Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » After trojan is removed(RESOLVED)

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

After trojan is removed(RESOLVED)

Reply
Page 2 of 4 1 2 34
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #11 (permalink)  
Old 20-11-2007, 11:08 AM
Valued Member
New Recruit
  
Join Date: Apr 2007
Posts: 103
theoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to all
Re: After trojan is removed
Hallo Neal

I've deleted. re-installed, stood on my head and I still have the same problem. When I right click on the SDFIX folder I do not get an option to Extract All - all I get is Open - maybe this is the problem. I'm obviously missing some vital point.

Thanks
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #12 (permalink)  
Old 20-11-2007, 11:14 AM
Valued Member
New Recruit
  
Join Date: Apr 2007
Posts: 103
theoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to all
Re: After trojan is removed
Hallo Neal

Sorry if this is posted twice but it didn't seem to appear first time around.

I have uninstalled, re-installed and stood on my head but I still have the same problem. When I right click on the SDFix.zip folder I can only find Open which I click on and that seems to extract files but I still get the same message and no Finished! Obviously I am doing something fundamentally wrong but following your instructions to the letter (I hope) I cannot think what it is.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #13 (permalink)  
Old 20-11-2007, 09:15 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,594
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: After trojan is removed
Have you done a scan with super antispyware? if not please do, that is an excellent program. Do you have the free version or the full trial version?

Post the log it makes, thanks.

Apparently there is something preventing us from running the tools we need.


Also...


1. Download this file - COMBOFIX
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


Post a new hijackthis log also please.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #14 (permalink)  
Old 20-11-2007, 09:44 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,594
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: After trojan is removed
Combofix is not working for some reason so do this instead:




Please download Deckard's System Scanner (DSS) to your desktop.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, a text file will open - Main.txt
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
  • An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
  • Please go to that FOLDER and also copy the contents of Extra.txt to your post as well.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

Quote:
What DSS will do:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed.
Post Logs:
  • DSS Scan Results: contents of 1) Main.txt and 2) Extra.txt
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #15 (permalink)  
Old 20-11-2007, 10:21 PM
Valued Member
New Recruit
  
Join Date: Apr 2007
Posts: 103
theoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to all
Re: After trojan is removed
Thanks Neal for your patience

Here is the log of Super Antispyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/20/2007 at 09:40 PM

Application Version : 3.9.1008

Core Rules Database Version : 3346
Trace Rules Database Version: 1347

Scan type : Quick Scan
Total Scan Time : 00:20:35

Memory items scanned : 423
Memory threats detected : 0
Registry items scanned : 609
Registry threats detected : 0
File items scanned : 14230
File threats detected : 103

Adware.Tracking Cookie
C:\Documents and Settings\V L\Cookies\v_l@serving-sys[1].txt
C:\Documents and Settings\V L\Cookies\v_l@tribalfusion[1].txt
C:\Documents and Settings\V L\Cookies\v_l@atdmt[2].txt
C:\Documents and Settings\V L\Cookies\v_l@bs.serving-sys[2].txt
C:\Documents and Settings\V L\Cookies\v_l@ad.primopdf[1].txt
C:\Documents and Settings\Owner\Cookies\owner@008.free-counter.co[1].txt
C:\Documents and Settings\Owner\Cookies\owner@3.adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@a.websponsors[1].txt
C:\Documents and Settings\Owner\Cookies\owner@acvs.mediaonenetwork[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adecn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.expedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.planetactive[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.techguy[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.tripod.lycos.co[2].txt
C:\Documents and Settings\Owner\Cookies\owner@amlocalhost.trymedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@anat.tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clicksor[2].txt
C:\Documents and Settings\Owner\Cookies\owner@dealclick.co[2].txt
C:\Documents and Settings\Owner\Cookies\owner@dealtime.co[2].txt
C:\Documents and Settings\Owner\Cookies\owner@exitexchange[1].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hypertracker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@jomalone.77tracking[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaonenetwork[1].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag.co[2].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag[1].txt
C:\Documents and Settings\Owner\Cookies\owner@parentingteens.about[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.renault.co[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sussexpromotions.co[1].txt
C:\Documents and Settings\Owner\Cookies\owner@t4.trackalyzer[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tracking.summitmedia. co[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficvenuedirect[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.adtrak[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.clash-media[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.clickmanage[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.education.licence toclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[10].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[11].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[3].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[4].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[5].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[6].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[7].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[8].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[9].txt
C:\Documents and Settings\Owner\Cookies\owner@www.licencetoclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.popuptraffic[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www2.mystats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www2.mystats[3].txt
C:\Documents and Settings\Owner\Cookies\owner@www8.addfreestats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner\Cookies\owner@yadro[1].txt
C:\Documents and Settings\Owner\My Documents\My Backups\New Backup Job\C\Documents and Settings\Owner\Cookies\owner@ads.tripod.lycos.co[1].txt
C:\Documents and Settings\Owner\My Documents\My Backups\New Backup Job\C\Documents and Settings\Owner\Cookies\owner@dealtime.co[1].txt
C:\Documents and Settings\Owner\My Documents\My Backups\New Backup Job\C\Documents and Settings\Owner\Cookies\owner@nextag.co[1].txt
C:\Documents and Settings\Owner\My Documents\My Backups\New Backup Job\C\Documents and Settings\Owner\Cookies\owner@tracking.summitmedia. co[1].txt
C:\Documents and Settings\Owner\My Documents\My Backups\New Backup Job\C\Documents and Settings\Owner\Cookies\owner@www.googleadservices[1].txt
C:\Documents and Settings\Owner\My Documents\My Backups\New Backup Job\C\Documents and Settings\Owner\Cookies\owner@www.googleadservices[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@ad.ambiweb[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@ads.adbrite[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@ads.heias[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@ads.mediamayhemcorp[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@ads.soft32[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@ads.techguy[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@ads.tripod.lycos.co[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@adv.surinter[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@anad.tacoda[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@clickaider[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@clicksor[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@dealtime.co[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@dowscreensaver[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@eas.apm.emediate[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@eyewonder[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@kanoodle[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@mywebsearch[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@nextag.co[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@richmedia.yahoo[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@scalesexpress[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@screensaversandwallpapersfree[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@smileycentral[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@stats.channel4[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@stats.softtechreviews[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@toplist[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@track.affilibid[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@track.webgains[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@tracking.summitmedia.co[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@tracking.webdiversity.co[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@traffitrack[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@www.clash-media[1].txt
C:\Documents and Settings\V Longland\Cookies\v longland@www.clickmanage[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@www.signsexpress.co[2].txt
C:\Documents and Settings\V Longland\Cookies\v longland@www.stats.tso.co[1].txt

