Forum Home
Press F1
Thread ID: 89157	2008-04-22 10:22:00	is there anyway of getting rid of virus	jnsbs (13656)	Press F1

Post ID	Timestamp	Content	User
661371	2008-04-23 12:08:00	Trademe message baords are the most pathetic outdated forum style around. It would be far more usable if they setup their message borads using Vbulletin.	apsattv (7406)
661372	2008-04-23 12:12:00	www.msnvirusremoval.com Ummmm dude, check this out... Here (www.siteadvisor.com) It says there is a W32/Generic virus in the MSN Photo Virus Remover.	password (5384)
661373	2008-04-24 09:29:00	Have you got this? www.hijackthis.de	Cicero (40)
661374	2008-04-25 10:36:00	This is really strange, she sent me a HJT log...... I analyzed it on that above website and everything came back clear, BUT - I looked at it again myself and noticed that it looks like the majority is missing, there's running processes then it skips right down to O23...... It took her 4 attempts to get HJT going, and in running processes it shows that it is running 4 times - maybe that has something to do with it? She won't be back on until later, but here's her logfile. seems a bit odd... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:14:15 PM, on 4/24/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Acer\Empowering Technology\admServ.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\WINDOWS\system32\rundll32.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\system32\nnhtc.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Messenger\Msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\DOCUME~1\LIZZIE~1\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 2568 bytes I'm looking at "C:\DOCUME~1\LIZZIE~1\LOCALS~1\Temp\RtkBtMnt.exe" but on that hijackthis.de website, it shows as safe.. I could be wrong as I know nothing about these kinds of things, but from past experiences of posting my own HJT logs on here, I've picked up a few ideas (Thanks speedy ;) but as I said, I could be wrong...	jnsbs (13656)
661375	2008-04-25 11:05:00	The above app says no prob with that. Will be interested to see what S has to say.	Cicero (40)
661376	2008-04-25 12:16:00	The file in question RtkBtMnt.EXE can be part of the Realtek HD Audio Data Rerouter, this is loaded by default usually in the Temp files when the audio drivers are installed. I suspect there is something else running in the back ground that Hijack is not detecting. I'm going to ask Pancake if he is available to have a look at this possibly using combofix-he knows how to read the logs.	wainuitech (129)
661377	2008-04-25 13:13:00	jnsbs Let run this and see what it finds . . . First off please download Deckard's System Scanner (DSS) ( . techsupportforum . com/sectools/Deckard/dss . exe" target="_blank">www . techsupportforum . com) to your Desktop . Note: You must be logged onto an account with administrator privileges . Close all applications and windows . Double-click on dss . exe to run it, and follow the prompts . When the scan is complete, two text files will open - main . txt <- this one will be maximized and extra . txt <-this one will be minimized . Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main . txt to here . Please attach extra . txt to your post . To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\Deckard\System Scanner\extra . txt Click Upload . What DSS will do: Create a new System Restore point in Windows XP and Vista . Clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives . Check some important areas of your system and produce a report for your analyst to review . DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed .	Pancake (6359)
661378	2008-04-25 18:21:00	How about this? C:\WINDOWS\system32\nnhtc.exe Try this MSN virus cleaner download-free.programas-gratis.net I would try also try one of the free online scanners and see what it finds? http://housecall.trendmicro.com/	apsattv (7406)
661379	2008-04-28 22:37:00	sorry it's taken so long to get back, she hasn't been on msn since... but has done a scan of dss, she just has to send me both text files.. then i'll copy and paste them onto here	jnsbs (13656)
