Post by: pwag on June 11, 2008, 09:30:34 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:59 PM, on 6/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Program Files\Lexmark 1400 Series\lxdjmon.exe"
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-220523388-651377827-839522115-1003\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Dale')
O4 - HKUS\S-1-5-21-220523388-651377827-839522115-1003\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem (User 'Dale')
O4 - HKUS\S-1-5-21-220523388-651377827-839522115-1003\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" (User 'Dale')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7372E93-2E39-4DD0-9F27-B948F33743EB}: NameServer = 216.113.192.4 216.113.192.3
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 9531 bytes
Thanks!
Post by: guestolo on June 12, 2008, 12:55:24 AM
Can you let me know the following
How long have you noticed the slowdown on the computer?
Is it just the Internet, or the computer in general that's slow?
Any new programs installed lately right before the slowdown?
If the slowdowns are on just the Internet, how many computers do you have on this network
Any running File Sharing programs, such as Limewire, uTorrent, etc...
That may be running in the background that are using bandwidth?
Can you also do the following
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] (http://\"http://deckard.geekstogo.com/dss.exe\") to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.
Post back just the Whole contents of Main.txt and Extra.txt
Post by: pwag on June 12, 2008, 02:09:59 AM
Can you let me know the following
How long have you noticed the slowdown on the computer?
Is it just the Internet, or the computer in general that's slow?
Any new programs installed lately right before the slowdown?
If the slowdowns are on just the Internet, how many computers do you have on this network
Any running File Sharing programs, such as Limewire, uTorrent, etc...
That may be running in the background that are using bandwidth?
Can you also do the following
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] (http://\"http://deckard.geekstogo.com/dss.exe\") to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.
Post back just the Whole contents of Main.txt and Extra.txt[/quote]
Hello,
Thank you - I'll proceed and get back to you. As to the development of the problem, it seems to have progressed over time. I don't recall a specific download program of late, but there are three kids who use the system and although they are limited in their computer knowledge they may have downloaded something I'm not aware of. One was downloading some music recently. I'm not sure if that means a program is running in the background - you can see how little I know. Anyway, I'll run Deckard's scanner and let you know what happens.
p
Post by: pwag on June 13, 2008, 11:30:25 AM
Thank you - I'll proceed and get back to you. As to the development of the problem, it seems to have progressed over time. I don't recall a specific download program of late, but there are three kids who use the system and although they are limited in their computer knowledge they may have downloaded something I'm not aware of. One was downloading some music recently. I'm not sure if that means a program is running in the background - you can see how little I know. Anyway, I'll run Deckard's scanner and let you know what happens.
p[/quote]
Ummm, if we close windows how do we get to the Deckard's program to scan the computer?
P.S. It is the whole computer that is slow, not just the internet. Also we do not have any file sharing programs such as limewire etc. My husband did install a few programs just before it got really slow -they are these free programs to scan for registry problems and improve the speed of the PC. The only one left on the computer, I think, is called Advanced Registry Optimzer.
Post by: guestolo on June 13, 2008, 11:34:56 AM
Sometimes they can do more harm than good
Quote
if we close windows how do we get to the Deckard's program to scan the computer?Simply close down any open windows you may have open, such as this browser window
Then double click on dss.exe, it will do the rest
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: pwag on June 16, 2008, 10:10:15 PM
Sometimes they can do more harm than good
Simply close down any open windows you may have open, such as this browser window
Then double click on dss.exe, it will do the rest
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />[/quote]C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Patty\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Patty.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Program Files\Lexmark 1400 Series\lxdjmon.exe"
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7372E93-2E39-4DD0-9F27-B948F33743EB}: NameServer = 216.113.192.4 216.113.192.3
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8886 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
All drivers whitelisted.
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CTDevice_Srv (CT Device Query service) - c:\program files\creative\shared files\ctdevsrv.exe <Not Verified; Creative Technology Ltd; CTDevSrv Application>
R2 O&O Defrag - c:\windows\system32\oodag.exe <Not Verified; O&O Software GmbH; O&O Defrag>
S2 y8e9aei0u1midwo (Print Spooler Service) -
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-06-15 20:52:05 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-06-13 17:15:00 388 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-06-13 03:30:00 424 --a------ C:\WINDOWS\Tasks\RegistryClear Scheduled Scan.job
2008-06-09 09:36:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-05-16 and 2008-06-16 -----------------------------
2008-06-14 20:17:26 0 d--h----- C:\$AVG8.VAULT$
2008-06-11 19:19:14 0 d-------- C:\Program Files\Trend Micro
2008-06-07 10:47:06 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-07 10:47:06 0 d-------- C:\Documents and Settings\Patty\Application Data\AVGTOOLBAR
2008-06-07 10:46:56 0 d-------- C:\Program Files\AVG
2008-06-07 10:46:55 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-03 15:44:08 0 d-------- C:\Documents and Settings\Patty\Application Data\Sammsoft
2008-05-28 23:03:16 0 d-------- C:\Documents and Settings\Patty\Application Data\RegistryClear
2008-05-28 22:29:00 0 d-------- C:\Program Files\AskPBar
2008-05-19 08:32:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-19 08:32:25 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-19 08:08:42 0 d--h----- C:\WINDOWS\system32\GroupPolicy
-- Find3M Report ---------------------------------------------------------------
2008-06-16 19:52:55 0 d-------- C:\Program Files\lg_fwupdate
2008-06-14 14:57:41 0 d-------- C:\Program Files\Lx_cats
2008-05-23 22:19:38 0 d-------- C:\Program Files\Apple Software Update
2008-05-21 18:27:28 0 d-------- C:\Program Files\Hasbro Interactive
2008-05-21 18:24:34 0 d-------- C:\Program Files\Pivot Stickfigure Animator
2008-05-19 08:32:25 0 d-------- C:\Program Files\Common Files
2008-05-10 22:25:52 0 d-------- C:\Program Files\Dreamcatcher
2008-05-10 15:26:42 0 d-------- C:\Program Files\The Complete National Geographic
2008-05-10 12:05:58 0 d-------- C:\Documents and Settings\Patty\Application Data\AdobeUM
2008-04-30 19:45:40 0 d-------- C:\Program Files\Creative
2008-04-30 19:45:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-23 15:43:03 0 d-------- C:\Program Files\HP
2008-04-23 15:42:50 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-21 11:58:55 0 d-------- C:\Program Files\Java
2008-04-16 20:03:10 0 d-------- C:\Program Files\Google
2008-04-05 20:19:48 0 --a----c- C:\WINDOWS\system32\Biport
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
06/07/2008 10:47 AM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 11:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 11:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 11:36 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [10/14/2004 10:11 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/29/2003 05:00 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [02/16/2005 05:15 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 05:15 PM]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [11/02/2004 09:24 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [03/13/2006 07:06 PM]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [04/06/2007 12:33 PM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [04/14/2004 03:46 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [04/14/2004 04:04 PM]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [09/23/2004 01:41 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM]
"lxdjmon.exe"="C:\Program Files\Lexmark 1400 Series\lxdjmon.exe" []
"lxdjamon"="C:\Program Files\Lexmark 1400 Series\lxdjamon.exe" [04/30/2007 01:19 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/07/2008 10:46 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [09/10/2006 09:49 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 8:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 8:50:52 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cestdozq]
C:\WINDOWS\system32\cestdozq.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emh]
C:\WINDOWS\system32\emh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8027 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-06-16 20:09:22 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® D CPU 2.80GHz
CPU 1: Intel® Pentium® D CPU 2.80GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1015.23 MiB / 602.5 MiB
Pagefile Memory (total/avail): 2445.95 MiB / 2093.85 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1942.8 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 60 GiB total, 39.55 GiB free.