Adware.MyWebSearch
C:\DOCUMENTS AND SETTINGS\V L\DOCTORWEB\QUARANTINE\MWSOEMON.EXE

Unclassified.SpywareBot (Not A Threat)
C:\DOCUMENTS AND SETTINGS\V LONGLAND\DESKTOP\DOWNLOADS\SETUP.EXE

Oh dear I am having problems

I cannot find an up to date version of combofix - I have spent nearly an hour searching the web but they all say it is out of date or when I try to run it I cannot save to desktop - I am "confused.com"

Here is my Hijackthis log anyway:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:35, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nTrayFw] C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [SDFix] C:\DOCUME~1\VL0177~1\Desktop\NEWFOL~1\SDFix\RunThi s.bat /second
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZNfox000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195038612520
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6676 bytes

I am wondering if any of this is due to the installation by a grandaughter of "My Web search" which I cannot uninstall

I'm sorry to cause such problems - is the answer going to be a re-format job (just done it three weeks ago)

Thanks for your help
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #16 (permalink)  
Old 20-11-2007, 10:35 PM
Valued Member
New Recruit
  
Join Date: Apr 2007
Posts: 103
theoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to all
Re: After trojan is removed
Here is the result of DSS:

Deckard's System Scanner v20071014.68
Run by V L on 2007-11-20 22:27:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as V L.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:45, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\V L\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\V L.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nTrayFw] C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [SDFix] C:\DOCUME~1\VL0177~1\Desktop\NEWFOL~1\SDFix\RunThi s.bat /second
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZNfox000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195038612520
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6585 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 FXDRV - e:\fxdrv.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ForcewareWebInterface (Forceware Web Interface) - "c:\progra~1\nvidia~1\networ~1\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nSvcIp (ForceWare IP service) - c:\progra~1\nvidia~1\networ~1\bin\nsvcip.exe <Not Verified; NVIDIA; NVIDIA nSvcIp>
R2 nSvcLog (ForceWare user log service) - c:\progra~1\nvidia~1\networ~1\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-10-20 and 2007-11-20 -----------------------------

