WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
[Resolved] HiJack log
Started by
twoxs
, Oct 05 2007 03:26 AM
-
This topic is locked
7 replies to this topic
#1
twoxs
-
- New Member
-
- 4 posts
New Member
Posted 05 October 2007 - 03:26 AM
Register to Remove
#2
Scotty
-
- Authentic Member
-
- 3,634 posts
Always Happy
Posted 05 October 2007 - 03:36 AM
Hi! Welcome to the WTT forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient.
Rename HijackThis
There is a possibility an infection which is hiding part of the HijackThis log because it's called hijackthis.exe.
Please rename hijackthis.exe to iseeu.exe by right-clicking on the Desktop icon and selecting Rename.
Now scan again and post a new log, please.
Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient.
Rename HijackThis
There is a possibility an infection which is hiding part of the HijackThis log because it's called hijackthis.exe.
Please rename hijackthis.exe to iseeu.exe by right-clicking on the Desktop icon and selecting Rename.
Now scan again and post a new log, please.
Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
#3
twoxs
-
- New Member
-
- 4 posts
New Member
Posted 06 October 2007 - 03:41 PM
scotty-
Thanks 
PS: {Thats my next younger brothers name also, !!}(Should be a good sign,LOL)
Heres my uninstall_list with a new Hijack scan after the rename.
"Ad-Aware SE Personal
Adobe Reader 7.0.7
AVG 7.5
Avira AntiVir PersonalEdition Classic
CDBurnerXP Pro 3
C-Media WDM Audio Driver
Codec Pack - All In 1 6.0.2.7
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
GSpot Codec Information Appliance
HD Tune 2.53
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 5
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Mozilla Firefox (2.0.0.7)
MSI MSIDVD
NeroVision Express 2
Nimo Codecs Pack v5.0 (Remove Only)
NVIDIA Drivers
QuickTime
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Sound Blaster Live!
Spybot - Search & Destroy 1.4
Sygate Personal Firewall
Unreal Tournament 2003
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
XviD MPEG-4 Codec
Zero Assumption Recovery Version 7.9
Logfile of HijackThis v1.99.1
Scan saved at 3:26:26 PM, on 10/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\devldr32.exe
D:\Computer Tools\hijackthis\HijackThis.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe"
Let me know, and Thanks again!!!
Have a GREAT WEEKEND !!!
PS: {Thats my next younger brothers name also, !!}(Should be a good sign,LOL)
Heres my uninstall_list with a new Hijack scan after the rename.
"Ad-Aware SE Personal
Adobe Reader 7.0.7
AVG 7.5
Avira AntiVir PersonalEdition Classic
CDBurnerXP Pro 3
C-Media WDM Audio Driver
Codec Pack - All In 1 6.0.2.7
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
GSpot Codec Information Appliance
HD Tune 2.53
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 5
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Mozilla Firefox (2.0.0.7)
MSI MSIDVD
NeroVision Express 2
Nimo Codecs Pack v5.0 (Remove Only)
NVIDIA Drivers
QuickTime
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Sound Blaster Live!
Spybot - Search & Destroy 1.4
Sygate Personal Firewall
Unreal Tournament 2003
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
XviD MPEG-4 Codec
Zero Assumption Recovery Version 7.9
Logfile of HijackThis v1.99.1
Scan saved at 3:26:26 PM, on 10/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\devldr32.exe
D:\Computer Tools\hijackthis\HijackThis.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe"
Let me know, and Thanks again!!!
Have a GREAT WEEKEND !!!
#4
Scotty
-
- Authentic Member
-
- 3,634 posts
Always Happy
Posted 07 October 2007 - 04:58 AM
Hi
You are operating your computer with multiple Anti Virus programs running in memory at once:
AntiVir & Avg
Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
There are basically two types of these programs:
On-Access and On-Demand
On-Access Scanners
As the name implies, it runs in the background all the time the PC is turned on and running. The main function of an on-access scanner is to monitor activity on your machine.
On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine.
Please disable one or the other so they do not conflict.