661380	2008-04-28 22:46:00	main . txt Deckard's System Scanner v20071014 . 68 Run by lizzie nergaard on 2008-04-28 09:30:09 Computer is in Normal Mode . -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point . -- Last 5 Restore Point(s) -- 115: 2008-04-28 21:30:24 UTC - RP379 - Deckard's System Scanner Restore Point 114: 2008-04-27 21:30:46 UTC - RP378 - System Checkpoint 113: 2008-04-26 07:47:53 UTC - RP377 - System Checkpoint 112: 2008-04-25 06:58:59 UTC - RP376 - System Checkpoint 111: 2008-04-24 01:31:04 UTC - RP375 - System Checkpoint -- First Restore Point -- 1: 2008-03-30 23:18:35 UTC - RP265 - System Checkpoint Backed up registry hives . Performed disk cleanup . Percentage of Memory in Use: 86% (more than 75%) . Total Physical Memory: 247 MiB (512 MiB recommended) . -- HijackThis (run as lizzie nergaard . exe) ------------------------------------- Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 9:32:57 AM, on 4/28/2008 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v7 . 00 (7 . 00 . 6000 . 16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\Explorer . EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc . exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr . exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc . exe C:\PROGRA~1\Grisoft\AVG7\avgemc . exe C:\Acer\Empowering Technology\admServ . exe C:\Program Files\Common Files\LightScribe\LSSrvc . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc . exe C:\WINDOWS\system32\igfxtray . exe C:\WINDOWS\system32\hkcmd . exe C:\WINDOWS\system32\igfxpers . exe C:\WINDOWS\RTHDCPL . EXE C:\Acer\Empowering Technology\eRecovery\Monitor . exe C:\Program Files\Synaptics\SynTP\SynTPEnh . exe C:\Acer\Empowering Technology\admtray . exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader . exe C:\WINDOWS\system32\rundll32 . exe C:\Acer\Empowering Technology\ePower\ePower_DMC . exe C:\PROGRA~1\LAUNCH~1\LManager . exe C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor . exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication . exe C:\Program Files\Java\jre1 . 6 . 0_05\bin\jusched . exe C:\Program Files\MessengerPlus! 3\MsgPlus . exe C:\DOCUME~1\LIZZIE~1\LOCALS~1\Temp\RtkBtMnt . exe C:\PROGRA~1\Grisoft\AVG7\avgcc . exe C:\Program Files\PC Connectivity Solution\ServiceLayer . exe C:\WINDOWS\system32\qkhqhodba . exe C:\Program Files\Ares\Ares . exe C:\WINDOWS\system32\ctfmon . exe C:\Program Files\Spybot - Search & Destroy\TeaTimer . exe C:\Program Files\Messenger\Msmsgs . exe C:\Program Files\MSN Messenger\MsnMsgr . Exe C:\WINDOWS\system32\igfxext . exe C:\WINDOWS\system32\wbem\unsecapp . exe C:\WINDOWS\system32\igfxsrvc . exe C:\Documents and Settings\lizzie nergaard\Desktop\dss . exe C:\PROGRA~1\TRENDM~1\HIJACK~1\lizzie nergaard . exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7 . 0\ActiveX\AcroIEHelper . dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper . dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1 . 6 . 0_05\bin\ssv . dll O2 - BHO: (no name) - {7B66DF8D-B726-4C41-95A5-A6FAFA312300} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8E5FEC4C-8022-4E5F-9B54-D4058B6B4C57} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin . dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb . dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar . dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb . dll O4 - HKLM\ . . \Run: C:\WINDOWS\system32\igfxtray . exe O4 - HKLM\ . . \Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd . exe O4 - HKLM\ . . \Run: [igfxpers] C:\WINDOWS\system32\igfxpers . exe O4 - HKLM\ . . \Run: [LaunchApp] Alaunch O4 - HKLM\ . . \Run: [RTHDCPL] RTHDCPL . EXE O4 - HKLM\ . . \Run: [SkyTel] SkyTel . EXE O4 - HKLM\ . . \Run: [Alcmtr] ALCMTR . EXE O4 - HKLM\ . . \Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel . exe O4 - HKLM\ . . \Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh . exe O4 - HKLM\ . . \Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI . exe O4 - HKLM\ . . \Run: [ADMTray . exe] "C:\Acer\Empowering Technology\admtray . exe" O4 - HKLM\ . . \Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader . exe O4 - HKLM\ . . \Run: rundll32 . exe bthprops . cpl,,BluetoothAuthenticationAgent O4 - HKLM\ . . \Run: [IMJPMIG8 . 1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG . EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\ . . \Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst . exe /SYNC O4 - HKLM\ . . \Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP . EXE /SYNC O4 - HKLM\ . . \Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP . EXE /IMEName O4 - HKLM\ . . \Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC . exe O4 - HKLM\ . . \Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management . exe boot O4 - HKLM\ . . \Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager . exe O4 - HKLM\ . . \Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor . exe O4 - HKLM\ . . \Run: [Workflow] E:\Workflow . exe O4 - HKLM\ . . \Run: [Broadbandadvisor . exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor . exe" /AUTORUN O4 - HKLM\ . . \Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication . exe -startup O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1 . 