D: is Fixed (NTFS) - 89.04 GiB total, 82.83 GiB free.
E: is CDROM (CDFS)
\\.\PHYSICALDRIVE0 - ST3160811AS - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 60 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 89.04 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Lexmark 1400 Series\\app4r.exe"="C:\\Program Files\\Lexmark 1400 Series\\App4R.exe:*:Enabled:Printing Application"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"="C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\patchget.dat"="C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\patchget.dat:*:Enabled:patchgrabber"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\lxdjcoms.exe"="C:\\WINDOWS\\system32\\lxdjcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe"="C:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\\Program Files\\Lexmark 1400 Series\\App4R.exe"="C:\\Program Files\\Lexmark 1400 Series\\App4R.exe:*:Enabled:Printing Application"
"C:\\Documents and Settings\\Patty\\Local Settings\\Temp\\lxdj\\wireless\\ENGLISH\\lxdjwpss.exe"="C:\\Documents and Settings\\Patty\\Local Settings\\Temp\\lxdj\\wireless\\ENGLISH\\lxdjwpss.exe:*:Enabled: "
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe:*:Enabled: "
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe:*:Enabled: "
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe:*:Enabled: "
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Patty\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NEWCOMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Patty
LOGONSERVER=\\NEWCOMPUTER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\PROGRA~1\Druide\Antidote
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Patty\LOCALS~1\Temp
TMP=C:\DOCUME~1\Patty\LOCALS~1\Temp
USERDOMAIN=NEWCOMPUTER
USERNAME=Patty
USERPROFILE=C:\Documents and Settings\Patty
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Dale (admin)
Patty (admin)
Lauren (admin)
Colin (admin)
Rebecca (admin)
lolypop (admin)
stuff (new local, admin)
Administrator (new local, admin)
Guest (guest)
-- Add/Remove Programs ---------------------------------------------------------
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Antidote RX v2 --> MsiExec.exe /X{A474EA56-5DBD-4181-8230-806A4762EA7F}
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Ask Toolbar --> rundll32 C:\PROGRA~1\AskPBar\bar\1.bin\AskPBar.dll,O
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Creative Media Lite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9 /remove
Creative ZEN Stone Plus User's Guide --> "C:\Program Files\Creative\Creative ZEN Stone Plus\UGRemove.exe" /Product_Name:ZENStonePlusUG
DirectX Media Runtime 5.1 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DXM51.INF,Uninstall.NT
Dragon NaturallySpeaking 9 --> MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
GalleryPlayer Images --> C:\WINDOWS\GalleryPlayer Images Uninstaller.exe
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Image Zone 4.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart Cameras 4.5 --> C:\Program Files\HP\Digital Imaging\{78FD2974-C98B-4b84-9E9F-1AEE16AE0029}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Interactive User’s Guide --> MsiExec.exe /I{E786D4DB-EB0D-4474-ADC2-3C229BC17FCA}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes --> MsiExec.exe /I{B8A204BC-7177-470E-BBDD-47256D05B325}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(tm) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(tm) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(tm) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(tm) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 2.80 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lexmark 1400 Series --> C:\Program Files\Lexmark 1400 Series\Install\x86\Uninst.exe
Lexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
LG ODD Auto Firmware Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
O&O Defrag Professional Edition --> MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Roll --> C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
VeggieTales Dance Dance Dance --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{813926AE-0B25-4E04-A01F-66B4587B94C2}\SETUP.EXE" -l0x9 -removeonly
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type25406 / Error
Event Submitted/Written: 06/15/2008 09:40:56 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type25405 / Error
Event Submitted/Written: 06/15/2008 09:40:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type25404 / Error
Event Submitted/Written: 06/15/2008 09:40:38 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type25403 / Error
Event Submitted/Written: 06/15/2008 06:47:34 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type25401 / Error
Event Submitted/Written: 06/15/2008 06:33:27 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application OUTLOOK.EXE, version 11.0.8206.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type49806 / Error
Event Submitted/Written: 06/16/2008 08:07:32 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.
Event Record #/Type49803 / Error
Event Submitted/Written: 06/16/2008 07:54:15 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
Event Record #/Type49802 / Error
Event Submitted/Written: 06/16/2008 07:54:15 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
Event Record #/Type49786 / Error
Event Submitted/Written: 06/16/2008 07:54:05 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
Event Record #/Type49785 / Error
Event Submitted/Written: 06/16/2008 07:54:05 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
-- End of Deckard's System Scanner: finished at 2008-06-16 20:09:22 ------------
-Ok, there they both are (I hope). Let us know the next step (when you know).
Thanks!
Post by: guestolo on June 16, 2008, 11:22:48 PM
Nothing that we can fix however
Can you do the following
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Don't run it yet
Physically disconnect the internet cable connection to your computer
Temporarily disable AV and Firewall protections
Right click it's icon by the desktop and Exit
DO NOT let them interfere with the following
Double click on ComboFix.exe to run the program
Follow the prompts
normally this fix takes anywhere from 10 to 30 minutes
After reboot
ComboFix will run again, then continue to create a log, this can take a few minutes
Let it run uninterrupted please
I'll need to see this log later
Note:
[color=\"#4169E1\"]Do not mouseclick combofix's window while it's running. That may cause it to stall[/color]
After ComboFix runs, and after it's log opens, ensure Outpost is running
Connect Internet cable, if you have no Internet connection
Simply reboot your computer
By default, the location of the combofix log is located at this location
C:\combofix.txt
Post back the log from ComboFix and a Fresh hijiackthis log please
Post by: pwag on June 19, 2008, 01:28:37 AM
Nothing that we can fix however
Can you do the following
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Don't run it yet
Physically disconnect the internet cable connection to your computer
Temporarily disable AV and Firewall protections
Right click it's icon by the desktop and Exit
DO NOT let them interfere with the following
Double click on ComboFix.exe to run the program
Follow the prompts
normally this fix takes anywhere from 10 to 30 minutes
After reboot
ComboFix will run again, then continue to create a log, this can take a few minutes
Let it run uninterrupted please
I'll need to see this log later
Note:
[color=\"#4169e1\"]Do not mouseclick combofix's window while it's running. That may cause it to stall[/color]
After ComboFix runs, and after it's log opens, ensure Outpost is running
Connect Internet cable, if you have no Internet connection
Simply reboot your computer
By default, the location of the combofix log is located at this location
C:\combofix.txt
Post back the log from ComboFix and a Fresh hijiackthis log please[/quote]
Hello,
I had a little trouble following the directions - I hope I have done the right steps. I am attaching the result of the combofix log, but I now realized that you wanted me to do another hijackthis log. I'll do that next.
