Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91632 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] HijackThis log


  • This topic is locked This topic is locked
7 replies to this topic

#1 JasonS

JasonS

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 28 May 2008 - 02:53 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:54:31 PM, on 5/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211557618953
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8484 bytes

Eh?

    Advertisements

Register to Remove


#2 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 31 May 2008 - 03:23 AM

Hi JasonS,

Please tell me what sort of problems you have been experiencing and what reason you have to suspect malware infection.

It appears that you have two antivirus programs running - AVG 8 and Avast!. Running one antivirus program is essential, but having two can cause conflicts, slow your system down and even cause stability problems without improving your security. You should use just one antivirus program and if you want an "2nd opinion", use an online scanner like Kaspersky's.

If you have two antivirus programs installed, then before proceeding, please remove one of them.
Please make sure you choose one currently capable of receiving updates, because an antivirus program without updates cannot protect your system effectively. If you have any problems, please stop and let me know.

------------------------------------------------------------------------

Clean with MalwareBytes' Anti-Malware
  • Please download the Installer to your Desktop from here:
    http://www.besttechi.../mbam-setup.exe
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to both of these options:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure everything is checked, and click Remove Selected.
  • When finished, a log will open in Notepad. Please save it to your Desktop, and post the contents in your reply.
  • The log can also be found here if you need it:
    • Start->All Programs->Malwarebytes' Anti-Malware->Logs

Download Deckard's System Scanner (DSS) to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply

Once complete, please post the MalwareBytes Antimalware report and both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.
ASAP & UNITE Member

#3 JasonS

JasonS

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 31 May 2008 - 02:17 PM

Thank you for the reply. I added Avast after I started having problems. The computer is very slow and freezes up to the point it is nearly unusable. AVG detects a LOT of viruses and malware, but will not delete them. Avast has found nothing.

#4 JasonS

JasonS

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 31 May 2008 - 05:45 PM

Deckard's System Scanner v20071014.68
Run by Beck on 2008-05-31 18:37:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
39: 2008-05-31 23:37:39 UTC - RP39 - Deckard's System Scanner Restore Point
38: 2008-05-31 02:09:29 UTC - RP38 - System Checkpoint
37: 2008-05-29 23:14:14 UTC - RP37 - System Checkpoint
36: 2008-05-28 19:40:47 UTC - RP36 - Software Distribution Service 3.0
35: 2008-05-28 04:56:14 UTC - RP35 - System Checkpoint


-- First Restore Point --
1: 2008-05-23 02:48:22 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Beck.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:39:32 PM, on 5/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Beck\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Beck.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211557618953
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8666 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: IDT High Definition Audio CODEC
Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801BD&REV_1022\4&2973568E&0&0001
Manufacturer: IDT
Name: IDT High Definition Audio CODEC
PNP Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801BD&REV_1022\4&2973568E&0&0001
Service: STHDA

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01BD1028&REV_01\4&2FE911E8&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01BD1028&REV_01\4&2FE911E8&0&0AF0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01BD1028&REV_0A\4&2FE911E8&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01BD1028&REV_0A\4&2FE911E8&0&0BF0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01BD1028&REV_05\4&2FE911E8&0&0CF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01BD1028&REV_05\4&2FE911E8&0&0CF0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01BD1028&REV_01\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01BD1028&REV_01\3&61AAA01&0&FB
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-05-31 17:01:47 436 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-05-25 22:40:04 370 --a------ C:\WINDOWS\Tasks\RegCure.job