6 . 0_05\bin\jusched . exe" O4 - HKLM\ . . \Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus . exe" O4 - HKLM\ . . \Run: [nnhtc] C:\WINDOWS\system32\nnhtc . exe O4 - HKLM\ . . \Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc . exe /STARTUP O4 - HKLM\ . . \Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan . exe O4 - HKLM\ . . \Run: [qkhqhodba] C:\WINDOWS\system32\qkhqhodba . exe O4 - HKLM\ . . \RunServices: [nnhtc] C:\WINDOWS\system32\nnhtc . exe O4 - HKLM\ . . \RunServices: [pnhks] C:\WINDOWS\system32\pnhks . exe O4 - HKLM\ . . \RunServices: [qkhqhodba] C:\WINDOWS\system32\qkhqhodba . exe O4 - HKCU\ . . \Run: [ares] "C:\Program Files\Ares\Ares . exe" -h O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer . exe O4 - HKCU\ . . \Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus . exe" /WinStart O4 - HKCU\ . . \Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs . exe" /background O4 - HKCU\ . . \Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr . Exe" /background O4 - HKUS\S-1-5-19\ . . \Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw . exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\ . . \Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw . exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\ . . \Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2 . exe /NoDialog (User 'SYSTEM') O4 - HKUS\ . DEFAULT\ . . \Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2 . exe /NoDialog (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb . dll/search . htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_05\bin\ssv . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_05\bin\ssv . dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper . dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper . dll O9 - Extra button: @C:\Program Files\Messenger\Msgslang . dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang . dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer . exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc . exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s . r . o . - C:\PROGRA~1\Grisoft\AVG7\avgamsvr . exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s . r . o . - C:\PROGRA~1\Grisoft\AVG7\avgupsvc . exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s . r . o . - C:\PROGRA~1\Grisoft\AVG7\avgemc . exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc . - C:\Acer\Empowering Technology\admServ . exe O23 - Service: CMG Shield (joara25de) - Unknown owner - C:\WINDOWS\system32\rjkbm . exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc . exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1 . EXE O23 - Service: ServiceLayer - Nokia . - C:\Program Files\PC Connectivity Solution\ServiceLayer . exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc . exe -- End of file - 9729 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080330-115322-119 O4 - HKLM\ . . \Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ . exe" backup-20080330-115322-239 O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1 . 6 . 0_03\bin\jusched . exe" backup-20080330-115322-414 O4 - HKLM\ . . \Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k backup-20080330-115322-228 O4 - HKLM\ . . \Run: [Windows live Messenger] msn . com backup-20080330-115322-318 O4 - Global Startup: Adobe Reader Speed Launch . lnk = C:\Program Files\Adobe\Acrobat 7 . 0\Reader\reader_sl . exe backup-20080330-123257-661 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe -- File Associations ----------------------------------------------------------- All associations okay . -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 UBHelper - c:\windows\system32\drivers\ubhelper . sys R1 OsaFsLoc - c:\windows\system32\drivers\osafsloc . sys <Not Verified; OSA Technologies; > R2 int15 . sys - c:\acer\empowering technology\erecovery\int15 . sys R2 osaio - c:\windows\system32\drivers\osaio . sys <Not Verified; OSA Technologies, An Avocent Company; Windows (R) 2000 DDK driver > R2 osanbm - c:\windows\system32\drivers\osanbm . sys <Not Verified; Windows (R) 2000 DDK provider; OSA int15 Driver > R3 NdisFilt (OSA NdisFilter Protocol) - c:\windows\system32\drivers\ndisfilt . sys <Not Verified; OSA Technologies; > R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr . sys <Not Verified; NewTech Infosystems, Inc . ; > S3 NETMNT (Acer NetMonitor Protocol) - c:\windows\system32\drivers\netmnt . sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AWService (AdminWorks Agent X6) - "c:\acer\empowering technology\admserv . exe" <Not Verified; Avocent Inc . ; Acer Empowering framework > R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer . exe" <Not Verified; Nokia . ; PC Connectivity Solution > S2 joara25de (CMG Shield) - c:\windows\system32\rjkbm . exe /service S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver . exe <Not Verified; Ares Development Group; Ares Chat Server > -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A} Description: Nokia 6111 Device ID: ROOT\WPD\0000 Manufacturer: Nokia Name: Nokia 6111 PNP Device ID: ROOT\WPD\0000 Service: WUDFRd -- Scheduled Tasks ------------------------------------------------------------- 2008-04-28 08:42:12 274 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar . job -- Files created between 2008-03-28 and 2008-04-28 ----------------------------- 2008-04-28 09:14:53 249856 --a------ C:\WINDOWS\system32\rjkbm . exe 2008-04-28 08:06:46 249856 --a------ C:\WINDOWS\system32\rsjq . exe 2008-04-28 08:02:56 0 d--hs---- C:\FOUND . 036 2008-04-28 01:25:44 0 d--hs---- C:\FOUND . 035 2008-04-27 23:04:05 245760 --a------ C:\WINDOWS\system32\pfelm . exe 2008-04-27 22:59:52 0 d--hs---- C:\FOUND . 034 2008-04-27 22:48:52 245760 --a------ C:\WINDOWS\system32\qkhqhodba . exe 2008-04-27 22:38:36 245760 --a------ C:\WINDOWS\system32\pnhks . exe 2008-04-21 22:22:46 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-21 22:22:06 162304 --a------ C:\WINDOWS\system32\ztvunrar36 . dll 2008-04-21 22:22:06 77312 --a------ C:\WINDOWS\system32\ztvunace26 . dll 2008-04-21 22:22:06 69632 --a------ C:\WINDOWS\system32\ztvcabinet . dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System > 2008-04-21 22:22:06 153088 --a------ C:\WINDOWS\system32\UNRAR3 . dll 2008-04-21 22:22:06 75264 --a------ C:\WINDOWS\system32\unacev2 . dll 2008-04-21 22:22:03 0 d-------- C:\Program Files\Trojan Remover 2008-04-21 22:22:03 0 d-------- C:\Documents and Settings\lizzie nergaard\Application Data\Simply Super Software 2008-04-21 22:22:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-04-21 21:05:45 0 dr-h----- C:\Documents and Settings\lizzie nergaard\Recent 2008-04-19 09:56:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-19 06:25:20 0 d--h----- C:\WINDOWS\msdownld . tmp 2008-04-19 00:28:42 0 d--hs---- C:\FOUND . 033 2008-04-18 17:07:24 163840 -ra------ C:\WINDOWS\system32\rhzigane . exe 2008-04-18 17:07:24 163840 -ra------ C:\WINDOWS\system32\nnhtc . exe 2008-04-13 07:17:02 0 d--hs---- C:\FOUND . 032 2008-04-11 05:33:56 0 d--hs---- C:\FOUND . 031 2008-04-07 23:04:30 0 d--hs---- C:\FOUND . 030 2008-04-05 03:05:24 0 d--hs---- C:\FOUND . 029 2008-04-01 22:57:20 0 d-------- C:\Program Files\MessengerPlus! 3 2008-04-01 22:04:48 0 d--hs---- C:\FOUND . 028 2008-04-01 20:50:28 0 d--hs---- C:\FOUND . 027 2008-04-01 20:40:17 0 d-------- C:\Program Files\Alwil Software 2008-04-01 19:48:48 0 d--hs---- C:\FOUND . 026 2008-04-01 03:01:23 0 d-------- C:\Program Files\Microsoft CAPICOM 2 . 1 . 0 . 2 2008-04-01 01:15:13 0 d-------- C:\Program Files\Lavasoft 2008-04-01 01:15:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-01 01:13:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-31 23:03:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-31 20:38:22 0 d-------- C:\WINDOWS\SxsCaPendDel 2008-03-31 07:44:17 0 d-------- C:\Program Files\Windows Live Toolbar 2008-03-31 07:25:38 0 d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-31 07:24:31 0 d-------- C:\Program Files\Windows Live 2008-03-31 07:24:05 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-31 06:13:30 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard 2008-03-31 06:10:38 0 d-------- C:\Program Files\Common Files\iS3 2008-03-31 06:10:34 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla! 2008-03-31 01:32:06 0 d--hs---- C:\FOUND . 025 2008-03-30 12:09:41 0 d-------- C:\Program Files\Java 2008-03-30 12:08:47 0 d-------- C:\Program Files\Common Files\Java 2008-03-30 11:18:23 277902 --ahs---- C:\WINDOWS\system32\XwGNmUtv . ini2 2008-03-30 10:57:15 0 d-------- C:\Program Files\Trend Micro 2008-03-29 11:27:36 0 d--hs---- C:\FOUND . 