ComboFix 08-06-16.5 - Patty 2008-06-18 22:35:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.578 [GMT -7:00]
Running from: C:\Documents and Settings\Patty\Desktop\ComboFix.exe
* Created a new restore point
[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.
2008-06-14 20:17 . 2008-06-14 20:17 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-13 00:10 . 2008-04-14 04:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 00:10 . 2008-04-14 04:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 00:20 . 2008-06-12 00:20 <DIR> d-------- C:\Deckard
2008-06-11 19:19 . 2008-06-11 19:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-07 10:47 . 2008-06-18 19:35 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-07 10:47 . 2008-06-07 10:47 <DIR> d-------- C:\Documents and Settings\Patty\Application Data\AVGTOOLBAR
2008-06-07 10:47 . 2008-06-07 10:47 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-07 10:47 . 2008-06-07 10:47 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-07 10:47 . 2008-06-07 10:47 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-07 10:46 . 2008-06-07 10:46 <DIR> d-------- C:\Program Files\AVG
2008-06-07 10:46 . 2008-06-07 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-03 15:44 . 2008-06-07 19:39 <DIR> d-------- C:\Documents and Settings\Patty\Application Data\Sammsoft
2008-05-28 23:03 . 2008-05-28 23:03 <DIR> d-------- C:\Documents and Settings\Patty\Application Data\RegistryClear
2008-05-28 22:29 . 2008-05-28 22:29 <DIR> d-------- C:\Program Files\AskPBar
2008-05-19 08:32 . 2008-05-19 08:32 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-19 08:08 . 2008-05-19 08:08 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 05:23 --------- d-----w C:\Program Files\Lx_cats
2008-06-19 04:56 --------- d-----w C:\Program Files\lg_fwupdate
2008-06-17 04:38 --------- d-----w C:\Documents and Settings\Patty\Application Data\Skype
2008-05-24 05:19 --------- d-----w C:\Program Files\Apple Software Update
2008-05-22 01:27 --------- d-----w C:\Program Files\Hasbro Interactive
2008-05-22 01:24 --------- d-----w C:\Program Files\Pivot Stickfigure Animator
2008-05-11 05:25 --------- d-----w C:\Program Files\Dreamcatcher
2008-05-10 22:26 --------- d-----w C:\Program Files\The Complete National Geographic
2008-05-10 19:05 --------- d-----w C:\Documents and Settings\Patty\Application Data\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-01 23:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-01 22:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-05-01 02:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 02:45 --------- d-----w C:\Program Files\Creative
2008-04-23 22:43 --------- d-----w C:\Program Files\HP
2008-04-23 22:42 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-21 18:58 --------- d-----w C:\Program Files\Java
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 18:24 1,515 ----a-w C:\Documents and Settings\Patty\Application Data\SAS7_000.DAT
2004-10-01 23:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [2006-09-10 21:49 439992]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 11:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 11:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 11:36 114688]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 17:00 155648]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-13 19:06 1397760]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2007-04-06 12:33 249856]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 15:46 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 16:04 40960]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064]
"lxdjmon.exe"="C:\Program Files\Lexmark 1400 Series\lxdjmon.exe" [ ]
"lxdjamon"="C:\Program Files\Lexmark 1400 Series\lxdjamon.exe" [2007-04-30 13:19 20480]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-07 10:46 1177368]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cestdozq]
C:\WINDOWS\system32\cestdozq.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emh]
C:\WINDOWS\system32\emh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\lxdjcoms.exe"=
"C:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe"=
"C:\\Program Files\\Lexmark 1400 Series\\App4R.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-07 10:47]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-07 10:46]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-07 10:46]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-07 10:47]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 05:00]
S2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe [2007-06-11 16:17]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 00:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-06-09 16:36:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-19 04:52:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-13 10:30:00 C:\WINDOWS\Tasks\RegistryClear Scheduled Scan.job"
- C:\Program Files\RegistryClear\RegistryClear.ex
- C:\Program Files\RegistryClear
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-06-18 22:41:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-18 22:44:13
ComboFix-quarantined-files.txt 2008-06-19 05:43:59
Pre-Run: 42,229,358,592 bytes free
Post-Run: 42,231,316,480 bytes free
147 --- E O F --- 2008-06-13 11:26:04
Post by: pwag on June 19, 2008, 01:50:33 AM
I had a little trouble following the directions - I hope I have done the right steps. I am attaching the result of the combofix log, but I now realized that you wanted me to do another hijackthis log. I'll do that next.
ComboFix 08-06-16.5 - Patty 2008-06-18 22:35:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.578 [GMT -7:00]
Running from: C:\Documents and Settings\Patty\Desktop\ComboFix.exe
* Created a new restore point
[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.
2008-06-14 20:17 . 2008-06-14 20:17 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-13 00:10 . 2008-04-14 04:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 00:10 . 2008-04-14 04:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 00:20 . 2008-06-12 00:20 <DIR> d-------- C:\Deckard
2008-06-11 19:19 . 2008-06-11 19:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-07 10:47 . 2008-06-18 19:35 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-07 10:47 . 2008-06-07 10:47 <DIR> d-------- C:\Documents and Settings\Patty\Application Data\AVGTOOLBAR
2008-06-07 10:47 . 2008-06-07 10:47 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-07 10:47 . 2008-06-07 10:47 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-07 10:47 . 2008-06-07 10:47 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-07 10:46 . 2008-06-07 10:46 <DIR> d-------- C:\Program Files\AVG
2008-06-07 10:46 . 2008-06-07 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-03 15:44 . 2008-06-07 19:39 <DIR> d-------- C:\Documents and Settings\Patty\Application Data\Sammsoft
2008-05-28 23:03 . 2008-05-28 23:03 <DIR> d-------- C:\Documents and Settings\Patty\Application Data\RegistryClear
2008-05-28 22:29 . 2008-05-28 22:29 <DIR> d-------- C:\Program Files\AskPBar
2008-05-19 08:32 . 2008-05-19 08:32 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-19 08:08 . 2008-05-19 08:08 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 05:23 --------- d-----w C:\Program Files\Lx_cats
2008-06-19 04:56 --------- d-----w C:\Program Files\lg_fwupdate
2008-06-17 04:38 --------- d-----w C:\Documents and Settings\Patty\Application Data\Skype
2008-05-24 05:19 --------- d-----w C:\Program Files\Apple Software Update
2008-05-22 01:27 --------- d-----w C:\Program Files\Hasbro Interactive
2008-05-22 01:24 --------- d-----w C:\Program Files\Pivot Stickfigure Animator
2008-05-11 05:25 --------- d-----w C:\Program Files\Dreamcatcher
2008-05-10 22:26 --------- d-----w C:\Program Files\The Complete National Geographic
2008-05-10 19:05 --------- d-----w C:\Documents and Settings\Patty\Application Data\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-01 23:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-01 22:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-05-01 02:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 02:45 --------- d-----w C:\Program Files\Creative
2008-04-23 22:43 --------- d-----w C:\Program Files\HP
2008-04-23 22:42 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-21 18:58 --------- d-----w C:\Program Files\Java
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 18:24 1,515 ----a-w C:\Documents and Settings\Patty\Application Data\SAS7_000.DAT
2004-10-01 23:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [2006-09-10 21:49 439992]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 11:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 11:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 11:36 114688]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 17:00 155648]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-13 19:06 1397760]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2007-04-06 12:33 249856]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 15:46 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 16:04 40960]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064]
"lxdjmon.exe"="C:\Program Files\Lexmark 1400 Series\lxdjmon.exe" [ ]
"lxdjamon"="C:\Program Files\Lexmark 1400 Series\lxdjamon.exe" [2007-04-30 13:19 20480]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-07 10:46 1177368]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cestdozq]
C:\WINDOWS\system32\cestdozq.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emh]
C:\WINDOWS\system32\emh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\lxdjcoms.exe"=
"C:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe"=
"C:\\Program Files\\Lexmark 1400 Series\\App4R.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-07 10:47]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-07 10:46]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-07 10:46]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-07 10:47]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 05:00]
S2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe [2007-06-11 16:17]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 00:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-06-09 16:36:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-19 04:52:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-13 10:30:00 C:\WINDOWS\Tasks\RegistryClear Scheduled Scan.job"
- C:\Program Files\RegistryClear\RegistryClear.ex
- C:\Program Files\RegistryClear
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-06-18 22:41:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-18 22:44:13
ComboFix-quarantined-files.txt 2008-06-19 05:43:59
Pre-Run: 42,229,358,592 bytes free
Post-Run: 42,231,316,480 bytes free
147 --- E O F --- 2008-06-13 11:26:04[/quote]
Here is the fresh hijackthis log you also requested.