-- Files created between 2008-04-30 and 2008-05-31 -----------------------------

2008-05-31 17:57:38 0 d-------- C:\Documents and Settings\Beck\Application Data\Malwarebytes
2008-05-31 17:57:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-31 17:57:28 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-26 20:04:20 0 d-------- C:\Program Files\Alwil Software
2008-05-25 22:38:11 0 d-------- C:\Program Files\RegCure
2008-05-25 22:12:51 0 d-------- C:\Program Files\Trend Micro
2008-05-25 22:00:21 0 d-------- C:\Documents and Settings\Beck\Application Data\Uniblue
2008-05-25 21:38:24 0 d--h----- C:\$AVG8.VAULT$
2008-05-24 07:50:44 0 d-------- C:\Documents and Settings\Beck\Application Data\Yahoo!
2008-05-24 07:50:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-23 22:37:23 0 d-------- C:\Logs
2008-05-23 20:40:31 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-23 19:31:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-23 19:27:26 0 d-------- C:\Program Files\Yahoo!
2008-05-23 19:05:48 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-23 19:05:44 0 d-------- C:\Program Files\AVG
2008-05-23 19:05:43 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-23 18:43:07 0 d-------- C:\Documents and Settings\Beck\Application Data\HP
2008-05-23 18:41:07 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-05-23 18:36:33 0 d-------- C:\Documents and Settings\Beck\Application Data\Macromedia
2008-05-23 18:33:11 0 d-------- C:\bin
2008-05-23 18:31:36 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-23 18:31:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-05-23 18:27:39 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-23 18:27:06 0 d-------- C:\Program Files\Common Files\HP
2008-05-23 18:24:27 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-23 18:23:43 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-23 18:17:28 117092 --a------ C:\WINDOWS\hpoins11.dat
2008-05-23 18:03:50 0 d-------- C:\TEMP
2008-05-23 18:03:19 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield unInstaller>
2008-05-23 18:02:30 0 d-------- C:\Program Files\HP
2008-05-23 17:38:36 0 d-------- C:\Documents and Settings\Beck\Application Data\Adobe
2008-05-23 13:40:28 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-23 13:40:15 0 d-------- C:\Program Files\Spyware Doctor
2008-05-23 13:40:15 0 d-------- C:\Documents and Settings\administrator\Application Data\PC Tools
2008-05-23 13:30:58 0 d-------- C:\Documents and Settings\administrator\Application Data\Adobe
2008-05-23 13:27:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-23 13:27:22 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-23 13:25:35 0 d-------- C:\Documents and Settings\administrator\Application Data\Identities
2008-05-23 13:25:30 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-23 13:25:26 0 d--h----- C:\Documents and Settings\administrator\Templates
2008-05-23 13:25:26 0 dr------- C:\Documents and Settings\administrator\Start Menu
2008-05-23 13:25:26 0 dr-h----- C:\Documents and Settings\administrator\SendTo
2008-05-23 13:25:26 0 dr-h----- C:\Documents and Settings\administrator\Recent
2008-05-23 13:25:26 0 d--h----- C:\Documents and Settings\administrator\PrintHood
2008-05-23 13:25:26 0 d--h----- C:\Documents and Settings\administrator\NetHood
2008-05-23 13:25:26 0 dr------- C:\Documents and Settings\administrator\My Documents
2008-05-23 13:25:26 0 d--h----- C:\Documents and Settings\administrator\Local Settings
2008-05-23 13:25:26 0 dr------- C:\Documents and Settings\administrator\Favorites
2008-05-23 13:25:26 0 d-------- C:\Documents and Settings\administrator\Desktop
2008-05-23 13:25:26 0 d--hs---- C:\Documents and Settings\administrator\Cookies
2008-05-23 13:25:26 0 dr-h----- C:\Documents and Settings\administrator\Application Data
2008-05-23 13:25:26 0 d---s---- C:\Documents and Settings\administrator\Application Data\Microsoft
2008-05-23 13:25:25 774144 --a------ C:\Documents and Settings\administrator\NTUSER.DAT
2008-05-23 13:24:48 0 d--hs---- C:\WINDOWS\CSC
2008-05-23 13:02:55 0 d-------- C:\Program Files\Microsoft Works
2008-05-23 13:02:46 0 d-------- C:\Program Files\MSBuild
2008-05-23 12:58:50 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-23 12:58:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-23 12:57:59 0 dr-h----- C:\MSOCache
2008-05-23 12:56:01 0 d-------- C:\Program Files\Java
2008-05-23 12:56:00 0 d-------- C:\Program Files\Common Files\Java
2008-05-23 12:00:54 0 d-------- C:\WINDOWS\system32\Dell
2008-05-23 11:11:52 0 d-------- C:\Program Files\Creative
2008-05-23 11:03:23 0 d-------- C:\Program Files\IDT
2008-05-23 10:31:10 0 d-------- C:\Program Files\CONEXANT
2008-05-23 10:26:59 0 d-------- C:\WINDOWS\Prefetch
2008-05-23 10:17:34 0 d-------- C:\WINDOWS\system32\scripting
2008-05-23 10:17:34 0 d-------- C:\WINDOWS\system32\en
2008-05-23 10:17:34 0 d-------- C:\WINDOWS\system32\bits
2008-05-23 10:17:34 0 d-------- C:\WINDOWS\l2schemas
2008-05-23 10:16:03 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-23 10:13:53 0 d-------- C:\WINDOWS\network diagnostic
2008-05-23 09:22:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-23 09:21:00 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-23 09:20:06 0 d--hs---- C:\Documents and Settings\Beck\UserData
2008-05-23 09:19:00 0 d-------- C:\WINDOWS\pss
2008-05-23 09:16:39 666 --a------ C:\WINDOWS\speed.reg
2008-05-23 09:09:56 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-23 09:09:40 0 d-------- C:\Program Files\ATI Technologies