Please download Deckard's System Scanner (DSS) to your desktop.
You are operating your computer with multiple Anti Virus programs running in memory at once:
AntiVir & Avg
Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
There are basically two types of these programs:
On-Access and On-Demand
On-Access Scanners
As the name implies, it runs in the background all the time the PC is turned on and running. The main function of an on-access scanner is to monitor activity on your machine.
On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine.
Please disable one or the other so they do not conflict.
Please download Deckard's System Scanner (DSS) to your desktop.
- Close all applications and windows.
- Double-click on dss.exe to run it, and follow the prompts.
- When the scan is complete, a text file will open - Main.txt
- Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
- An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
- Please go to that FOLDER and also copy the contents of Extra.txt to your post as well.
Post Logs:What DSS will do:
- Create a new System Restore point in Windows XP and Vista.
- Clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
- Check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed.
- DSS Scan Results: contents of 1) Main.txt and 2) Extra.txt
#5
twoxs
-
- New Member
-
- 4 posts
New Member
Posted 07 October 2007 - 10:05 AM
Scotty-
The two Virus programs I use are the only ones I've found that work together without fighting each other.
I thought they both were on demand type?
Heres DSS
Deckard's System Scanner v20070905.67
Run by Eros on 2007-10-07 09:37:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
33: 2007-10-07 15:37:55 UTC - RP552 - Deckard's System Scanner Restore Point
32: 2007-10-07 04:25:33 UTC - RP551 - System Checkpoint
31: 2007-10-06 03:11:41 UTC - RP550 - System Checkpoint
30: 2007-10-04 18:07:20 UTC - RP549 - System Checkpoint
29: 2007-10-03 17:38:02 UTC - RP548 - System Checkpoint
-- First Restore Point --
1: 2007-08-25 17:01:06 UTC - RP520 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 1.75 GiB (less than 15%) free.
-- HijackThis (run as Eros.exe) ------------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-07 09:42:51
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Documents and Settings\Eros\Desktop\dss.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: NMSAccess - Unknown owner - D:\Copy Programs\Tools\NMSAccess.exe
-- HijackThis Fixed Entries (D:\COMPUT~1\HIJACK~1\backups\) --------------------
backup-20070521-023708-174 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070521-023708-519 O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Security\Spyware Removers\superantispy\SUPERAntiSpyware.exe
backup-20070521-023708-739 O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
backup-20070521-023721-133 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20070521-023721-277 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070521-023721-707 O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
backup-20070521-023721-802 O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
backup-20070521-023721-893 O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
backup-20070521-023721-935 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20070615-181216-113 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070615-181216-799 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070615-181216-872 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070621-054757-228 O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
backup-20070621-054757-771 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070623-214554-490 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070623-214554-979 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070702-024739-224 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070702-024739-387 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1183188116546
backup-20070702-024741-178 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1183187911265
backup-20070702-024742-143 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070703-041149-198 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070713-015402-645 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070715-032551-238 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070725-231432-203 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
backup-20070725-231451-640 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070726-092747-455 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
backup-20070726-092749-692 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070726-092749-839 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070726-224805-545 O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
backup-20070726-224805-587 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070813-024507-707 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070813-024507-873 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070906-032843-275 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1187859035531
backup-20070906-032843-470 O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
backup-20070906-032843-495 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070906-032943-287 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070906-032943-968 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070906-032951-752 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070906-033009-174 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070906-033009-261 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070906-033523-933 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070906-033545-470 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070906-035134-242 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20070906-035134-652 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070906-035134-692 O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
backup-20070906-035134-776 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20070906-035134-838 O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
backup-20070906-035134-904 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070906-035134-911 O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