2007-11-20 15:40:01 0 d-------- C:\Documents and Settings\V L\Application Data\Jasc Software Inc
2007-11-19 2024 0 d-------- C:\WINDOWS\ERUNT
2007-11-19 18:30:40 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-11-19 18:30:30 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-19 18:30:30 0 d-------- C:\Documents and Settings\V L\Application Data\SUPERAntiSpyware.com
2007-11-18 0811 0 d-------- C:\Documents and Settings\V L\DoctorWeb
2007-11-17 20:58:58 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2007-11-17 20:58:55 0 d-------- C:\Program Files\MyWebSearch
2007-11-17 16:54:36 0 d-------- C:\Program Files\Trend Micro
2007-11-16 16:25:46 585216 --a------ C:\WINDOWS\system32\GX1142R.DLL <Not Verified; ClassWorks; Objective Grid>
2007-11-16 16:06:53 0 d-------- C:\Documents and Settings\V L\Application Data\Serif
2007-11-16 16:02:36 0 d-------- C:\Documents and Settings\V L\Application Data\TrojanHunter
2007-11-16 14:04:15 0 d-------- C:\Program Files\TrojanHunter 5.0
2007-11-14 12:05:22 1277 --a------ C:\WINDOWS\mozver.dat
2007-11-14 11:13:51 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
2007-11-12 18:41:48 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-11-12 17:15:31 0 d--h----- C:\WINDOWS\PIF
2007-11-12 14:08:45 0 d-------- C:\Documents and Settings\V L\Application Data\Talkback
2007-11-12 14:06:22 0 d-------- C:\Documents and Settings\V L\Application Data\Thunderbird
2007-11-12 14:06:04 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-11-12 12:36:06 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-12 12:35:52 0 d-------- C:\Documents and Settings\V L\Application Data\Mozilla
2007-11-11 18:58:15 0 d-------- C:\Documents and Settings\V L\Application Data\Lavasoft
2007-11-06 14:38:06 176235 --a------ C:\WINDOWS\system32\Primomonnt.dll
2007-11-06 14:38:00 0 d-------- C:\WINDOWS\PrimoPDF
2007-11-06 14:38:00 0 d-------- C:\Program Files\activePDF
2007-11-05 17:13:51 0 d-------- C:\Documents and Settings\V L\Application Data\Macromedia
2007-11-05 16:35:19 0 d-------- C:\Documents and Settings\V L\Application Data\MailWasher
2007-11-05 15:05:49 0 d-------- C:\Documents and Settings\Tisbus\Application Data\Jasc Software Inc
2007-11-05 1440 0 d-------- C:\Documents and Settings\Tisbus\Application Data\AVG7
2007-11-05 14:55:56 0 d-------- C:\Documents and Settings\Tisbus\Application Data\Identities
2007-11-05 14:55:39 0 d--h----- C:\Documents and Settings\Tisbus\Templates
2007-11-05 14:55:39 0 dr------- C:\Documents and Settings\Tisbus\Start Menu
2007-11-05 14:55:39 0 dr-h----- C:\Documents and Settings\Tisbus\SendTo
2007-11-05 14:55:39 0 dr-h----- C:\Documents and Settings\Tisbus\Recent
2007-11-05 14:55:39 0 d--h----- C:\Documents and Settings\Tisbus\PrintHood
2007-11-05 14:55:39 2097152 --ah----- C:\Documents and Settings\Tisbus\NTUSER.DAT
2007-11-05 14:55:39 0 d--h----- C:\Documents and Settings\Tisbus\NetHood
2007-11-05 14:55:39 0 dr------- C:\Documents and Settings\Tisbus\My Documents
2007-11-05 14:55:39 0 d--h----- C:\Documents and Settings\Tisbus\Local Settings
2007-11-05 14:55:39 0 dr------- C:\Documents and Settings\Tisbus\Favorites
2007-11-05 14:55:39 0 d-------- C:\Documents and Settings\Tisbus\Desktop
2007-11-05 14:55:39 0 d--hs---- C:\Documents and Settings\Tisbus\Cookies
2007-11-05 14:55:39 0 dr-h----- C:\Documents and Settings\Tisbus\Application Data
2007-11-05 14:55:39 0 d---s---- C:\Documents and Settings\Tisbus\Application Data\Microsoft
2007-11-04 17:02:06 0 d-------- C:\Documents and Settings\V L\Application Data\Sony Corporation
2007-11-04 16:49:43 3654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2007-11-04 16:32:23 0 d-------- C:\Documents and Settings\V L\Contacts
2007-11-04 16:30:14 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-11-04 16:05:38 0 d-------- C:\Documents and Settings\V L\Application Data\EPSON
2007-11-04 16:03:38 0 d-------- C:\Documents and Settings\V L\Application Data\Help
2007-11-04 15:59:16 90112 --a------ C:\WINDOWS\system32\epcomdd.dll <Not Verified; SEIKO EPSON CORP; Communication Driver>
2007-11-04 15:52:13 0 d-------- C:\My PageManager
2007-11-04 15:51:39 11776 --a------ C:\WINDOWS\system32\pmsbfn32.dll <Not Verified; ; PMSBFN32 Dynamic Link Library>
2007-11-04 15:51:39 0 d-------- C:\WINDOWS\system32\COLOR
2007-11-04 15:51:30 299008 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-11-04 15:51:28 0 d-------- C:\Documents and Settings\V L\WINDOWS
2007-11-04 15:19:17 237568 --a------ C:\WINDOWS\system32\PretzlUp.dll <Not Verified; Broderbund; ExpressIt Upload>
2007-11-04 15:19:17 184320 --a------ C:\WINDOWS\system32\PretzlDn.dll <Not Verified; Broderbund; PrintEvery Module>
2007-11-04 15:16:28 114176 --a------ C:\WINDOWS\system32\SSCE4132.DLL <Not Verified; Wintertree Software Inc.; Sentry Spelling-Checker Engine>
2007-11-04 15:16:28 53248 --a------ C:\WINDOWS\system32\PretzelSpellCheck.dll <Not Verified; ; PretzelSpellCheck Module>
2007-11-04 15:16:28 73728 --a------ C:\WINDOWS\system32\ImageServerMI.dll <Not Verified; Mattel Interactive, Inc.; >
2007-11-04 15:16:27 90112 -----n--- C:\WINDOWS\system32\PMovieServer.dll <Not Verified; ; PMovieServer Module>
2007-11-04 15:16:27 745472 -----n--- C:\WINDOWS\system32\PMAppBuilder.dll <Not Verified; ; PMAppBuilder Module>
2007-11-04 15:16:27 45056 -----n--- C:\WINDOWS\system32\ImportClient.dll <Not Verified; The Learning Company, Inc.; >
2007-11-04 15:05:19 39659552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-04 14:55:40 0 d-------- C:\WINDOWS\Downloaded Installations
2007-11-04 14:48:20 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
2007-11-04 11:12:25 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SBT
2007-11-04 11:04:54 0 d-------- C:\WINDOWS\ShellNew
2007-11-04 11:04:18 0 d-------- C:\Documents and Settings\V L\Application Data\Microsoft Web Folders
2007-11-04 11:03:07 0 d-------- C:\WINDOWS\system32\PreInstall
2007-11-04 10:53:14 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-11-04 09:12:47 0 d-------- C:\Documents and Settings\V L\Application Data\AVG7
2007-11-04 09:12:38 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\AVG7
2007-11-04 09:12:25 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-11-04 09:12:25 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2007-11-04 09:08:46 0 d--hs---- C:\Documents and Settings\V L\UserData
2007-11-04 08:43:19 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-04 08:41:40 0 d-------- C:\Documents and Settings\V L\Application Data\Adobe
2007-11-04 08:41:05 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2007-11-04 08:32:22 0 d--h----- C:\WINDOWS\$hf_mig$
2007-11-04 08:26:12 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-04 08:26:04 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-11-04 08:25:52 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-11-04 08:25:01 0 d-------- C:\WINDOWS\Internet Logs
2007-11-04 08:15:54 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-11-03 20:59:20 0 d-------- C:\WINDOWS\nview
2007-11-03 20:58:47 40960 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-11-03 20:57:54 307200 -r------- C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2007-11-03 20:57:54 212992 -r------- C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool>
2007-11-03 2039 22 --a------ C:\WINDOWS\FileName
2007-11-03 20:54:31 0 d-------- C:\WINDOWS\NV1252568.TMP
2007-11-03 20:52:15 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Start Menu
2007-11-03 20:51:32 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-11-03 20:51:26 0 d-------- C:\WINDOWS\Prefetch
2007-11-03 20:51:25 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-11-03 20:46:01 0 d-------- C:\WINDOWS\provisioning
2007-11-03 20:46:01 0 d-------- C:\WINDOWS\peernet
2007-11-03 20:43:13 0 d-------- C:\WINDOWS\ServicePackFiles
2007-11-03 20:37:49 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-11-03 20:34:40 0 d-------- C:\WINDOWS\EHome
2007-11-03 20:30:21 0 d--hs---- C:\WINDOWS\Installer
2007-11-03 20:30:19 0 d-------- C:\Documents and Settings\V L\Application Data\Identities
2007-11-03 20:30:11 0 d--h----- C:\Documents and Settings\V L\Templates
2007-11-03 20:30:11 0 dr------- C:\Documents and Settings\V L\Start Menu