024 -- Find3M Report --------------------------------------------------------------- 2008-04-27 22:33:08 12 --a------ C:\WINDOWS\bthservsdp . dat 2008-04-25 23:11:26 16348 --a------ C:\Documents and Settings\lizzie nergaard\Application Data\NMM-MetaData . db 2008-03-05 07:09:30 0 d-------- C:\Documents and Settings\lizzie nergaard\Application Data\Opera 2008-03-05 07:09:08 0 d-------- C:\Program Files\Opera -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B66DF8D-B726-4C41-95A5-A6FAFA312300}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E5FEC4C-8022-4E5F-9B54-D4058B6B4C57}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray . exe" [03/23/2006 12:17 PM] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd . exe" [03/23/2006 12:13 PM] "igfxpers"="C:\WINDOWS\system32\igfxpers . exe" [03/23/2006 12:17 PM] "LaunchApp"="Alaunch" [] "RTHDCPL"="RTHDCPL . EXE" [06/28/2006 02:54 PM C:\WINDOWS\RTHDCPL . exe] "SkyTel"="SkyTel . EXE" [05/16/2006 06:04 PM C:\WINDOWS\SkyTel . exe] "Alcmtr"="ALCMTR . EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr . exe] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel . exe" [12/21/2005 03:02 PM] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh . exe" [03/03/2006 01:07 PM] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI . exe" [05/15/2006 11:15 AM] "ADMTray . exe"="C:\Acer\Empowering Technology\admtray . exe" [10/24/2005 04:45 PM] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader . exe" [12/27/2005 03:50 PM] "BluetoothAuthenticationAgent"="bthprops . cpl" [08/04/2004 05:00 AM C:\WINDOWS\system32\bthprops . cpl] "IMJPMIG8 . 1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG . exe" [08/04/2004 05:00 AM] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst . exe" [08/04/2004 05:00 AM] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP . exe" [08/04/2004 05:00 AM] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP . exe" [08/04/2004 05:00 AM] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC . exe" [08/10/2006 07:29 PM] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management . exe" [05/22/2006 12:54 PM] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager . exe" [07/20/2006 10:15 PM] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor . exe" [01/24/2006 06:00 PM] "Workflow"="E:\Workflow . exe" [] "Broadbandadvisor . exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor . exe" [01/24/2007 02:12 PM] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication . exe" [01/23/2007 11:19 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1 . 6 . 0_05\bin\jusched . exe" [02/22/2008 04:25 AM] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus . exe" [04/19/2008 06:24 AM] "nnhtc"="C:\WINDOWS\system32\nnhtc . exe" [04/18/2008 05:07 PM] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc . exe" [04/19/2008 09:57 AM] "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan . exe" [04/21/2008 04:48 PM] "qkhqhodba"="C:\WINDOWS\system32\qkhqhodba . exe" [04/27/2008 10:48 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ares"="C:\Program Files\Ares\Ares . exe" [11/23/2007 04:18 AM] "ctfmon . exe"="C:\WINDOWS\system32\ctfmon . exe" [08/04/2004 05:00 AM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer . exe" [01/28/2008 11:43 AM] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus . exe" [04/19/2008 06:24 AM] "MSMSGS"="C:\Program Files\Messenger\Msmsgs . exe" [04/12/2007 01:43 AM] "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr . exe" [01/19/2007 12:54 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runservices] "nnhtc"=C:\WINDOWS\system32\nnhtc . exe "pnhks"=C:\WINDOWS\system32\pnhks . exe "qkhqhodba"=C:\WINDOWS\system32\qkhqhodba . exe [HKEY_USERS\ . default\software\microsoft\windows\cur rentversion\run] "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2 . exe /NoDialog [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtUmNGwX [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ -- End of Deckard's System Scanner: finished at 2008-04-28 09:34:51 ------------ There's no Manage Attachments under Additional options, it just says Miscellaneous Options, Automatically parse links in text Disable smilies in text Thread Subscription Notification Type: I'll copy/paste it onto here -- [B] extra . txt Deckard's System Scanner v20071014 . 68 Extra logfile - please post this as an attachment with your post . -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2 . 0 Architecture: X86; Language: English CPU 0: Intel(R) Celeron(R) M CPU 410 @ 1 . 46GHz Percentage of Memory in Use: 85% Physical Memory (total/avail): 246 . 04 MiB / 34 . 49 MiB Pagefile Memory (total/avail): 643 . 16 MiB / 83 . 54 MiB Virtual Memory (total/avail): 2047 . 88 MiB / 1924 MiB C: is Fixed (FAT32) - 25 . 25 GiB total, 5 . 82 GiB free . D: is Fixed (FAT32) - 25 . 73 GiB total, 25 . 72 GiB free . E: is CDROM (No Media) \\ . \PHYSICALDRIVE0 - HTS541060G9AT00 - 55 . 