Deckard's System Scanner v20071014.68
Run by Patty on 2008-06-18 23:48:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Patty.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:32 PM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Patty\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Patty.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Program Files\Lexmark 1400 Series\lxdjmon.exe"
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7372E93-2E39-4DD0-9F27-B948F33743EB}: NameServer = 216.113.192.4 216.113.192.3
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 9170 bytes
-- Files created between 2008-05-18 and 2008-06-18 -----------------------------
2008-06-18 22:32:49 68096 --a------ C:\WINDOWS\zip.exe
2008-06-18 22:32:49 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-18 22:32:49 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-18 22:32:49 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-18 22:32:49 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-18 22:32:49 98816 --a------ C:\WINDOWS\sed.exe
2008-06-18 22:32:49 80412 --a------ C:\WINDOWS\grep.exe
2008-06-18 22:32:49 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-14 20:17:26 0 d--h----- C:\$AVG8.VAULT$
2008-06-11 19:19:14 0 d-------- C:\Program Files\Trend Micro
2008-06-07 10:47:06 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-07 10:47:06 0 d-------- C:\Documents and Settings\Patty\Application Data\AVGTOOLBAR
2008-06-07 10:46:56 0 d-------- C:\Program Files\AVG
2008-06-07 10:46:55 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-03 15:44:08 0 d-------- C:\Documents and Settings\Patty\Application Data\Sammsoft
2008-05-28 23:03:16 0 d-------- C:\Documents and Settings\Patty\Application Data\RegistryClear
2008-05-28 22:29:00 0 d-------- C:\Program Files\AskPBar
2008-05-19 08:32:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-19 08:32:25 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-19 08:08:42 0 d--h----- C:\WINDOWS\system32\GroupPolicy
-- Find3M Report ---------------------------------------------------------------
2008-06-18 23:03:05 0 d-------- C:\Program Files\lg_fwupdate
2008-06-18 22:23:42 0 d-------- C:\Program Files\Lx_cats
2008-06-16 21:38:08 0 d-------- C:\Documents and Settings\Patty\Application Data\Skype
2008-05-23 22:19:38 0 d-------- C:\Program Files\Apple Software Update
2008-05-21 18:27:28 0 d-------- C:\Program Files\Hasbro Interactive
2008-05-21 18:24:34 0 d-------- C:\Program Files\Pivot Stickfigure Animator
2008-05-19 08:32:25 0 d-------- C:\Program Files\Common Files
2008-05-10 22:25:52 0 d-------- C:\Program Files\Dreamcatcher
2008-05-10 15:26:42 0 d-------- C:\Program Files\The Complete National Geographic
2008-05-10 12:05:58 0 d-------- C:\Documents and Settings\Patty\Application Data\AdobeUM
2008-04-30 19:45:40 0 d-------- C:\Program Files\Creative
2008-04-30 19:45:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-23 15:43:03 0 d-------- C:\Program Files\HP
2008-04-23 15:42:50 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-21 11:58:55 0 d-------- C:\Program Files\Java
2008-04-05 20:19:48 0 --a----c- C:\WINDOWS\system32\Biport
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
06/07/2008 10:47 AM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [06/07/2008 10:47 AM 2050816]
[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 11:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 11:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 11:36 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [10/14/2004 10:11 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/29/2003 05:00 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [02/16/2005 05:15 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 05:15 PM]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [11/02/2004 09:24 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [03/13/2006 07:06 PM]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [04/06/2007 12:33 PM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [04/14/2004 03:46 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [04/14/2004 04:04 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM]
"lxdjmon.exe"="C:\Program Files\Lexmark 1400 Series\lxdjmon.exe" []
"lxdjamon"="C:\Program Files\Lexmark 1400 Series\lxdjamon.exe" [04/30/2007 01:19 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/07/2008 10:46 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [09/10/2006 09:49 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 8:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 8:50:52 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cestdozq]
C:\WINDOWS\system32\cestdozq.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emh]
C:\WINDOWS\system32\emh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
-- End of Deckard's System Scanner: finished at 2008-06-18 23:51:17 ------------
Post by: guestolo on June 19, 2008, 01:59:44 PM
Removing some unneeded toolbars and updating some software and see how we stand afterwards
Can you do the following please
I see you have Firefox installed, great choice
But if the Ask Toolbar is installed within Firefox, try the following
In Firefox, click on TOOLS>>Add ons>>Under Extensions
Highlight Ask Toolbar and Uninstall it
If you are prompted to Restart Firefox, just close firefox for now
Then access your Add and Remove programs
Remove the following with All browser windows closed
Ask Toolbar
Remain in Add and Remove Programs
Remove all older versions of Sun Java, we'll update this in a bit
Uninstall ALL the following
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Javaâ„¢ 6 Update 2
Javaâ„¢ 6 Update 3
Javaâ„¢ 6 Update 5
Javaâ„¢ SE Runtime Environment 6 Update 1
Don't reboot the computer yet, even if prompted
Instead, come back here
==Download [color=\"#FF0000\"]ATF-Cleaner[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune.