2007-11-03 20:30:11 0 dr-h----- C:\Documents and Settings\V L\SendTo
2007-11-03 20:30:11 0 dr-h----- C:\Documents and Settings\V L\Recent
2007-11-03 20:30:11 0 d--h----- C:\Documents and Settings\V L\PrintHood
2007-11-03 20:30:11 4980736 --ah----- C:\Documents and Settings\V L\NTUSER.DAT
2007-11-03 20:30:11 0 d--h----- C:\Documents and Settings\V L\NetHood
2007-11-03 20:30:11 0 dr------- C:\Documents and Settings\V L\My Documents
2007-11-03 20:30:11 0 d--h----- C:\Documents and Settings\V L\Local Settings
2007-11-03 20:30:11 0 dr------- C:\Documents and Settings\V L\Favorites
2007-11-03 20:30:11 0 d-------- C:\Documents and Settings\V L\Desktop
2007-11-03 20:30:11 0 d--hs---- C:\Documents and Settings\V L\Cookies
2007-11-03 20:30:11 0 dr-h----- C:\Documents and Settings\V L\Application Data
2007-11-03 20:27:33 1572864 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY.000\NTUSER.DAT
2007-11-03 20:27:33 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings
2007-11-03 20:27:33 0 d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Cookies
2007-11-03 20:27:33 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data
2007-11-03 20:27:33 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft
2007-11-03 20:27:32 1572864 --ah----- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\NTUSER.DAT
2007-11-03 20:27:32 0 d--h----- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings
2007-11-03 20:27:32 0 d--hs---- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Cookies
2007-11-03 20:27:32 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data
2007-11-03 20:27:32 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data\Microsoft
2007-11-03 20:23:30 0 d-------- C:\WINDOWS\system32\xircom
2007-11-03 20:23:27 233472 ---h----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
2007-11-03 20:22:02 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2007-11-03 2048 0 dr------- C:\WINDOWS\Offline Web Pages
2007-11-03 2048 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-11-03 2010 0 d-------- C:\WINDOWS\srchasst
2007-11-03 2005 0 d-------- C:\WINDOWS\system32\Macromed
2007-11-03 2005 0 d-------- C:\WINDOWS\system32\DirectX
2007-11-03 20:20:37 0 d-------- C:\WINDOWS\system32\Restore
2007-11-03 20:20:30 0 d-------- C:\WINDOWS\PCHEALTH
2007-11-03 20:20:26 0 d---s---- C:\WINDOWS\Tasks
2007-11-03 20:20:02 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-03 20:19:38 0 d-------- C:\WINDOWS\Registration
2007-11-03 20:18:42 0 d-------- C:\WINDOWS\system32\MsDtc
2007-11-03 20:18:40 0 d-------- C:\WINDOWS\system32\Com
2007-11-03 20:07:03 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Templates
2007-11-03 20:07:03 0 dr------- C:\Documents and Settings\Default User.WINDOWS\Start Menu
2007-11-03 20:07:03 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\SendTo
2007-11-03 20:07:03 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Recent
2007-11-03 20:07:03 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\PrintHood
2007-11-03 20:07:03 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\NetHood
2007-11-03 20:07:03 0 d-------- C:\Documents and Settings\Default User.WINDOWS\My Documents
2007-11-03 20:07:03 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Local Settings
2007-11-03 20:07:03 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Favorites
2007-11-03 20:07:03 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Desktop
2007-11-03 20:07:03 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Cookies
2007-11-03 20:07:03 0 d--h----- C:\Documents and Settings\All Users.WINDOWS\Templates
2007-11-03 20:07:03 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Start Menu
2007-11-03 20:07:03 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Favorites
2007-11-03 20:07:03 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2007-11-03 20:07:03 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Desktop
2007-11-03 20:06:52 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-11-03 20:06:52 0 d-------- C:\WINDOWS\system32\CatRoot
2007-11-03 20:06:47 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Application Data
2007-11-03 20:06:47 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft
2007-11-03 20:06:46 0 dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data
2007-11-03 20:06:46 0 d---s---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2007-11-03 20:02:41 0 d-------- C:\WINDOWS
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\WinSxS
2007-11-03 20:02:41 0 dr------- C:\WINDOWS\Web
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\twain_32
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\wins
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\wbem
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\usmt
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\spool
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\ShellExt
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\Setup
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\ras
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\oobe
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\npp
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\mui
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\inetsrv
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\IME
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\icsxml
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\ias
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\export
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\drivers
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-11-03 20:02:41 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\dhcp
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\config
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\3076
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\2052
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\1054
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\1042
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\1041
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\1037
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\1033
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\1031
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\1028
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system32\1025
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\system
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\security
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\Resources
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\repair
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\mui
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\msapps
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\msagent
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\Media
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\java
2007-11-03 20:02:41 0 d--h----- C:\WINDOWS\inf
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\ime
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\Help
2007-11-03 20:02:41 0 dr--s---- C:\WINDOWS\Fonts
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\Driver Cache
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\Debug
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\Cursors
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\Connection Wizard
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\Config
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\AppPatch
2007-11-03 20:02:41 0 d-------- C:\WINDOWS\addins
2007-11-03 18:09:03 0 d-------- C:\Documents and Settings\V Longland\Application Data\Lavasoft
2007-11-03 14:00:20 0 d-------- C:\Documents and Settings\V Longland\Application Data\Microsoft Web Folders
2007-11-02 11:34:02 0 d-------- C:\Documents and Settings\V Longland\Application Data\PC Tools
2007-11-01 08:34:42 0 d-------- C:\Documents and Settings\V Longland\Application Data\Apple Computer
2007-10-28 11:55:34 3670016 --a------ C:\Documents and Settings\V Longland\ntuser.dat
2007-10-28 09:27:13 0 d-------- C:\Documents and Settings\V Longland\Application Data\iScreensaver
2007-10-25 17:06:24 0 d-------- C:\Documents and Settings\V Longland\Application Data\Serif