89 GiB - 3 partitions \PARTITION0 - Unknown - 4 . 88 GiB \PARTITION1 (bootable) - Unknown - 25 . 26 GiB - C: \PARTITION2 - Unknown - 25 . 75 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install . Windows Internal Firewall is enabled . FirstRunDisabled is set . AntiVirusDisableNotify is set . FirewallDisableNotify is set . AV: AVG 7 . 5 . 524 v7 . 5 . 524 (Grisoft) [HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List] "%windir%\\system32\\sessmgr . exe"="%windir%\\system32\\sessmgr . exe:*:enabled:@xpsp2re s . dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag . exe"="%windir%\\Network Diagnostic\\xpnetdiag . exe:*:Enabled:@xpsp3res . dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr . exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr . exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall . exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall . exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr . exe"="C:\\Program Files\\MSN Messenger\\msnmsgr . exe:*:Enabled:Windows Live Messenger 8 . 1" "C:\\Program Files\\MSN Messenger\\livecall . exe"="C:\\Program Files\\MSN Messenger\\livecall . exe:*:Enabled:Windows Live Messenger 8 . 1 (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List] "%windir%\\system32\\sessmgr . exe"="%windir%\\system32\\sessmgr . exe:*:enabled:@xpsp2re s . dll,-22019" "C:\\Program Files\\Messenger\\msmsgs . exe"="C:\\Program Files\\Messenger\\msmsgs . exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Google\\Google Talk\\googletalk . exe"="C:\\Program Files\\Google\\Google Talk\\googletalk . exe:*:Enabled:Google Talk" "C:\\Program Files\\Ares\\Ares . exe"="C:\\Program Files\\Ares\\Ares . exe:*:Enabled:Ares p2p for windows" "C:\\Program Files\\uTorrent\\uTorrent . exe"="C:\\Program Files\\uTorrent\\uTorrent . exe:*:Enabled:µTorrent" "%windir%\\Network Diagnostic\\xpnetdiag . exe"="%windir%\\Network Diagnostic\\xpnetdiag . exe:*:Enabled:@xpsp3res . dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr . exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr . exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall . exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall . exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Skype\\Phone\\Skype . exe"="C:\\Program Files\\Skype\\Phone\\Skype . exe:*:Enabled:Skype" "C:\\Program Files\\MSN Messenger\\msnmsgr . exe"="C:\\Program Files\\MSN Messenger\\msnmsgr . exe:*:Enabled:Windows Live Messenger 8 . 1" "C:\\Program Files\\MSN Messenger\\livecall . exe"="C:\\Program Files\\MSN Messenger\\livecall . exe:*:Enabled:Windows Live Messenger 8 . 1 (Phone)" "C:\\Program Files\\Grisoft\\AVG7\\avginet . exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet . exe:*:Enabled:avgine t . exe" "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr . exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr . exe:*:Enabled:avgam svr . exe" "C:\\Program Files\\Grisoft\\AVG7\\avgcc . exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc . exe:*:Enabled:avgcc . ex e" "C:\\Program Files\\Grisoft\\AVG7\\avgemc . exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc . exe:*:Enabled:avgemc . exe" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\lizzie nergaard\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=LIZZIE ComSpec=C:\WINDOWS\system32\cmd . exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\lizzie nergaard LOGONSERVER=\\LIZZIE NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOW S\System32\Wbem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030 625 PATHEXT= . COM; . EXE; . BAT; . CMD; . VBS; . VBE; . JS; . JSE; . WS F; . WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0e08 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\LIZZIE~1\LOCALS~1\Temp TMP=C:\DOCUME~1\LIZZIE~1\LOCALS~1\Temp USERDOMAIN=LIZZIE USERNAME=lizzie nergaard USERPROFILE=C:\Documents and Settings\lizzie nergaard windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- lizzie nergaard [I](admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- -- > C:\Program Files\DivX\ConverterUninstall . exe /CONVERTER -- > C:\WINDOWS\IsUninst . exe -f"C:\Program Files\Acer Inc . \Acer English Online Help Creator\Uninst . isu" -- > rundll32 . exe setupapi . dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth . inf Acer eDataSecurity Management 1 . 00 . 