2008-05-23 09:09:34 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-23 09:08:41 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-23 09:08:40 0 d-------- C:\Program Files\Broadcom
2008-05-23 09:07:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-22 21:49:35 770048 --a------ C:\WINDOWS\system32\BCMLogon.dll <Not Verified; Dell Inc.; Wireless Network Logon Provider>
2008-05-22 21:49:34 33664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2008-05-22 21:49:33 86016 --a------ C:\WINDOWS\system32\preflib.dll
2008-05-22 21:49:33 253952 --a------ C:\WINDOWS\system32\bcmwlu00.exe <Not Verified; Dell Inc.; Dell Wireless WLAN Card Uninstaller>
2008-05-22 21:49:32 20480 --a------ C:\WINDOWS\system32\WLTRYSVC.EXE
2008-05-22 21:49:32 1392640 --a------ C:\WINDOWS\system32\WLTRAY.EXE <Not Verified; Dell Inc.; Dell Wireless WLAN Card Wireless Network Tray Applet>
2008-05-22 21:49:32 2129920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL <Not Verified; BCGSoft Ltd; BCGControlBar Professional Dynamic Link Library>
2008-05-22 21:49:32 1253376 --a------ C:\WINDOWS\system32\BCMWLTRY.EXE <Not Verified; Dell Inc.; Dell Wireless WLAN Card Wireless Network Controller>
2008-05-22 21:49:32 69632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll <Not Verified; CACE Technologies; WinPcap low level packet library>
2008-05-22 21:49:32 757760 --a------ C:\WINDOWS\system32\bcm1xsup.dll
2008-05-22 21:49:32 0 d-------- C:\Program Files\Dell
2008-05-22 21:49:27 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-22 21:48:06 0 d-------- C:\Documents and Settings\Beck\Application Data\Identities
2008-05-22 21:47:57 0 dr------- C:\Documents and Settings\Beck\Favorites
2008-05-22 21:47:57 0 d-------- C:\Documents and Settings\Beck\Desktop
2008-05-22 21:47:57 0 d--hs---- C:\Documents and Settings\Beck\Cookies
2008-05-22 21:47:57 0 dr-h----- C:\Documents and Settings\Beck\Application Data
2008-05-22 21:47:56 0 d--h----- C:\Documents and Settings\Beck\Templates
2008-05-22 21:47:56 0 dr------- C:\Documents and Settings\Beck\Start Menu
2008-05-22 21:47:56 0 dr-h----- C:\Documents and Settings\Beck\SendTo
2008-05-22 21:47:56 0 dr-h----- C:\Documents and Settings\Beck\Recent
2008-05-22 21:47:56 0 d--h----- C:\Documents and Settings\Beck\PrintHood
2008-05-22 21:47:56 1572864 --ah----- C:\Documents and Settings\Beck\NTUSER.DAT
2008-05-22 21:47:56 0 d--h----- C:\Documents and Settings\Beck\NetHood
2008-05-22 21:47:56 0 dr------- C:\Documents and Settings\Beck\My Documents
2008-05-22 21:47:56 0 d--h----- C:\Documents and Settings\Beck\Local Settings
2008-05-22 21:47:03 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-22 21:47:01 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-22 21:46:59 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-05-22 21:46:59 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-05-22 21:46:59 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-05-22 21:46:59 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-05-22 21:46:59 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-22 21:46:42 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-05-22 21:46:42 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-05-22 21:46:42 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-05-22 21:46:42 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-22 21:46:41 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-22 21:43:07 0 d-------- C:\WINDOWS\system32\xircom
2008-05-22 21:43:07 0 d-------- C:\Program Files\microsoft frontpage
2008-05-22 21:42:55 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-05-22 21:42:55 0 d-------- C:\DELL
2008-05-22 21:42:43 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-22 21:42:23 0 -rahs---- C:\MSDOS.SYS
2008-05-22 21:42:23 0 -rahs---- C:\IO.SYS
2008-05-22 21:42:23 0 --a------ C:\CONFIG.SYS
2008-05-22 21:42:23 0 --a------ C:\AUTOEXEC.BAT
2008-05-22 21:41:21 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-05-22 21:41:12 0 dr------- C:\WINDOWS\Offline Web Pages
2008-05-22 21:41:11 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-22 21:41:02 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-22 21:40:39 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-22 21:40:00 0 d---s---- C:\WINDOWS\Tasks
2008-05-22 21:39:59 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-22 21:39:54 0 d-------- C:\WINDOWS\srchasst
2008-05-22 21:39:53 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-22 21:39:42 0 d-------- C:\Program Files\Movie Maker
2008-05-22 21:39:33 0 d-------- C:\WINDOWS\system32\Restore
2008-05-22 21:38:46 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-22 21:38:25 0 d-------- C:\WINDOWS\Registration
2008-05-22 21:38:16 0 d-------- C:\Program Files\Online Services
2008-05-22 21:38:08 0 d-------- C:\Program Files\Messenger
2008-05-22 21:38:04 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-22 21:37:16 0 d-------- C:\Program Files\Windows NT
2008-05-22 21:37:12 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-22 21:37:10 0 d-------- C:\WINDOWS\system32\Com
2008-05-22 16:15:36 0 d--hs---- C:\WINDOWS\Installer
2008-05-22 16:15:35 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-22 16:15:31 0 dr------- C:\Program Files
2008-05-22 16:15:31 0 d-------- C:\Program Files\Common Files