-- Find3M Report ---------------------------------------------------------------

2007-11-20 1556 0 d-------- C:\Program Files\Common Files\SWF Studio
2007-11-19 18:30:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-19 14:17:43 0 d-------- C:\Program Files\Java
2007-11-18 08:39:48 0 d-------- C:\Program Files\MSN Messenger
2007-11-12 16:25:47 0 d-------- C:\Program Files\Paragon Software
2007-11-12 16:25:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-05 16:33:09 0 d-------- C:\Program Files\BFG
2007-11-04 16:27:51 0 d-------- C:\Program Files\Broderbund
2007-11-04 1559 0 d-------- C:\Program Files\Web Publish
2007-11-04 15:12:36 0 d-------- C:\Program Files\hp deskjet 840c series
2007-11-04 15:05:15 0 d-------- C:\Program Files\Messenger
2007-11-04 14:03:40 0 d-------- C:\Program Files\PC Inspector File Recovery
2007-11-04 11:19:47 0 d-------- C:\Program Files\Freecom Backup Software
2007-11-04 11:12:20 0 d-------- C:\Program Files\Snapshot Viewer
2007-11-04 11:10:28 0 d-------- C:\Program Files\microsoft frontpage
2007-11-04 11:05:37 0 d-------- C:\Program Files\Common Files
2007-11-04 08:16:00 0 d--h----- C:\Program Files\WindowsUpdate
2007-11-03 20:58:14 0 d-------- C:\Program Files\AvRack
2007-11-03 20:58:12 0 d-------- C:\Program Files\Realtek AC97
2007-11-03 20:43:02 0 d-------- C:\Program Files\Movie Maker
2007-11-03 20:42:42 0 d-------- C:\Program Files\Windows NT
2007-11-03 20:07:03 62 --ahs---- C:\Documents and Settings\V L\Application Data\desktop.ini
2007-11-03 11:00:51 0 d-------- C:\Program Files\Spyware Doctor
2007-11-03 10:40:40 0 d-------- C:\Program Files\QuickTime
2007-11-02 17:14:39 0 d-------- C:\Program Files\Google
2007-10-25 17:05:52 0 d-------- C:\Program Files\Serif
2007-10-25 15:07:32 0 d-------- C:\Program Files\Windows Live
2007-10-09 09:42:27 0 d-------- C:\Program Files\Ahead
2007-10-09 09:37:35 0 d-------- C:\Program Files\Messenger Plus! Live
2007-10-07 10:35:32 0 d-------- C:\Program Files\DFG
2007-10-06 14:27:03 0 d-------- C:\Program Files\Mindscape
2007-10-06 13:50:16 0 d-------- C:\Program Files\Online Services
2007-10-05 12:00:26 0 d-------- C:\Program Files\Recuva
2007-10-03 17:29:20 0 d-------- C:\Program Files\NVIDIA Corporation
2007-09-29 15:32:52 0 d-------- C:\Program Files\Sierra On-Line
2007-09-29 14:31:53 0 d-------- C:\Program Files\Common Files\MGI Shared
2007-09-27 10:26:26 0 d-------- C:\Program Files\Epson
2007-09-27 09:42:10 0 d-------- C:\Program Files\NewSoft
2007-09-25 16:06:38 0 d-------- C:\Program Files\42 Bit Scanner
2007-09-24 15:16:13 0 d-------- C:\Program Files\Zinio