26 -- > RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor . dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E431C518-2EE2-471E-9234-BE995C36D513}\setup . exe" -l0x9 -removeonly Acer eLock Management -- > C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver . exe /M{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42} Acer Empowering Technology framework -- > C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver . exe /M{15B70821-7893-4607-805A-BB80F3EA8279} Acer ePerformance Management -- > C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver . exe /M{DEE08946-40F0-4890-853E-60A6C3306041} Acer ePower Management -- > RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor . dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup . exe" -l0x9 Acer ePresentation Management -- > C:\WINDOWS\UnInst32 . exe AcerePrj . UNI Acer eSettings Management -- > C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver . exe /M{E38BC648-883B-4EE5-966C-94C4B7AB3E0B} Acer Screensaver -- > MsiExec . exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2} Ad-Aware 2007 -- > MsiExec . exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player ActiveX -- > C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX . exe Adobe Flash Player Plugin -- > C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n . exe Adobe Reader 7 . 0 -- > MsiExec . exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe Shockwave Player -- > C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE . EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL . LOG Ares 2 . 0 . 9 -- > "C:\Program Files\Ares\uninstall . exe" AVG 7 . 5 -- > C:\Program Files\Grisoft\AVG7\setup . exe /UNINSTALL Broadband Help -- > MsiExec . exe /I{01B6480D-3937-4E82-AB2C-8E4C591BEFE5} CCleaner (remove only) -- > "C:\Program Files\CCleaner\uninst . exe" DivX Codec -- > C:\Program Files\DivX\DivXCodecUninstall . exe /CODEC DivX Content Uploader -- > C:\Program Files\DivX\DivXContentUploaderUninstall . exe /CUPLOADER DivX Converter -- > C:\Program Files\DivX\ConverterUninstall . exe /CONVERTER DivX Player -- > C:\Program Files\DivX\DivXPlayerUninstall . exe /PLAYER DivX Web Player -- > C:\Program Files\DivX\DivXWebPlayerUninstall . exe /PLUGIN Google Toolbar for Firefox -- > MsiExec . exe /X{2CCBABCB-6427-4A55-B091-49864623C43F} HDAUDIO Soft Data Fax Modem with SmartCP -- > C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F\HXFSETUP . EXE -U -IWstAzlK . inf High Definition Audio Driver Package - KB888111 -- > "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\sp uninst . exe" Highlight Viewer (Windows Live Toolbar) -- > MsiExec . exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF} HijackThis 2 . 0 . 2 -- > "C:\Program Files\Trend Micro\HijackThis\HijackThis . exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) -- > "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst . exe" Intel(R) Graphics Media Accelerator Driver -- > RUNDLL32 . EXE C:\WINDOWS\system32\ialmrem . dll,UninstallW2KIGfx2I D PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2 Java(TM) 6 Update 5 -- > MsiExec . exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Launch Manager -- > C:\WINDOWS\UnInst32 . exe LManager . UNI LiveUpdate 3 . 0 (Symantec Corporation) -- > "C:\Program Files\Symantec\LiveUpdate\LSETUP . EXE" /U Map Button (Windows Live Toolbar) -- > MsiExec . exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA} Messenger Plus! 3 -- > "C:\Program Files\MessengerPlus! 3\MsgPlus . exe" /Remove Messenger Plus! Live -- > "C:\Program Files\Messenger Plus! Live\Uninstall . exe" Microsoft Compression Client Pack 1 . 0 for Windows XP -- > "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spun inst . exe" Microsoft User-Mode Driver Framework Feature Pack 1 . 5 -- > "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spunins t . exe" Mozilla Firefox (2 . 0 . 0 . 14) -- > C:\Program Files\Mozilla Firefox\uninstall\helper . exe MSN -- > C:\Program Files\MSN\MsnInstaller\msninst . exe /Action:ARP Nokia Connectivity Cable Driver -- > MsiExec . exe /X{3675AD63-CF95-4778-B981-225FB9225D7C} Nokia PC Suite -- > MsiExec . exe /I{4CE0B4BA-8862-444D-A94D-EF39AD48C8BC} NTI CD & DVD-Maker -- > C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river . exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7 PC Connectivity Solution -- > MsiExec . exe /I{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8} PowerDVD -- > RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or . dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup . EXE" -uninstall Realtek High Definition Audio Driver -- > RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor . dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup . exe" -l0x9 -removeonly Security Update for CAPICOM (KB931906) -- > MsiExec . exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) -- > MsiExec . exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Smart Menus (Windows Live Toolbar) -- > MsiExec . exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D} Spybot - Search & Destroy -- > "C:\Program Files\Spybot - Search & Destroy\unins000 . exe" Symantec KB-DocID:2003093015493306 -- > MsiExec . exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68} Synaptics Pointing Device Driver -- > rundll32 . exe "C:\Program Files\Synaptics\SynTP\SynISDLL . dll",standAloneUninstall Trojan Remover 6 . 