backup-20070906-223820-728 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070906-223820-989 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070907-165859-184 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070907-165859-238 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070907-165859-968 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070908-045505-435 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070918-161204-396 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070918-161204-405 O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
backup-20070918-161204-563 O4 - HKLM\..\Run: [SmcService] D:\Security\FIREWA~1\Sygate\SPF\smc.exe -startgui
backup-20070918-161204-800 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070920-055123-510 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070926-010948-509 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070926-010948-824 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070926-011721-910 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070926-011722-896 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AntiVirScheduler (AntiVir Scheduler) - c:\program files\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; Scheduler>
S4 NMSAccess - d:\copy programs\tools\nmsaccess.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Communications Port
Device ID: ACPI\PNP0501\1
Manufacturer: (Standard port types)
Name: Communications Port (COM1)
PNP Device ID: ACPI\PNP0501\1
Service: Serial
Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Communications Port
Device ID: ACPI\PNP0501\2
Manufacturer: (Standard port types)
Name: Communications Port (COM2)
PNP Device ID: ACPI\PNP0501\2
Service: Serial
-- Files created between 2007-09-07 and 2007-10-07 -----------------------------
2007-09-20 11:02:11 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
2007-09-20 11:02:10 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
2007-09-20 11:01:49 0 d------c- C:\Program Files\Sygate
-- Find3M Report ---------------------------------------------------------------
2007-10-07 06:49:46 0 d------c- C:\Documents and Settings\Eros\Application Data\AVG7
2007-09-16 22:26:59 0 d-------- C:\Program Files\Common Files
2007-09-16 22:26:59 0 d------c- C:\Documents and Settings\Eros\Application Data\SUPERAntiSpyware.com
2007-08-26 20:14:05 0 d------c- C:\Program Files\Crapsoft
2007-08-15 20:15:48 0 --a----c- C:\Documents and Settings\Eros\Application Data\Install.xat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [10/15/2004 07:40 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/10/2005 04:06 AM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2007-10-07 09:45:08 ------------
Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 1.70GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 575.48 MiB / 326.53 MiB
Pagefile Memory (total/avail): 1407.08 MiB / 1173.83 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1962.43 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 14.33 GiB total, 1.75 GiB free.
D: is Fixed (NTFS) - 9.43 GiB total, 1.28 GiB free.
E: is CDROM (Unformatted)
F: is CDROM (No Media)
\\.\PHYSICALDRIVE1 - WDC AC310100B - 9.44 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 9.43 GiB - D:
\\.\PHYSICALDRIVE0 - WDC WD153AA - 14.33 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 14.33 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)
AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH) Outdated
AV: AVG 7.5.487 v7.5.487 (GRISOFT) Outdated
AV: AntiVir PersonalEdition Classic Virus Protection v 6.39.0.53
(AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v 7.0.0.56
(AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v 6.39.0.230
(AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v 6.39.1.87
(AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v 6.39.1.66
(AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Disabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Disabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Disabled:avgemc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Disabled:avginet.exe"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Eros\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WARPEDP4
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Eros
LOGONSERVER=\\WARPEDP4
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Eros\LOCALS~1\Temp
TMP=C:\DOCUME~1\Eros\LOCALS~1\Temp
USERDOMAIN=WARPEDP4
USERNAME=Eros
USERPROFILE=C:\Documents and Settings\Eros
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Eros (admin)
Administrator (new local, admin)
-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
--> D:\DivX\ConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Avira AntiVir PersonalEdition Classic --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
CDBurnerXP Pro 3 --> MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Codec Pack - All In 1 6.0.2.7 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
DivX Codec --> D:\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> D:\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> D:\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> D:\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> D:\DivX\DivXWebPlayerUninstall.exe /PLUGIN
GSpot Codec Information Appliance --> C:\Program Files\GSpot\Uninstall.exe
HD Tune 2.53 --> "D:\BenchMark\HD Tune\unins000.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 1.99.1 --> D:\Computer Tools\hijackthis\HijackThis.exe /uninstall
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSI MSIDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nimo Codecs Pack v5.0 (Remove Only) --> "C:\Program Files\NimoCodec Pack\uninstall.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
Sound Blaster Live! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
Unreal Tournament 2003 --> D:\Games\UT2003\System\Setup.exe uninstall "UT2003"
XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe"
Zero Assumption Recovery Version 7.9 --> "D:\More Computer Tools\ZAR\unins000.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type4798 / Warning
Event Submitted/Written: 09/28/2007 11:05:48 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type4753 / Error
Event Submitted/Written: 09/26/2007 02:24:19 AM
Event ID/Source: 4107 / H+BEDV AntiVir
Event Description:
The virus definition file is invalid or not is not compatible with the engine!
