Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Virus Scan! In Taskbar


  • This topic is locked This topic is locked
2 replies to this topic

#1 mercuryrsng

mercuryrsng

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 21 July 2008 - 05:46 PM

First time poster. I have been reading about a lot of people having problems with a virus that messes with the desktop. I cannot seem to fix this. This one that I have puts the words VIRUS ALERT! in the taskbar. It also makes it so that when I click on the Start button, I cannot access my programs. My C: drive is missing in My Computer also. Whatever it is also dropped a few files on the desktop, and they all link to www.REMOVED.com. I am also blocked from visiting many sites that would otherwise fix my problem. All virus scan sites are out, as is this one. I am accessing it from another computer program. The only way that I can download adaware and spybot are thru www.download.com. I cannot run the Kaspersky scanner because that site is also blocked. I ran the DSS program and the following sections are the results. The first being main.txt and the 2nd being extra.txt

Thanks to anyone who can help!!!






Deckard's System Scanner v20071014.68
Run by Michael on 2008-07-21 18:24:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
70: 2008-07-21 22:25:13 UTC - RP715 - Deckard's System Scanner Restore Point
69: 2008-07-21 01:53:12 UTC - RP714 - Software Distribution Service 3.0
68: 2008-07-21 01:29:22 UTC - RP713 - System Checkpoint
67: 2008-07-15 16:09:10 UTC - RP712 - Removed AnswerWorks 4.0 Runtime - English
66: 2008-07-15 14:20:50 UTC - RP711 - System Checkpoint


-- First Restore Point --
1: 2008-05-11 14:28:55 UTC - RP646 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as Michael.exe) ---------------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-21 18:27:38
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\a-squared Free\A2SERVICE.EXE
C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
C:\Program Files\AVG7\avgcc.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\AVG7\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVG7\avgupsvc.exe
C:\Program Files\AVG7\avgemc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\Program Files\vol_toolbar\vol_toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\Program Files\vol_toolbar\vol_toolbar.dll
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://billing-b.mhi.aol.com/netagent/objects/custappx2.CAB
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_...nx.1.0.0.55.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} () - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/share...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188190474173
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188190441085
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.1_02) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} () - http://a19.g.akamai.net/7/19/7125/4047/ftp...23/cpbrkpie.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/...8109.5871412037
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/share...,20/McGDMgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\A2SERVICE.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dvpapi - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe


--
End of file - 10326 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080720-214906-271 O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_...itched/main.cab
backup-20080720-214906-449 O2 - BHO: QXK Olive - {646D2C6B-7A01-4725-B3E0-B282E9750A59} - C:\WINDOWS\kgxmotaplmp.dll
backup-20080720-214908-689 O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
backup-20080720-214910-851 O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...r/goldfever.cab
backup-20080720-214912-359 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 papycpu2 - c:\windows\system32\drivers\papycpu2.sys
R1 papyjoy - c:\windows\system32\drivers\papyjoy.sys

S3 CamDrL (Logitech QuickCam Pro 3000(CamDrl)) - c:\windows\system32\drivers\camdrl.sys (file missing)
S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 a2free (a-squared Free Service) - "c:\program files\a-squared free\a2service.exe" <Not Verified; Emsi Software GmbH; a-squared>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >

S3 Pml Driver HPZ12 - c:\windows\system32\hpzipm12.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-11 22:00:00 414 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (MEOLI2-Maria).job
2001-11-15 10:24:27 258 --a------ C:\WINDOWS\Tasks\Registration reminder 3.job
2001-11-15 10:24:27 258 --a------ C:\WINDOWS\Tasks\Registration reminder 2.job
2001-11-15 10:24:26 258 --a------ C:\WINDOWS\Tasks\Registration reminder 1.job


-- Files created between 2008-06-21 and 2008-07-21 -----------------------------

2008-07-20 22:38:30 1968 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-20 22:36:56 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-20 22:36:54 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-20 22:36:52 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-20 22:36:51 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-20 22:36:50 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-20 22:36:48 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-20 22:36:47 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-20 22:36:37 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-20 22:34:08 0 d-------- C:\Program Files\Enigma Software Group
2008-07-20 22:18:24 0 d-------- C:\smitRem
2008-07-20 21:42:01 0 d-------- C:\Program Files\Trend Micro
2008-07-15 08:52:49 0 d-------- C:\Program Files\XP Antivirus
2008-07-15 08:24:16 0 d-------- C:\Documents and Settings\Michael\Application Data\TmpRecentIcons
2008-07-15 08:22:24 0 dr-h----- C:\$VAULT$.AVG
2008-07-15 08:21:33 102400 --a------ C:\WINDOWS\agpqlrfm.exe
2008-07-15 08:21:31 389120 --a------ C:\WINDOWS\kvxqmtre.dll
2008-07-15 08:21:30 163840 --a------ C:\WINDOWS\egwp.exe
2008-07-15 08:21:28 155648 --a------ C:\WINDOWS\qndsfmao.dll
2008-07-15 08:21:27 270336 --a------ C:\WINDOWS\evgratsm.dll
2008-07-15 08:21:15 0 d-------- C:\Program Files\VAV
2008-07-15 08:21:11 30208 --a------ C:\WINDOWS\SysBC.exe
2008-07-15 08:21:07 0 d-------- C:\Program Files\PCHealthCenter