2008-05-22 16:15:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-22 16:15:03 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-05-22 16:15:03 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-05-22 16:15:03 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-05-22 16:15:03 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-05-22 16:15:03 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-05-22 16:15:03 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-05-22 16:15:03 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-05-22 16:15:03 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-05-22 16:15:03 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-05-22 16:15:03 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-05-22 16:15:03 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-05-22 16:15:03 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-05-22 16:15:03 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-05-22 16:15:03 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-05-22 16:15:03 0 dr------- C:\Documents and Settings\All Users\Documents
2008-05-22 16:15:03 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-05-22 16:14:49 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-22 16:14:49 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-22 16:14:44 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-05-22 16:14:44 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-22 16:14:43 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-05-22 16:14:43 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-22 16:14:14 0 d--hs---- C:\System Volume Information
2008-05-22 16:14:14 0 d-------- C:\Documents and Settings
2008-05-22 16:05:00 0 d-------- C:\WINDOWS
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\WinSxS
2008-05-22 16:05:00 0 dr------- C:\WINDOWS\Web
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\twain_32
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\wins
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\wbem
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\usmt
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\spool
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\Setup
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\ras
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\oobe
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\npp
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\mui
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\IME
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\ias
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\export
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\drivers
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-22 16:05:00 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\config
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\3076
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\2052
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\1054
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\1042
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\1041
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\1037
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\1033
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\1031
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\1028
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system32\1025
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\system
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\security
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\Resources
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\repair
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\Provisioning
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\PeerNet
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\pchealth
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\mui
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\msapps
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\msagent
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\Media
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\java
2008-05-22 16:05:00 0 d--h----- C:\WINDOWS\inf
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\ime
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\Help
2008-05-22 16:05:00 0 dr--s---- C:\WINDOWS\Fonts
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\ehome
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\Driver Cache
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\dell
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\Debug
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\Cursors
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\Config
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\AppPatch
2008-05-22 16:05:00 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-05-22 16:15:03 62 --ahs---- C:\Documents and Settings\Beck\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [03/16/2007 06:10 PM]
"IDTSysTrayApp"="sttray.exe" [09/05/2007 09:24 PM C:\WINDOWS\sttray.exe]
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [02/23/2005 03:57 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/23/2008 07:05 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 06:19 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 1:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2/10/2006 7:56:20 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [5/23/2008 12:56:51 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-796845957-725345543-500\Scripts\Logon\0\0]
"Script"=Pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-05-31 18:42:57 ------------