Returned error code: 6
Event Record #/Type4750 / Error
Event Submitted/Written: 09/26/2007 01:15:52 AM
Event ID/Source: 4107 / H+BEDV AntiVir
Event Description:
The virus definition file is invalid or not is not compatible with the engine!
Returned error code: 6
Event Record #/Type4746 / Error
Event Submitted/Written: 09/26/2007 00:17:39 AM
Event ID/Source: 4107 / H+BEDV AntiVir
Event Description:
The virus definition file is invalid or not is not compatible with the engine!
Returned error code: 6
Event Record #/Type4743 / Error
Event Submitted/Written: 09/25/2007 09:44:21 PM
Event ID/Source: 4107 / H+BEDV AntiVir
Event Description:
The virus definition file is invalid or not is not compatible with the engine!
Returned error code: 6
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type56749 / Warning
Event Submitted/Written: 10/07/2007 08:31:01 AM
Event ID/Source: 1073 / USER32
Event Description:
The attempt to reboot WARPEDP4 failed
Event Record #/Type56748 / Warning
Event Submitted/Written: 10/07/2007 08:30:09 AM
Event ID/Source: 1073 / USER32
Event Description:
The attempt to reboot WARPEDP4 failed
Event Record #/Type56646 / Error
Event Submitted/Written: 10/05/2007 08:53:38 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Event Record #/Type56510 / Error
Event Submitted/Written: 10/03/2007 04:43:43 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Event Record #/Type56427 / Error
Event Submitted/Written: 10/01/2007 04:43:42 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
-- End of Deckard's System Scanner: finished at 2007-10-07 09:45:08 ------------
Thanks
The two Virus programs I use are the only ones I've found that work together without fighting each other.
I thought they both were on demand type?
Heres DSS
Deckard's System Scanner v20070905.67
Run by Eros on 2007-10-07 09:37:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
33: 2007-10-07 15:37:55 UTC - RP552 - Deckard's System Scanner Restore Point
32: 2007-10-07 04:25:33 UTC - RP551 - System Checkpoint
31: 2007-10-06 03:11:41 UTC - RP550 - System Checkpoint
30: 2007-10-04 18:07:20 UTC - RP549 - System Checkpoint
29: 2007-10-03 17:38:02 UTC - RP548 - System Checkpoint
-- First Restore Point --
1: 2007-08-25 17:01:06 UTC - RP520 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 1.75 GiB (less than 15%) free.
-- HijackThis (run as Eros.exe) ------------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-07 09:42:51
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Documents and Settings\Eros\Desktop\dss.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: NMSAccess - Unknown owner - D:\Copy Programs\Tools\NMSAccess.exe
-- HijackThis Fixed Entries (D:\COMPUT~1\HIJACK~1\backups\) --------------------
backup-20070521-023708-174 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070521-023708-519 O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Security\Spyware Removers\superantispy\SUPERAntiSpyware.exe
backup-20070521-023708-739 O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
backup-20070521-023721-133 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20070521-023721-277 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070521-023721-707 O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
backup-20070521-023721-802 O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
backup-20070521-023721-893 O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
backup-20070521-023721-935 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20070615-181216-113 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070615-181216-799 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070615-181216-872 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070621-054757-228 O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
backup-20070621-054757-771 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070623-214554-490 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070623-214554-979 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070702-024739-224 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070702-024739-387 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1183188116546
backup-20070702-024741-178 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1183187911265
backup-20070702-024742-143 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070703-041149-198 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070713-015402-645 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070715-032551-238 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070725-231432-203 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
backup-20070725-231451-640 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070726-092747-455 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