-- Find3M Report ---------------------------------------------------------------

2008-07-15 12:11:16 0 d-------- C:\Program Files\a-squared Free
2008-07-15 12:10:08 0 d-------- C:\Program Files\Common Files\AnswerWorks 5.0
2008-07-15 12:09:13 0 d-------- C:\Program Files\Common Files
2008-07-15 08:58:02 0 d-------- C:\Program Files\AVG7
2008-07-10 20:37:35 0 d-------- C:\Program Files\quickenw
2008-06-11 08:06:51 0 d-------- C:\Documents and Settings\Michael\Application Data\BitTorrent
2008-05-27 21:44:32 0 d-------- C:\Program Files\Quicken
2008-05-15 22:46:58 43608 --a------ C:\Documents and Settings\Michael\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}]
05/25/2007 09:15 1904128 --a------ C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}"= C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL [05/25/2007 09:15 1904128]

[-HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}]
[HKEY_CLASSES_ROOT\vol_toolbar.VOL_TOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [07/24/2001 17:34]
"AVG7_CC"="C:\PROGRA~1\AVG7\avgcc.exe" [07/14/2008 09:59]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [09/28/2007 14:30]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [05/11/2007 16:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/12/2007 01:00]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [06/19/2008 16:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [02/07/2007 15:39]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 21:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"AVG7_Run"=C:\PROGRA~1\AVG7\avgw.exe /RUNONCE

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1189475939\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
"C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\piiserviceOE]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]


*Newly Created Service* - IDSVC
*Newly Created Service* - MCHINJDRV



-- End of Deckard's System Scanner: finished at 2008-07-21 18:30:25 ------------







Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron™ CPU 1300MHz
Percentage of Memory in Use: 82%
Physical Memory (total/avail): 254.42 MiB / 44.03 MiB
Pagefile Memory (total/avail): 624.61 MiB / 241.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.71 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 33.37 GiB total, 22.65 GiB free.
D: is Fixed (FAT32) - 3.89 GiB total, 0.59 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - Maxtor 4D040H2 - 37.27 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 33.37 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 3.9 GiB - D:

\\.\PHYSICALDRIVE1 - Kingston DataTraveler 2.0 USB Device - 3.74 GiB - 1 partition
\PARTITION0 - Unknown - 3.74 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.524 v7.5.524 (Grisoft) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"="C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe:*:Disabled:javaw"
"C:\\Program Files\\COMPAQ\\WinDVD\\WinDVD.exe"="C:\\Program Files\\COMPAQ\\WinDVD\\WinDVD.exe:*:Enabled:Software DVD Player"
"C:\\Papyrus\\NASCAR Racing 2003 Season\\NR2003.exe"="C:\\Papyrus\\NASCAR Racing 2003 Season\\NR2003.exe:*:Disabled:NASCAR Racing 2003 Season"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\GameHouse\\WildWords\\wwwords.exe"="C:\\Program Files\\GameHouse\\WildWords\\wwwords.exe:*:Disabled:Super Wild Wild Words"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\SymplisIT\\DriverMagic\\DriverMagic.exe"="C:\\Program Files\\SymplisIT\\DriverMagic\\DriverMagic.exe:*:Enabled:DriverMagic Utilities"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\\Program Files\\Common Files\\AOL\\1180375599\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1180375599\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information"
"C:\\Program Files\\AVG7\\avginet.exe"="C:\\Program Files\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\AVG7\\avgamsvr.exe"="C:\\Program Files\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\AVG7\\avgcc.exe"="C:\\Program Files\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\AVG7\\avgemc.exe"="C:\\Program Files\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Common Files\\AOL\\1189475939\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1189475939\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Michael\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WINDOWPC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Michael
LOGONSERVER=\\WINDOWPC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 11 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Michael\LOCALS~1\Temp
TMP=C:\DOCUME~1\Michael\LOCALS~1\Temp
USERDOMAIN=WINDOWPC
USERNAME=Michael
USERPROFILE=C:\Documents and Settings\Michael
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (new local, admin)
Michael (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Authentium AntiVirus SDK - 2 --> MsiExec.exe /I{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}
AVG 7.5 --> C:\Program Files\AVG7\setup.exe /UNINSTALL
BitTorrent --> C:\Program Files\BitTorrent\uninst.exe
Canon Camera Access Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{901F8ED7-13E8-43EF-B738-2FE89B0588EB} /l1033
Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}
Canon Camera Window DSLR 5 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 6 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}
Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4DBBF091-FACD-422C-B43C-786335BD5398}
Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
Canon ZoomBrowser EX (E) --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Compaq WinDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
Encarta Online --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C0A23442-6214-11D3-8CDF-0080C768385C}\setup.exe" -uninst
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InterVideo Installer --> "C:\Program Files\Compaq\Installer\IVIUninstaller.exe" "C:\Program Files\Compaq\Installer"
Java 2 Runtime Environment, SE v1.4.1_02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
Linksys PrintServer Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Linksys\PrintDriver\Uninst.isu"
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2001 --> MsiExec.exe /I{D085A1B6-90A4-11D3-82B7-00C04FA309DE}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Works 6.0 --> MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NASCAR® Racing 2003 Season --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACC2E059-40E9-4464-B18D-C9BDD9A02CED}\SETUP.exe" -l0x9 -uninst
Netscape (7.2) --> C:\WINDOWS\NSUninst.exe /ua "7.2 (en)"
Netscape 6 (6.1) --> C:\WINDOWS\N6Uninst.exe /ua "6.1 (en)"
PPSDKRedistributables --> MsiExec.exe /I{C869F4FF-E5FF-4FBB-9A31-33C23605E170}
Quicken 2008 --> MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Radialpoint Security Services --> MsiExec.exe /X{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
TurboTax Deluxe 2007 --> C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
Verizon Broadband Toolbar --> C:\Program Files\vol_toolbar\uninstall.exe
Verizon High Speed Internet --> "C:\WINDOWS\DSL\unins000.exe"
Verizon Online Help and Support --> C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
Verizon PC Security Checkup --> C:\Program Files\InstallShield Installation Information\{3EE3E9E9-F889-48D8-A1EC-F8D6282BE7F4}\setup.exe -runfromtemp -l0x0409
Verizon Servicepoint 1.5.12 --> "C:\Program Files\Verizon\VSP\unins000.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebVideo Support --> C:\WINDOWS\agpqlrfm.exe
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type412 / Error
Event Submitted/Written: 07/15/2008 09:04:21 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msn6.exe, version 7.2.5.2202, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type411 / Error
Event Submitted/Written: 07/15/2008 09:04:21 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msn6.exe, version 7.2.5.2202, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type406 / Error
Event Submitted/Written: 07/15/2008 08:53:31 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application XPAinstall_880028[1].exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type405 / Error
Event Submitted/Written: 07/15/2008 08:24:34 AM
Event ID/Source: 100 / AVG7
Event Description:
2008-07-15 12:24:34,244 WINDOWPC [003528:003324] ERROR 000 AVG7.WTS.CAvgAmWts ProcessIdToSessionId(2148) call failed with WIN32 error 87, returning session id is 0

Event Record #/Type401 / Error
Event Submitted/Written: 07/13/2008 10:43:20 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type31113 / Warning
Event Submitted/Written: 07/21/2008 00:08:19 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type31097 / Error
Event Submitted/Written: 07/20/2008 10:27:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type31096 / Error
Event Submitted/Written: 07/20/2008 10:25:23 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type31095 / Error
Event Submitted/Written: 07/20/2008 10:21:41 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Avg7Core
Avg7RsW
Avg7RsXP
Fips
IPSec
MRxSmb
NetBIOS
NetBT
P3
RasAcd
Rdbss
Tcpip

Event Record #/Type31094 / Error
Event Submitted/Written: 07/20/2008 10:21:41 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-07-21 18:30:25 ------------

EDIT: Removed hot page ~ Billy3

Edited by Billy O'Neal, 07 August 2008 - 10:24 AM.


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:12 AM

Posted 07 August 2008 - 10:25 AM

Hello, mercuryrsng.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
Please note: For the following instructions, DSS MUST be placed on the desktop. Running it from the G drive will NOT work :)

Please run Deckard's System Scanner again, this time using these instructions:
(In the event you lost your copy, you can download a new one from here: Deckard's System Scanner)
  • Click on Start, click on Run
  • Copy and paste the following in the open window and then click OK:
    "%userprofile%\desktop\dss.exe" /config
  • This will open up DSS configuration
  • Click on Check All.
  • Click Scan.
    DSS will now run again.
  • Please post back both logs that open in notepad.
    Main.txt and Extra.txt
In your next reply, please include the following:
  • DSS's Main.txt
  • DSS's Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:12 AM

Posted 10 August 2008 - 05:12 PM

Hello, mercuryrsng.
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users