#5 JasonS

JasonS

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 31 May 2008 - 05:45 PM

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T5500 @ 1.66GHz
Percentage of Memory in Use: 29%
Physical Memory (total/avail): 2046.37 MiB / 1440.35 MiB
Pagefile Memory (total/avail): 3939.08 MiB / 3337.11 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.94 MiB

C: is Fixed (NTFS) - 54.48 GiB total, 33.4 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HM060HI - 54.49 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 54.48 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Beck\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BECK1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Beck
LOGONSERVER=\\BECK1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Beck\LOCALS~1\Temp
TMP=C:\DOCUME~1\Beck\LOCALS~1\Temp
USERDOMAIN=BECK1
USERNAME=Beck
USERPROFILE=C:\Documents and Settings\Beck
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Beck (admin)
administrator (new local, admin, net ready)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5CC79D7E-33F3-41E6-A22E-E886BA8041DA}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Broadcom 440x 10/100 Integrated Controller --> MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
J2SE Runtime Environment 5.0 Update 15 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150150}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9 /remove
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
RegCure 1.5.0.1 --> C:\Program Files\RegCure\uninst.exe
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Sound Blaster ADVANCED MB Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9 /remove
Sound Blaster Audigy ADVANCED MB Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9 /remove
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! 工具列 --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type568 / Error
Event Submitted/Written: 05/31/2008 01:12:03 PM
Event ID/Source: 455 / ESENT
Event Description:
wuaueng.dll (2792) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Event Record #/Type567 / Error
Event Submitted/Written: 05/31/2008 01:12:03 PM
Event ID/Source: 489 / ESENT
Event Description:
wuauclt (2792) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type566 / Error
Event Submitted/Written: 05/31/2008 01:11:53 PM
Event ID/Source: 455 / ESENT
Event Description:
wuaueng.dll (2792) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Event Record #/Type565 / Error
Event Submitted/Written: 05/31/2008 01:11:53 PM
Event ID/Source: 489 / ESENT
Event Description:
wuauclt (2792) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type562 / Warning
Event Submitted/Written: 05/30/2008 11:24:25 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}', feature 'DocViewerExe' failed during request for component '{916C2D9A-BB97-4065-9F32-153578753C3A}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1396 / Warning
Event Submitted/Written: 05/30/2008 08:54:53 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "BCMWLTRY Windows Application"

Event Record #/Type1395 / Warning
Event Submitted/Written: 05/30/2008 08:54:53 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "BCMWLTRY Windows Application"

Event Record #/Type1394 / Warning
Event Submitted/Written: 05/30/2008 08:54:53 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "BCMWLTRY Windows Application"

Event Record #/Type1393 / Warning
Event Submitted/Written: 05/30/2008 08:54:53 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "BCMWLTRY Windows Application"

Event Record #/Type1392 / Warning
Event Submitted/Written: 05/30/2008 08:54:53 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "BCMWLTRY Windows Application"



-- End of Deckard's System Scanner: finished at 2008-05-31 18:42:57 ------------

#6 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 31 May 2008 - 08:01 PM

Hi JasonS,

Please open AVG, check the log or event history and post some examples of the malware found by this program.

As per my first post, running two antivirus programs can cause serious system problems and will not improve your security, please remove one of them via Start->Control Panel->Add/Remove Programs before continuing. If you have any problems please let me know.

Please do an online scan with Kaspersky:
Open Kaspersky Online Scanner in Internet Explorer using this link:
http://www.kaspersky...kavwebscan.html
  • Click Accept and the web scanner will begin to load
  • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
  • You will be prompted to install an ActiveX component from Kaspersky, click Install
  • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Next and then Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save Report As... button, change Save as type: to Text file and save the file to your desktop as Kaspersky.txt
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

When complete, please confirm which antivirus program you have removed, post the AVG information, the Kaspersky report and a new HijackThis log.
ASAP & UNITE Member

#7 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 03 June 2008 - 08:51 PM

How are you getting on? If the instructions are unclear or something isn't working, please let me know before proceeding.
ASAP & UNITE Member

#8 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 06 June 2008 - 08:09 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log
ASAP & UNITE Member

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users