backup-20070726-092749-692 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070726-092749-839 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070726-224805-545 O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
backup-20070726-224805-587 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070813-024507-707 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070813-024507-873 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070906-032843-275 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1187859035531
backup-20070906-032843-470 O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
backup-20070906-032843-495 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070906-032943-287 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070906-032943-968 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070906-032951-752 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070906-033009-174 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070906-033009-261 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070906-033523-933 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070906-033545-470 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070906-035134-242 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20070906-035134-652 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070906-035134-692 O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
backup-20070906-035134-776 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20070906-035134-838 O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
backup-20070906-035134-904 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070906-035134-911 O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
backup-20070906-223820-728 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070906-223820-989 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070907-165859-184 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070907-165859-238 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070907-165859-968 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070908-045505-435 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070918-161204-396 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070918-161204-405 O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
backup-20070918-161204-563 O4 - HKLM\..\Run: [SmcService] D:\Security\FIREWA~1\Sygate\SPF\smc.exe -startgui
backup-20070918-161204-800 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070920-055123-510 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070926-010948-509 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Security\Avast\Anti Virus\aswUpdSv.exe
backup-20070926-010948-824 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070926-011721-910 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070926-011722-896 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AntiVirScheduler (AntiVir Scheduler) - c:\program files\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; Scheduler>
S4 NMSAccess - d:\copy programs\tools\nmsaccess.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Communications Port
Device ID: ACPI\PNP0501\1
Manufacturer: (Standard port types)
Name: Communications Port (COM1)
PNP Device ID: ACPI\PNP0501\1
Service: Serial
Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Communications Port
Device ID: ACPI\PNP0501\2
Manufacturer: (Standard port types)
Name: Communications Port (COM2)
PNP Device ID: ACPI\PNP0501\2
Service: Serial
-- Files created between 2007-09-07 and 2007-10-07 -----------------------------
2007-09-20 11:02:11 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
2007-09-20 11:02:10 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
2007-09-20 11:01:49 0 d------c- C:\Program Files\Sygate
-- Find3M Report ---------------------------------------------------------------
2007-10-07 06:49:46 0 d------c- C:\Documents and Settings\Eros\Application Data\AVG7
2007-09-16 22:26:59 0 d-------- C:\Program Files\Common Files
2007-09-16 22:26:59 0 d------c- C:\Documents and Settings\Eros\Application Data\SUPERAntiSpyware.com
2007-08-26 20:14:05 0 d------c- C:\Program Files\Crapsoft
2007-08-15 20:15:48 0 --a----c- C:\Documents and Settings\Eros\Application Data\Install.xat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [10/15/2004 07:40 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/10/2005 04:06 AM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2007-10-07 09:45:08 ------------
Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 1.70GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 575.48 MiB / 326.53 MiB
Pagefile Memory (total/avail): 1407.08 MiB / 1173.83 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1962.43 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 14.33 GiB total, 1.75 GiB free.
D: is Fixed (NTFS) - 9.43 GiB total, 1.28 GiB free.