Save it to your desktop
======================================
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
NOTE: Bootup will be a bit slower as we have cleared your Prefetch folder
Bootup time will increase as this folder is repopulated
========================================
Download [color=\"blue\"]OTMoveIt2.exe[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe\") by OldTimer:
- Save it to your desktop.
- Please double-click OTMoveIt2.exe to run it.
- Copy the entries below in BLUE to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================
[color=\"#0000FF\"]C:\WINDOWS\system32\cestdozq.exe
C:\WINDOWS\system32\emh.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cestdozq
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emh
[/color]
====================================================== - Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
- Click the red "[color=\"red\"]MoveIt![/color]" button.
- Close OTMoveIt when it has completed.
NOTE: If you are not asked to reboot the computer, reboot manually anyways
OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log
=====================================================
After you have rebooted
[color=\"blue\"]Updating Java:[/color]
- Download the latest version of Java Runtime Environment (JRE) 6 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
- Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6".
- Click the "Download" button to the right.
- In the Window that opens, select Windows, your Language, check the "agree" box and click Continue.
- Click on the link to download Windows Offline Installation and save to your desktop.
- Then from your desktop double-click on jre-6u6-windows-i586-p.exe that you downloaded to install the newest version.
Can you run dss.exe on desktop again
Post the new log from MAIN.txt
Also include the log from OTMoveit please
Let me know if things have improved
Can you let me know if you experienced any slowdowns on the Internet After AVG 8 was installed please
Some users reporting problems with it's Security toolbar
Post by: pwag on June 20, 2008, 12:40:42 PM
Removing some unneeded toolbars and updating some software and see how we stand afterwards
Can you do the following please
I see you have Firefox installed, great choice
But if the Ask Toolbar is installed within Firefox, try the following
In Firefox, click on TOOLS>>Add ons>>Under Extensions
Highlight Ask Toolbar and Uninstall it
If you are prompted to Restart Firefox, just close firefox for now
Then access your Add and Remove programs
Remove the following with All browser windows closed
Ask Toolbar
Remain in Add and Remove Programs
Remove all older versions of Sun Java, we'll update this in a bit
Uninstall ALL the following
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Javaâ„¢ 6 Update 2
Javaâ„¢ 6 Update 3
Javaâ„¢ 6 Update 5
Javaâ„¢ SE Runtime Environment 6 Update 1
Don't reboot the computer yet, even if prompted
Instead, come back here
==Download [color=\"#ff0000\"]ATF-Cleaner[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune.
Save it to your desktop
======================================
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
NOTE: Bootup will be a bit slower as we have cleared your Prefetch folder
Bootup time will increase as this folder is repopulated
========================================
Download [color=\"blue\"]OTMoveIt2.exe[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe\") by OldTimer:
- Save it to your desktop.
- Please double-click OTMoveIt2.exe to run it.
- Copy the entries below in BLUE to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================
[color=\"#0000ff\"]C:\WINDOWS\system32\cestdozq.exe
C:\WINDOWS\system32\emh.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cestdozq
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emh
[/color]
====================================================== - Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
- Click the red "[color=\"red\"]MoveIt![/color]" button.
- Close OTMoveIt when it has completed.
NOTE: If you are not asked to reboot the computer, reboot manually anyways
OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log
=====================================================
After you have rebooted
[color=\"blue\"]Updating Java:[/color]
- Download the latest version of Java Runtime Environment (JRE) 6 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
- Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6".
- Click the "Download" button to the right.
- In the Window that opens, select Windows, your Language, check the "agree" box and click Continue.
- Click on the link to download Windows Offline Installation and save to your desktop.
- Then from your desktop double-click on jre-6u6-windows-i586-p.exe that you downloaded to install the newest version.
Can you run dss.exe on desktop again
Post the new log from MAIN.txt
Also include the log from OTMoveit please
Let me know if things have improved
Can you let me know if you experienced any slowdowns on the Internet After AVG 8 was installed please
Some users reporting problems with it's Security toolbar[/quote]
Ok,
Here is the log from dss.exe (MAIN.txt):
Deckard's System Scanner v20071014.68
Run by Patty on 2008-06-20 10:39:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Patty.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:57 AM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Patty\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Patty.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Program Files\Lexmark 1400 Series\lxdjmon.exe"
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7372E93-2E39-4DD0-9F27-B948F33743EB}: NameServer = 216.113.192.4 216.113.192.3
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 9186 bytes
-- Files created between 2008-05-20 and 2008-06-20 -----------------------------
2008-06-20 10:35:46 0 d-------- C:\Program Files\Common Files\Java
2008-06-18 22:32:49 68096 --a------ C:\WINDOWS\zip.exe
2008-06-18 22:32:49 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-18 22:32:49 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-18 22:32:49 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-18 22:32:49 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-18 22:32:49 98816 --a------ C:\WINDOWS\sed.exe
2008-06-18 22:32:49 80412 --a------ C:\WINDOWS\grep.exe
2008-06-18 22:32:49 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-14 20:17:26 0 d--h----- C:\$AVG8.VAULT$
2008-06-11 19:19:14 0 d-------- C:\Program Files\Trend Micro
2008-06-07 10:47:06 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-07 10:47:06 0 d-------- C:\Documents and Settings\Patty\Application Data\AVGTOOLBAR
2008-06-07 10:46:56 0 d-------- C:\Program Files\AVG
2008-06-07 10:46:55 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-03 15:44:08 0 d-------- C:\Documents and Settings\Patty\Application Data\Sammsoft
2008-05-28 23:03:16 0 d-------- C:\Documents and Settings\Patty\Application Data\RegistryClear
2008-05-28 22:29:00 0 d-------- C:\Program Files\AskPBar
-- Find3M Report ---------------------------------------------------------------
2008-06-20 10:38:04 0 d-------- C:\Program Files\Java
2008-06-20 10:35:46 0 d-------- C:\Program Files\Common Files
2008-06-20 10:17:28 0 d-------- C:\Program Files\lg_fwupdate
2008-06-19 22:27:38 0 d-------- C:\Program Files\Lx_cats
2008-06-16 21:38:08 0 d-------- C:\Documents and Settings\Patty\Application Data\Skype
2008-05-23 22:19:38 0 d-------- C:\Program Files\Apple Software Update
2008-05-21 18:27:28 0 d-------- C:\Program Files\Hasbro Interactive
2008-05-21 18:24:34 0 d-------- C:\Program Files\Pivot Stickfigure Animator
2008-05-19 08:32:41 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-10 22:25:52 0 d-------- C:\Program Files\Dreamcatcher
2008-05-10 15:26:42 0 d-------- C:\Program Files\The Complete National Geographic
2008-05-10 12:05:58 0 d-------- C:\Documents and Settings\Patty\Application Data\AdobeUM
2008-04-30 19:45:40 0 d-------- C:\Program Files\Creative
2008-04-30 19:45:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-23 15:43:03 0 d-------- C:\Program Files\HP
2008-04-23 15:42:50 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-05 20:19:48 0 --a----c- C:\WINDOWS\system32\Biport
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
06/07/2008 10:47 AM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [06/07/2008 10:47 AM 2050816]
[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 11:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 11:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 11:36 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [10/14/2004 10:11 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/29/2003 05:00 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [02/16/2005 05:15 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 05:15 PM]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [11/02/2004 09:24 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [03/13/2006 07:06 PM]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [04/06/2007 12:33 PM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [04/14/2004 03:46 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [04/14/2004 04:04 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM]
"lxdjmon.exe"="C:\Program Files\Lexmark 1400 Series\lxdjmon.exe" []
"lxdjamon"="C:\Program Files\Lexmark 1400 Series\lxdjamon.exe" [04/30/2007 01:19 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/07/2008 10:46 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [09/10/2006 09:49 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 8:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 8:50:52 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
-- End of Deckard's System Scanner: finished at 2008-06-20 10:42:40 ------------
And here is the OTMoveIt log:
File/Folder C:\WINDOWS\system32\cestdozq.exe not found.
