I'm looking for.

#13 moondreamer1

moondreamer1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:ca
  • Local time:08:19 PM

Posted 07 July 2008 - 06:35 PM

FINALLY!Found the xp etc download, and got it on the desktop. Now another problem. When I try to skate it into Combo Fix, it won't go, and ComboFix wants me to run it. What to do?

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 07 July 2008 - 11:20 PM

Just run ComboFix please... Then post the requested logs here...

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 moondreamer1

moondreamer1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:ca
  • Local time:08:19 PM

Posted 08 July 2008 - 06:51 PM

I'm having probs. Seems CCleaner, according to AVG, is sending trojan horses. I will attempt to do as you ask, but I've been struggling all day to just get here. Seems IE7 has planted a trojan horse on my system too. AVG is saying if I remove the threats my system may crash. Oh, joy! :-(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users