6 . 9 -- > "C:\Program Files\Trojan Remover\unins000 . exe" Virgin Broadband advisor 1 . 5 . 10 -- > "C:\Program Files\Virgin Broadband\advisor\unins000 . exe" Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6 . 82 . 26 . 2) -- > C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC45 7D98997\dpinst . exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E6 6584353C6CD8683D447072872F34D8\pccswpddriver . inf Windows Driver Package - Nokia Modem (11/03/2006 6 . 82 . 0 . 1) -- > C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC45 7D98997\dpinst . exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08 EDFDE145390033D8EF099DA65567\nokbtmdm . inf Windows Live installer -- > MsiExec . exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Messenger -- > MsiExec . exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Live Sign-in Assistant -- > MsiExec . exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Live Toolbar -- > "C:\Program Files\Windows Live Toolbar\UnInstall . exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Toolbar -- > MsiExec . exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Toolbar Extension (Windows Live Toolbar) -- > MsiExec . exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D} Windows Media Format 11 runtime -- > "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunins t . exe" Windows Messenger 5 . 1 -- > MsiExec . exe /I{A44413DC-17D5-4F0B-A128-8B590B20323C} -- Application Event Log ------------------------------------------------------- Event Record #/Type2040 / Error Event Submitted/Written: 04/28/2008 01:31:41 AM Event ID/Source: 100 / AVG7 Event Description: 2008-04-28 13:31:41,875 LIZZIE [000604:000612] ERROR 000 AVG7 . WTS . CAvgAmWts ProcessIdToSessionId(3212) call failed with WIN32 error 87, returning session id is 0 Event Record #/Type2038 / Error Event Submitted/Written: 04/28/2008 01:31:27 AM Event ID/Source: 100 / AVG7 Event Description: 2008-04-28 13:31:26,906 LIZZIE [000604:000612] ERROR 000 AVG7 . WTS . CAvgAmWts ProcessIdToSessionId(3212) call failed with WIN32 error 87, returning session id is 0 Event Record #/Type1999 / Error Event Submitted/Written: 04/27/2008 09:25:20 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application msnmsgr . exe, version 8 . 1 . 178 . 0, hang module hungapp, version 0 . 0 . 0 . 0, hang address 0x00000000 . Event Record #/Type1872 / Error Event Submitted/Written: 04/26/2008 10:46:04 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application firefox . exe, version 1 . 8 . 20080 . 40413, faulting module nss3 . dll, version 3 . 11 . 5 . 0, fault address 0x000306df . Processing media-specific event for [firefox . exe!ws!] Event Record #/Type1674 / Error Event Submitted/Written: 04/22/2008 07:44:15 AM Event ID/Source: 1002 / Application Hang Event Description: Hanging application msnmsgr . exe, version 8 . 1 . 178 . 0, hang module hungapp, version 0 . 0 . 0 . 0, hang address 0x00000000 . -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found . -- System Event Log ------------------------------------------------------------ Event Record #/Type18217 / Warning Event Submitted/Written: 04/28/2008 09:34:46 AM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts . Event Record #/Type18215 / Warning Event Submitted/Written: 04/28/2008 09:16:40 AM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts . Event Record #/Type18193 / Error Event Submitted/Written: 04/28/2008 09:11:28 AM Event ID/Source: 7009 / Service Control Manager Event Description: Timeout (30000 milliseconds) waiting for the CMG Shield service to connect . Event Record #/Type18189 / Error Event Submitted/Written: 04/28/2008 08:56:47 AM / 04/28/2008 08:56:48 AM Event ID/Source: 10010 / DCOM Event Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout . Event Record #/Type18188 / Warning Event Submitted/Written: 04/28/2008 08:54:31 AM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts . -- End of Deckard's System Scanner: finished at 2008-04-28 09:34:51 ------------	jnsbs (13656)
1 2 3 4