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"nTrayFw"="C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTray Fw.exe" [29/07/2005 17:25]
"SoundMan"="SOUNDMAN.EXE" [22/09/2005 08:42 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/10/2005 13:49]
"nwiz"="nwiz.exe" [10/10/2005 13:49 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [10/10/2005 13:49]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [25/10/2007 08:46]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06/09/2007 16:14]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb04.exe" [15/11/2001 17:00]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [09/09/2007 09:31]
"SDFix"="C:\DOCUME~1\VL0177~1\Desktop\NEWFOL~1\SDF ix\RunThis.bat /second" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 11:54]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 14:06]

C:\Documents and Settings\V L\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [09/07/2007 13:10:10]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [15/04/2007 13:44:33]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe [23/05/2007 08:44:20]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 20:05:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-11-20 22:29:25 ------------
Extra Text

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3200+
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 446.48 MiB / 135.94 MiB
Pagefile Memory (total/avail): 1053.75 MiB / 680.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1903.92 MiB

C: is Fixed (NTFS) - 127.99 GiB total, 85.98 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L160P0 - 152.66 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v7.0.408.000 (Check Point, LTD.)
FW: NVIDIA Firewall v1.0 (NVIDIA Corporation) Disabled
AV: AVG 7.5.503 v7.5.503 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avgine t.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgam svr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.ex e"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc. exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\V L\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=V
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\V L
LOGONSERVER=\\V
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\VL0177~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\VL0177~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=V
USERNAME=V L
USERPROFILE=C:\Documents and Settings\V L
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

V L (admin)
Tisbus


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
EPSON TWAIN 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\SETUP.EXE" -l0x9 UNINSTALL
Freecom Backup Software 1.15 --> "C:\Program Files\Freecom Backup Software\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp deskjet 840c series --> rundll32 hpzcon04.dll,VendorJettison hp deskjet 840c series
hp deskjet 840c series (Remove only) --> C:\Program Files\hp deskjet 840c series\hpfiui.exe -c -vdivid=HPF -vpnum=90 -vinstport=COM1: -vproduct=840c -huninstall
HP Driver Diagnostics --> MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Small Business --> MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.9) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
My Web Search (Smiley Central) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
Paragon Drive Backup 8.5 Special Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F9662B9-ED3F-4F02-9DEE-EFA1F95F629F}\Setup.exe" -l0x9
Presto! PageManager for EPSON --> C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PageManager\DeIsL5.isu"
PrimoPDF --> "C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PrimoPDF Redistribution Package --> MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
PrintMaster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DD144C1-5EAD-4D55-80A1-ACAF893A4FFE}\Setup.exe" anything
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x9 -removeonly
Recuva (remove only) --> "C:\Program Files\Recuva\uninst.exe"
Serif PagePlus SE 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}\Setup.exe" -l0x9
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Terrapin FTP --> C:\Program Files\Terrapin FTP\uninst.exe
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type709 / Success
Event Submitted/Written: 11/20/2007 09:17:23 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type694 / Success
Event Submitted/Written: 11/20/2007 02:43:00 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type684 / Success
Event Submitted/Written: 11/20/2007 11:01:55 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type675 / Success
Event Submitted/Written: 11/20/2007 10:15:08 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type666 / Success
Event Submitted/Written: 11/20/2007 09:58:39 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3336 / Error
Event Submitted/Written: 11/20/2007 05:04:06 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type3335 / Error
Event Submitted/Written: 11/20/2007 05:04:06 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Event Record #/Type3334 / Error
Event Submitted/Written: 11/20/2007 05:04:06 PM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Event Record #/Type3333 / Error
Event Submitted/Written: 11/20/2007 05:03:26 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type3332 / Error
Event Submitted/Written: 11/20/2007 05:03:26 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.