File/Folder C:\WINDOWS\system32\emh.exe not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cestdozq >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cestdozq\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emh >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emh\\ deleted successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06202008_101340
-The computer does seem to work faster, but the internet is still not consistent. At times it is fairly decent, but at others very,very slow. Regarding AVG 8, yes, I think the computer got even slower after AVG was installed.
Thanks.
Post by: guestolo on June 20, 2008, 02:22:46 PM
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Post by: pwag on June 20, 2008, 03:16:31 PM
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents[/quote]
Actually we didn't have the ask toolbar installed on Firefox.
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.1.0
Adobe Shockwave Player
Antidote RX v2
Apple Mobile Device Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AVG Free 8.0
Creative Media Lite
Creative ZEN Stone Plus User's Guide
DirectX Media Runtime 5.1
Dragon NaturallySpeaking 9
DVD Solution
Foxit Reader
GalleryPlayer Images
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
HP Image Zone 4.5
HP Photosmart Cameras 4.5
HP Update
InCD
Intel® Extreme Graphics 2 Driver
Interactive User’s Guide
InterActual Player
iTunes
Java(tm) 6 Update 6
K-Lite Codec Pack 2.80 Full
Lexmark 1400 Series
Lexmark Toolbar
LG ODD Auto Firmware Update
Map Button (Windows Live Toolbar)
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
O&O Defrag Professional Edition
PaperPort
PowerDVD
QuickTime
Roll
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Skype 3.0
Skype Plugin Manager
Smart Menus (Windows Live Toolbar)
SoundMAX
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
URGE
VeggieTales Dance Dance Dance
Windows Installer 3.1 (KB893803)
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Post by: guestolo on June 20, 2008, 03:23:03 PM
Close down All browser windows
Access your Add and REmove Programs and remove
Ask Toolbar
Reboot the computer, come back here and post a fresh hijackthis log afterwards
Are you willing to reinstall AVG 8, it's a customised installation, I just want to see if it will help your situation
Don't uninstall your copy yet, just let me know when your ready
Post by: pwag on June 20, 2008, 05:32:35 PM
Close down All browser windows
Access your Add and REmove Programs and remove
Ask Toolbar
Reboot the computer, come back here and post a fresh hijackthis log afterwards
Are you willing to reinstall AVG 8, it's a customised installation, I just want to see if it will help your situation
Don't uninstall your copy yet, just let me know when your ready[/quote]
Yes, I am defintely willing to reinstall AVG 8-
and here is the hijackthis log (and we have removed the Ask Toolbar):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:16 PM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Program Files\Lexmark 1400 Series\lxdjmon.exe"
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7372E93-2E39-4DD0-9F27-B948F33743EB}: NameServer = 216.113.192.4 216.113.192.3
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8935 bytes
Post by: guestolo on June 20, 2008, 06:42:03 PM
Can You also let me know if at one time you had Spybot Search & Destroy installed on this computer
Did you recently remove it?
Can you do the following
I need you to redownload AVG free version installer from the following link
[color=\"#FF0000\"]> From HERE <[/color] (http://\"http://www.download.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html?part=dl-AVGAntiVir&subj=dl&tag=button\")
It's important that you save this to your C:\ directory
If it does by default save to desktop or similiar, right click on the file and choose COPY
Then navigate to START>>MyComputer>>C:\
Paste the file there
Then Right Click on the File and Choose Properties
Give me the EXACT name of the file please, you can copy and paste the info back here
As eg.. C:\avg_free_stf_all_8_100a1323.exe
It may be named exactly as I posted, but just reassure me that is the Exact name of the file
Then we'll go from there with some setup steps
Take note, I see Ad-Aware 2007 installed also, it's a good program, but we may try and remove it temporarily later, just to ensure it's not a conflict either
You can reinstall later, it's been updated anyways, but for now, just download the new installer for AVG
and let me know about Spybot please
P.S. I'm heading out to cut the grass, so I'll pop in a bit later
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />Edit>>I seen a couple scheduled tasks related to both
TuneUp Utilities 2006
and
RegistryClear
I don't see them in your uninstall list, can you assure me they are both now uninstalled please
I just want to make sure the related scheduled task is gone if still around
Post by: pwag on June 20, 2008, 10:39:01 PM
Can You also let me know if at one time you had Spybot Search & Destroy installed on this computer
Did you recently remove it?
Can you do the following
I need you to redownload AVG free version installer from the following link
[color=\"#ff0000\"]> From HERE <[/color] (http://\"http://www.download.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html?part=dl-AVGAntiVir&subj=dl&tag=button\")
It's important that you save this to your C:\ directory
If it does by default save to desktop or similiar, right click on the file and choose COPY
Then navigate to START>>MyComputer>>C:\
Paste the file there
Then Right Click on the File and Choose Properties
Give me the EXACT name of the file please, you can copy and paste the info back here
As eg.. C:\avg_free_stf_all_8_100a1323.exe
It may be named exactly as I posted, but just reassure me that is the Exact name of the file
Then we'll go from there with some setup steps
Take note, I see Ad-Aware 2007 installed also, it's a good program, but we may try and remove it temporarily later, just to ensure it's not a conflict either
You can reinstall later, it's been updated anyways, but for now, just download the new installer for AVG
and let me know about Spybot please
P.S. I'm heading out to cut the grass, so I'll pop in a bit later
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Edit>>I seen a couple scheduled tasks related to both
TuneUp Utilities 2006
and
RegistryClear
I don't see them in your uninstall list, can you assure me they are both now uninstalled please
I just want to make sure the related scheduled task is gone if still around[/quote]
Here is the avg file name:
avg_free_stf_all_8_100a1323.exe
I
cut and pasted the avg file info.
Yes, TuneUp Utilities 2006 and RegistryClear are both uninstalled. Yes we did have Spybot Search and Destroy (I believe) and I think we took that off recently (Not 100% about that -but it seems very familiar).
Post by: guestolo on June 21, 2008, 12:32:31 AM
Download HostsXpert [color=\"red\"]Here[/color] (http://\"http://www.funkytoad.com/download/HostsXpert.zip\") and unzip it to your desktop.