E: is CDROM (Unformatted)
F: is CDROM (No Media)
\\.\PHYSICALDRIVE1 - WDC AC310100B - 9.44 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 9.43 GiB - D:
\\.\PHYSICALDRIVE0 - WDC WD153AA - 14.33 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 14.33 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)
AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH) Outdated
AV: AVG 7.5.487 v7.5.487 (GRISOFT) Outdated
AV: AntiVir PersonalEdition Classic Virus Protection v 6.39.0.53
(AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v 7.0.0.56
(AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v 6.39.0.230
(AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v 6.39.1.87
(AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v 6.39.1.66
(AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Disabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Disabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Disabled:avgemc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Disabled:avginet.exe"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Eros\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WARPEDP4
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Eros
LOGONSERVER=\\WARPEDP4
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Eros\LOCALS~1\Temp
TMP=C:\DOCUME~1\Eros\LOCALS~1\Temp
USERDOMAIN=WARPEDP4
USERNAME=Eros
USERPROFILE=C:\Documents and Settings\Eros
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Eros (admin)
Administrator (new local, admin)
-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
--> D:\DivX\ConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Avira AntiVir PersonalEdition Classic --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
CDBurnerXP Pro 3 --> MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Codec Pack - All In 1 6.0.2.7 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
DivX Codec --> D:\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> D:\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> D:\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> D:\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> D:\DivX\DivXWebPlayerUninstall.exe /PLUGIN
GSpot Codec Information Appliance --> C:\Program Files\GSpot\Uninstall.exe
HD Tune 2.53 --> "D:\BenchMark\HD Tune\unins000.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 1.99.1 --> D:\Computer Tools\hijackthis\HijackThis.exe /uninstall
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSI MSIDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nimo Codecs Pack v5.0 (Remove Only) --> "C:\Program Files\NimoCodec Pack\uninstall.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
Sound Blaster Live! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
Unreal Tournament 2003 --> D:\Games\UT2003\System\Setup.exe uninstall "UT2003"
XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe"
Zero Assumption Recovery Version 7.9 --> "D:\More Computer Tools\ZAR\unins000.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type4798 / Warning
Event Submitted/Written: 09/28/2007 11:05:48 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type4753 / Error
Event Submitted/Written: 09/26/2007 02:24:19 AM
Event ID/Source: 4107 / H+BEDV AntiVir
Event Description:
The virus definition file is invalid or not is not compatible with the engine!
Returned error code: 6
Event Record #/Type4750 / Error
Event Submitted/Written: 09/26/2007 01:15:52 AM
Event ID/Source: 4107 / H+BEDV AntiVir
Event Description:
The virus definition file is invalid or not is not compatible with the engine!
Returned error code: 6
Event Record #/Type4746 / Error
Event Submitted/Written: 09/26/2007 00:17:39 AM
Event ID/Source: 4107 / H+BEDV AntiVir
Event Description:
The virus definition file is invalid or not is not compatible with the engine!
Returned error code: 6
Event Record #/Type4743 / Error
Event Submitted/Written: 09/25/2007 09:44:21 PM
Event ID/Source: 4107 / H+BEDV AntiVir
Event Description:
The virus definition file is invalid or not is not compatible with the engine!
Returned error code: 6
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type56749 / Warning
Event Submitted/Written: 10/07/2007 08:31:01 AM
Event ID/Source: 1073 / USER32
Event Description:
The attempt to reboot WARPEDP4 failed
Event Record #/Type56748 / Warning
Event Submitted/Written: 10/07/2007 08:30:09 AM
Event ID/Source: 1073 / USER32
Event Description:
The attempt to reboot WARPEDP4 failed
Event Record #/Type56646 / Error
Event Submitted/Written: 10/05/2007 08:53:38 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Event Record #/Type56510 / Error
Event Submitted/Written: 10/03/2007 04:43:43 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Event Record #/Type56427 / Error
Event Submitted/Written: 10/01/2007 04:43:42 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
-- End of Deckard's System Scanner: finished at 2007-10-07 09:45:08 ------------
Thanks
#6
Scotty
-
- Authentic Member
-
- 3,634 posts
Always Happy
Posted 07 October 2007 - 10:26 AM
Hi
Both anti-viruses are running in the process list. And both are out of date. I think your problem here could be the lack of hard drive space. There is no sign of malware, unless you are having any specific problems?
#7
twoxs
-
- New Member
-
- 4 posts
New Member
Posted 10 October 2007 - 10:30 PM
Thanks Scotty-
Yea, I know hard drives full and small, but hey, this system,
My "Warped P4", I saved from the scrap pile!!
The mother board is warped for real, under the cpu area this board is sagging about a half inch!!
My old boss had this in his office and when it died I replaced the major stuff in his box and later I
replaced all the caps around the cpu, they all had vented their tops and when this system worked I set
it up as a surfer at my girlfriends house and thats the only system I have running here and really should set up my AMD 3400 64 bit gamer but without some power hungry extras and then I'll be back to "about up to speed"! LOL!!
But I also have had an 80G sitting here and should just install it in this surfer!
L8R
#8
Scotty
-
- Authentic Member
-
- 3,634 posts
Always Happy
Posted 11 October 2007 - 02:52 AM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