-- End of Deckard's System Scanner: finished at 2007-11-20 22:29:25 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3200+
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 446.48 MiB / 135.94 MiB
Pagefile Memory (total/avail): 1053.75 MiB / 680.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1903.92 MiB

C: is Fixed (NTFS) - 127.99 GiB total, 85.98 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L160P0 - 152.66 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v7.0.408.000 (Check Point, LTD.)
FW: NVIDIA Firewall v1.0 (NVIDIA Corporation) Disabled
AV: AVG 7.5.503 v7.5.503 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avgine t.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgam svr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.ex e"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc. exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\V L\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=V
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\V L
LOGONSERVER=\\V
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\VL0177~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\VL0177~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=V
USERNAME=V L
USERPROFILE=C:\Documents and Settings\V L
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

V L (admin)
Tisbus


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
EPSON TWAIN 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\SETUP.EXE" -l0x9 UNINSTALL
Freecom Backup Software 1.15 --> "C:\Program Files\Freecom Backup Software\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp deskjet 840c series --> rundll32 hpzcon04.dll,VendorJettison hp deskjet 840c series
hp deskjet 840c series (Remove only) --> C:\Program Files\hp deskjet 840c series\hpfiui.exe -c -vdivid=HPF -vpnum=90 -vinstport=COM1: -vproduct=840c -huninstall
HP Driver Diagnostics --> MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Small Business --> MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.9) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
My Web Search (Smiley Central) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
Paragon Drive Backup 8.5 Special Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F9662B9-ED3F-4F02-9DEE-EFA1F95F629F}\Setup.exe" -l0x9
Presto! PageManager for EPSON --> C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PageManager\DeIsL5.isu"
PrimoPDF --> "C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PrimoPDF Redistribution Package --> MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
PrintMaster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DD144C1-5EAD-4D55-80A1-ACAF893A4FFE}\Setup.exe" anything
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x9 -removeonly
Recuva (remove only) --> "C:\Program Files\Recuva\uninst.exe"
Serif PagePlus SE 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}\Setup.exe" -l0x9
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Terrapin FTP --> C:\Program Files\Terrapin FTP\uninst.exe
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type709 / Success
Event Submitted/Written: 11/20/2007 09:17:23 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type694 / Success
Event Submitted/Written: 11/20/2007 02:43:00 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type684 / Success
Event Submitted/Written: 11/20/2007 11:01:55 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type675 / Success
Event Submitted/Written: 11/20/2007 10:15:08 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type666 / Success
Event Submitted/Written: 11/20/2007 09:58:39 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3336 / Error
Event Submitted/Written: 11/20/2007 05:04:06 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type3335 / Error
Event Submitted/Written: 11/20/2007 05:04:06 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Event Record #/Type3334 / Error
Event Submitted/Written: 11/20/2007 05:04:06 PM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Event Record #/Type3333 / Error
Event Submitted/Written: 11/20/2007 05:03:26 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type3332 / Error
Event Submitted/Written: 11/20/2007 05:03:26 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.



-- End of Deckard's System Scanner: finished at 2007-11-20 22:29:25 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3200+
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 446.48 MiB / 135.94 MiB
Pagefile Memory (total/avail): 1053.75 MiB / 680.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1903.92 MiB

C: is Fixed (NTFS) - 127.99 GiB total, 85.98 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L160P0 - 152.66 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v7.0.408.000 (Check Point, LTD.)
FW: NVIDIA Firewall v1.0 (NVIDIA Corporation) Disabled
AV: AVG 7.5.503 v7.5.503 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avgine t.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgam svr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.ex e"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc. exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\V L\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=V
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\V L
LOGONSERVER=\\V
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\VL0177~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\VL0177~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=V
USERNAME=V L
USERPROFILE=C:\Documents and Settings\V L
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

V L (admin)
Tisbus


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
EPSON TWAIN 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\SETUP.EXE" -l0x9 UNINSTALL
Freecom Backup Software 1.15 --> "C:\Program Files\Freecom Backup Software\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp deskjet 840c series --> rundll32 hpzcon04.dll,VendorJettison hp deskjet 840c series
hp deskjet 840c series (Remove only) --> C:\Program Files\hp deskjet 840c series\hpfiui.exe -c -vdivid=HPF -vpnum=90 -vinstport=COM1: -vproduct=840c -huninstall
HP Driver Diagnostics --> MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Small Business --> MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.9) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
My Web Search (Smiley Central) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
Paragon Drive Backup 8.5 Special Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F9662B9-ED3F-4F02-9DEE-EFA1F95F629F}\Setup.exe" -l0x9
Presto! PageManager for EPSON --> C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PageManager\DeIsL5.isu"
PrimoPDF --> "C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PrimoPDF Redistribution Package --> MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
PrintMaster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DD144C1-5EAD-4D55-80A1-ACAF893A4FFE}\Setup.exe" anything
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x9 -removeonly
Recuva (remove only) --> "C:\Program Files\Recuva\uninst.exe"
Serif PagePlus SE 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}\Setup.exe" -l0x9
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Terrapin FTP --> C:\Program Files\Terrapin FTP\uninst.exe
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type709 / Success
Event Submitted/Written: 11/20/2007 09:17:23 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type694 / Success
Event Submitted/Written: 11/20/2007 02:43:00 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type684 / Success
Event Submitted/Written: 11/20/2007 11:01:55 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type675 / Success
Event Submitted/Written: 11/20/2007 10:15:08 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type666 / Success
Event Submitted/Written: 11/20/2007 09:58:39 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3336 / Error
Event Submitted/Written: 11/20/2007 05:04:06 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type3335 / Error
Event Submitted/Written: 11/20/2007 05:04:06 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Event Record #/Type3334 / Error
Event Submitted/Written: 11/20/2007 05:04:06 PM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Event Record #/Type3333 / Error
Event Submitted/Written: 11/20/2007 05:03:26 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type3332 / Error
Event Submitted/Written: 11/20/2007 05:03:26 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.