Next, open HostsXpert
- Make sure that the "make hosts writable?" button in the upper left corner is checked>>Should read 'Make Readonly'
- Now, click on 'Backup/Restore'
- Click 'Create Backup'>>OK>>OK
- then click on 'Restore MS host files'>>OK
- Finally, close HostsXpert.
Go to START>>RUN>>Type in
cmd
Hit OK
A command prompt window will open
In the prompt, type Exactly as posted in Blue below
[color=\"#4169E1\"]ipconfig /flushdns[/color]
Hit Enter on keyboard
This should flush the dns resolver
Type Exit>>Hit Enter
Afterwards:You should still have OTMoveit2.exe on desktop
- Please double-click OTMoveIt2.exe to run it.
- Copy the entries below in BLUE to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================
[color=\"#0000FF\"]
C:\WINDOWS\Tasks\1-Click Maintenance.job
C:\WINDOWS\Tasks\RegistryClear Scheduled Scan.job
C:\Program Files\RegistryClear
C:\Documents and Settings\Patty\Application Data\RegistryClear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\HP Software Update
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\updateMgr
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[/color]
====================================================== - Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
- Click the red "[color=\"red\"]MoveIt![/color]" button.
- Close OTMoveIt when it has completed.
NOTE: If you are not asked to reboot the computer, reboot manually anyways
OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log
Again, I will need to see this new log later
But continue to do the following
Close down ALL browser windows, including this one
Access your Add and Remove Programs and first uninstall
Ad-Aware 2007
After you have successfully removed it, remain in Add and Remove Programs and keep your browser windows closed
Remove the following
AVG Free 8.0
During uninstall, select both "Remove User Settings" and "objects in vault"
After uninstalling, ensure to reboot the computer
Back in Windows
Come back here, we're going to install AVG8 without the Linkscanner or Search-Shield, as this may be problems for some users
Go to START>>RUN>>Copy and paste the next command in BLUE below to the open field
[color=\"#0000FF\"]c:\avg_free_stf_all_8_100a1323.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch[/color]
A new installation of AVG will start
At the Language prompt, default is English
Click NEXT>>ACCEPT>>Accept
At the Select Installation type prompt
Choose "Custom Installation"
Click NEXT>>NEXT>>NEXT
Under Module Select
Leave "AVG Search-Shield" UNChecked
Then click NEXT
Email Scanning choose NEXT
Unless you need to manually configure, but most users need the Recommended selection
Click Finish
After AVG is installed allow to update
You will be prompted for Scheduled scanning, this is the time to select what time you prefer to have the scanner run in the background
NOTE: I disable scheduled scanning and run it manually, but I suggest that you leave it enabled and choose a time that you prefer, when most users aren't using the computer and the computer is left on
When installation is done, reboot the computer one more time
Come back here, post a fresh hijackthis log
Let me know how things are running afterwards please
Oh, could you also post that new log from OTMoveit2.exe
EDIT>>Added extra step with ipconfig
Post by: pwag on June 21, 2008, 02:52:23 PM
Download HostsXpert [color=\"red\"]Here[/color] (http://\"http://www.funkytoad.com/download/HostsXpert.zip\") and unzip it to your desktop.
Next, open HostsXpert
- Make sure that the "make hosts writable?" button in the upper left corner is checked>>Should read 'Make Readonly'
- Now, click on 'Backup/Restore'
- Click 'Create Backup'>>OK>>OK
- then click on 'Restore MS host files'>>OK
- Finally, close HostsXpert.
Go to START>>RUN>>Type in
cmd
Hit OK
A command prompt window will open
In the prompt, type Exactly as posted in Blue below
[color=\"#4169e1\"]ipconfig /flushdns[/color]
Hit Enter on keyboard
This should flush the dns resolver
Type Exit>>Hit Enter
Afterwards:You should still have OTMoveit2.exe on desktop
- Please double-click OTMoveIt2.exe to run it.
- Copy the entries below in BLUE to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================
[color=\"#0000ff\"]
C:\WINDOWS\Tasks\1-Click Maintenance.job
C:\WINDOWS\Tasks\RegistryClear Scheduled Scan.job
C:\Program Files\RegistryClear
C:\Documents and Settings\Patty\Application Data\RegistryClear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\HP Software Update
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\updateMgr
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[/color]
====================================================== - Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
- Click the red "[color=\"red\"]MoveIt![/color]" button.
- Close OTMoveIt when it has completed.
NOTE: If you are not asked to reboot the computer, reboot manually anyways
OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log
Again, I will need to see this new log later
But continue to do the following
Close down ALL browser windows, including this one
Access your Add and Remove Programs and first uninstall
Ad-Aware 2007
After you have successfully removed it, remain in Add and Remove Programs and keep your browser windows closed
Remove the following
AVG Free 8.0
During uninstall, select both "Remove User Settings" and "objects in vault"
After uninstalling, ensure to reboot the computer
Back in Windows
Come back here, we're going to install AVG8 without the Linkscanner or Search-Shield, as this may be problems for some users
Go to START>>RUN>>Copy and paste the next command in BLUE below to the open field
[color=\"#0000ff\"]c:\avg_free_stf_all_8_100a1323.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch[/color]
A new installation of AVG will start
At the Language prompt, default is English
Click NEXT>>ACCEPT>>Accept
At the Select Installation type prompt
Choose "Custom Installation"
Click NEXT>>NEXT>>NEXT
Under Module Select
Leave "AVG Search-Shield" UNChecked
Then click NEXT
Email Scanning choose NEXT
Unless you need to manually configure, but most users need the Recommended selection
Click Finish
After AVG is installed allow to update
You will be prompted for Scheduled scanning, this is the time to select what time you prefer to have the scanner run in the background
NOTE: I disable scheduled scanning and run it manually, but I suggest that you leave it enabled and choose a time that you prefer, when most users aren't using the computer and the computer is left on
When installation is done, reboot the computer one more time
Come back here, post a fresh hijackthis log
Let me know how things are running afterwards please
Oh, could you also post that new log from OTMoveit2.exe
EDIT>>Added extra step with ipconfig[/quote]
Hi,
I've started the process that you have outlined above, but have a little confusion. I saw no means of doing the following. Either I don't know how to do these steps or the options are not available.
- Make sure that the "make hosts writable?" button in the upper left corner is checked>>Should read 'Make Readonly'
- Now, click on 'Backup/Restore'
- Click 'Create Backup'>>OK>>OK
- then click on 'Restore MS host files'>>OK
- Finally, close HostsXpert.
Go to START>>RUN>>Type in
cmd
Hit OK
A command prompt window will open
In the prompt, type Exactly as posted in Blue below
[color=\"#4169e1\"]ipconfig /flushdns[/color]
Hit Enter on keyboard
This should flush the dns resolver
Type Exit>>Hit Enter
This seemed to work fine. This next line now stumps me:
Afterwards:You should still have OTMoveit2.exe on desktop
I don't see the OTMoveit2.exe on the desktop. Is this because of the steps that I didn't do prior to the last step or is there some other reasone for OTMoveit2.exe not being on the desktop.
What should I do now?
Thanks,
Post by: guestolo on June 21, 2008, 02:59:15 PM
Open the HostXpert folder
Open HostXpert.exe
Just ensure that in the top left corner it Reads
Make Readonly?
Then follow the instructions
Quote
# Now, click on 'Backup/Restore'
# Click 'Create Backup'>>Click OK>>Click OK
# then click on 'Restore MS host files'>>Click OK
# Finally, close HostsXpert.
If you no longer have OTMoveit2.exe
Redownload it and save to desktop from [color=\"#FF0000\"]> HERE <[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe\")[/url]
Post by: pwag on June 21, 2008, 03:11:05 PM
Post by: guestolo on June 21, 2008, 03:17:17 PM
Let's not bounce back and forth into different accounts
Post by: pwag on June 21, 2008, 04:52:27 PM
Open the HostXpert folder
Open HostXpert.exe
Just ensure that in the top left corner it Reads
Make Readonly?
Then follow the instructions
If you no longer have OTMoveit2.exe
Redownload it and save to desktop from [color=\"#ff0000\"]> HERE <[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe\")[/url][/quote]
Okay, all steps now completed - I notice a significant speed improvement from the previous operations. Here is the fresh hijackthis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:21 PM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Program Files\Lexmark 1400 Series\lxdjmon.exe"
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-220523388-651377827-839522115-1003\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Dale')
O4 - HKUS\S-1-5-21-220523388-651377827-839522115-1003\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem (User 'Dale')
O4 - HKUS\S-1-5-21-220523388-651377827-839522115-1003\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" (User 'Dale')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7372E93-2E39-4DD0-9F27-B948F33743EB}: NameServer = 216.113.192.4 216.113.192.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8345 bytes
Cheers,
Post by: guestolo on June 21, 2008, 05:37:03 PM
Some minor cleanup
Go to START>>RUN>>copy and paste the following Blue line
[color=\"#4169E1\"]ComboFix /u[/color]
This will uninstall Combofix and it's components
You can optionally delete ATF-Cleaner.exe or hold onto it to help clear temp files, etc...
Do a "System scan only" with Hijackthis and put a check next to these entries:
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-21-220523388-651377827-839522115-1003\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem (User 'Dale')
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
OTMoveit2.exe
- Double-click OTMoveIt2.exe to run it.
- Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list - Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Don't mouseclick during the wait as you may cause the tool to stall - Select Yes to reboot Now
I suggest that you add SpywareBlaster to your protection software
SpywareBlaster by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection
Ensure that each user when signed in runs SpywareBlaster and selects the Enable All Protections
Hope that helps
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />Edit>>Are you now back connected to the Router? It appears so, just hoping everything is fine
Post by: pwag on June 22, 2008, 02:20:43 AM
I was unable to tick off the entries you suggested because I couldn't find them in the list. So, I've saved the scan and pasted it into this post for you to look at. Let me know what to do.
Thanks,
D
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:39 AM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Program Files\Lexmark 1400 Series\lxdjmon.exe"
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-21-220523388-651377827-839522115-1004\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe (User 'Patty')
O4 - HKUS\S-1-5-21-220523388-651377827-839522115-1004\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User 'Patty')
O4 - HKUS\S-1-5-21-220523388-651377827-839522115-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Patty')
O4 - Startup: SpeedPlexer.lnk = C:\Program Files\SpeedPlexer\SpeedPlexer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx (http://\"http://favorites.live.com/quickadd.aspx\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7372E93-2E39-4DD0-9F27-B948F33743EB}: NameServer = 216.113.192.4 216.113.192.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8623 bytes
Post by: guestolo on June 22, 2008, 04:15:08 AM
I think what's happening is your jumping back and forth to different user accounts running Hijackthis
Each account shows different entries
I think I should see a Hijackthis log from each user account
Here's the accounts I see
Dale
Patty
Lauren
Colin
Rebecca
lolypop
stuff
First, you should have a shortcut to Hijackthis on your desktop
Copy and paste that shortcut to your C:\ folder
START>>MyComputer>>Local disk C:
Now you can run it from there in each user account
Start with your account, ensure all other users are logged out
A fresh reboot of the system will ensure this
Run a scan and save logfile from your account and post it back here
Label it what your account is
Eg... PATTY
I assume the last log is from Patty, if it is, don't worry about posting that one again
Then log out and log into the next user account, run Hijackthis and post it's log>>label it
So on and so on
It will take multiple replies back here to ensure I see them all
NOTE: It may make it easier to save a link to this forum in your C:\folder
in a text file
Here's the link
Code: [Select]
http://www.thetechguide.com/forum/index.php?showforum=4Then you can just copy>>paste that into the address bar of your browser I'll check back when I can
Post by: pwag on June 27, 2008, 08:21:27 AM
I'm just leaving on holidays, so my time on the internet will be limited to Internet connection availability and the time to post
I think what's happening is your jumping back and forth to different user accounts running Hijackthis
Each account shows different entries
I think I should see a Hijackthis log from each user account
Here's the accounts I see
Dale
Patty
Lauren
Colin
Rebecca
lolypop
stuff
First, you should have a shortcut to Hijackthis on your desktop
Copy and paste that shortcut to your C:\ folder
START>>MyComputer>>Local disk C:
Now you can run it from there in each user account
Start with your account, ensure all other users are logged out
A fresh reboot of the system will ensure this
Run a scan and save logfile from your account and post it back here
Label it what your account is
Eg... PATTY
I assume the last log is from Patty, if it is, don't worry about posting that one again
Then log out and log into the next user account, run Hijackthis and post it's log>>label it
So on and so on
It will take multiple replies back here to ensure I see them all
NOTE: It may make it easier to save a link to this forum in your C:\folder
in a text file
Here's the link
Code: [Select]
http://www.thetechguide.com/forum/index.php?showforum=4Then you can just copy>>paste that into the address bar of your browser I'll check back when I can
Hi, I was having trouble posting things last night - I don't know what the problem was but the net seemed very slow overall. anyway, here is the hijackthis log done from Lauren's desktop. I'll post the others separately.
Dale
Hijackthis log file Lauren
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:09 PM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033 (http://\"https://login.live.com/ppsecure/sha1auth.srf?lc=1033\")
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Program Files\Lexmark 1400 Series\lxdjmon.exe"
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKUS\S-1-5-21-220523388-651377827-839522115-1003\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Dale')
O4 - HKUS\S-1-5-21-220523388-651377827-839522115-1003\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem (User 'Dale')
O4 - HKUS\S-1-5-21-220523388-651377827-839522115-1003\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" (User 'Dale')
O4 - HKUS\S-1-5-21-220523388-651377827-839522115-1004\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe (User 'Patty')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx (http://\"http://favorites.live.com/quickadd.aspx\")
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7372E93-2E39-4DD0-9F27-B948F33743EB}: NameServer = 216.113.192.4 216.113.192.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 9002 bytes