-- End of Deckard's System Scanner: finished at 2007-11-20 22:29:25 ------------
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #17 (permalink)  
Old 20-11-2007, 10:41 PM
Valued Member
New Recruit
  
Join Date: Apr 2007
Posts: 103
theoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to all
Re: After trojan is removed
I see that DSS says it couldn't set a system restore point as it is disabled but I have checked and it isn't? Strange!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #18 (permalink)  
Old 21-11-2007, 04:05 AM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,594
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: After trojan is removed
Go here to learn how to show hidden files/folders:

http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5

Re-hide after we are done



Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:


C:\WINDOWS\system32\GX1142R.DLL


Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.


If that one is to busy here is another option:


http://virusscan.jotti.org

And

http://www.kaspersky.com/scanforvirus.html


Do the same for these:

C:\WINDOWS\NV1252568.TMP
C:\WINDOWS\srchasst




Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.


Go to add/remove program and uninstall:

MyWebSearch


While in safe mode delete:

C:\WINDOWS\system32\f3PSSavr.scr
C:\Program Files\MyWebSearch - if still present


Reboot PC back to normal mode and tell me how things are plus scan results for those files above.

Thanks.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #19 (permalink)  
Old 22-11-2007, 09:29 PM
Valued Member
New Recruit
  
Join Date: Apr 2007
Posts: 103
theoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to all
Re: After trojan is removed
Hi Neal

Sorry for the delay but I did not receive yesterdays e-mail reminder but just logged on to dAL now and found your reply - thanks

Here is the virustotal log:

File GX1142R.DLL received on 11.22.2007 22:11:10 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.11.23.0 2007.11.22 -
AntiVir 7.6.0.34 2007.11.22 -
Authentium 4.93.8 2007.11.21 -
Avast 4.7.1074.0 2007.11.22 -
AVG 7.5.0.503 2007.11.22 -
BitDefender 7.2 2007.11.22 -
CAT-QuickHeal 9.00 2007.11.22 -
ClamAV 0.91.2 2007.11.22 -
DrWeb 4.44.0.09170 2007.11.22 -
eSafe 7.0.15.0 2007.11.21 -
eTrust-Vet 31.3.5316 2007.11.22 -
Ewido 4.0 2007.11.22 -
FileAdvisor 1 2007.11.22 -
Fortinet 3.14.0.0 2007.11.22 -
F-Prot 4.4.2.54 2007.11.22 -
F-Secure 6.70.13030.0 2007.11.22 -
Ikarus T3.1.1.12 2007.11.22 -
Kaspersky 7.0.0.125 2007.11.21 -
McAfee 5169 2007.11.22 -
Microsoft 1.3007 2007.11.22 -
NOD32v2 2679 2007.11.22 -
Norman 5.80.02 2007.11.22 -
Panda 9.0.0.4 2007.11.22 -
Prevx1 V2 2007.11.22 -
Rising 20.19.31.00 2007.11.22 -
Sophos 4.23.0 2007.11.22 -
Sunbelt 2.2.907.0 2007.11.22 -
Symantec 10 2007.11.22 -
TheHacker 6.2.9.136 2007.11.21 -
VBA32 3.12.2.5 2007.11.20 -
VirusBuster 4.3.26:9 2007.11.22 -
Webwasher-Gateway 6.0.1 2007.11.22 -
Additional information
File size: 585216 bytes
MD5: 4282644ee8e98dc06476786015e25a57
SHA1: 676fcb4e2067d2a058975481704646f64c4244e5

My next problem is that I cannot find the following 2 files although I did as you suggested and showed hidden files. I'll check again but ....... Going into safe mode now - I'll be back!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #20 (permalink)  
Old 22-11-2007, 09:55 PM
Valued Member
New Recruit
  
Join Date: Apr 2007
Posts: 103
theoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to alltheoldandgrey is a name known to all
Re: After trojan is removed
Right back!
Still no 2 files.
Went into Safe Mode and tried to uninstall MyWebsearch but got this error message:

Error loading
C:\PROGRA~\MYWEBS~1\bar\1.bin\mwsbar.dll
Specified module could not be found

Went into system 32 f3PSSavr.scr and deleted that but didn't quite know whether to delete MyWebSearch so I did but as it is only in the Recycle Bin it can be restored.

Ooh dear there does seem to be some problems around

My thanks again
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 2 of 4 1 2 34

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
it seems I have a trojan(RESOLVED) ebi Spyware, Adware, Viruses and HijackThis Logs 16 15-07-2009 05:11 PM
Vundo Trojan(RESOLVED) viruzxp Spyware, Adware, Viruses and HijackThis Logs 7 23-05-2008 08:20 PM
[RESOLVED] trojan-please help noldman Spyware, Adware, Viruses and HijackThis Logs 10 19-04-2008 09:49 PM
Trojan j.exe (RESOLVED) ragebe Spyware, Adware, Viruses and HijackThis Logs 3 25-11-2006 04:31 PM
Trojan help (RESOLVED) nikeyboy9 Spyware, Adware, Viruses and HijackThis Logs 4 19-09-2006 05:48 AM


All times are GMT +1. The time now is 02:00 PM.
Member Login
Remember me ?
Forgot password?
Ads
Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav