WinXP PC Windows Applications constantly not responding

BullGuard Antivirus Forum > Virus Removal > Removal Help > WinXP PC Windows Applications constantly not responding

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

jk48326
New Member

Date Joined Sep 2009
Total Posts : 15

Posted 9-19-2009 4:33 (GMT +1)

Problem Synopsis: PC hangs at strange times, and quite often. Basically, it looks like the PC is suffering from some hidden application that is constantly hijacking resources and not permitting PC operations to occur, that would normally see immediate response. The PC used to respond as expected, where menus and application launches would respond immediately. I have run Cclean, Malwarebytes, DDS, updated Java, and run HJT, yet 60% of the time I am seeing this behavior. I don’t see your recommendation to run ComboFix. Should I run that too? Do you need the RSIT logfile too?

PC Description: MS Windows XP Home SP3

Intel Pentium 4 CPU, 3GHZ, 1.0GB RAM, Intel 82865G Graphics Controller

Virus Protection: AVG Free, Ver 8.5.409

Virus Scans are coming up clean. Malware scans are coming up clear. But here are a few of the typical behaviors:

Start Button:

Click the ‘Start’ button, wait for up to 20 seconds for the menu to respond, another 10seconds before the menu is populated, another 10seconds before menu entries can be selected. It appears that the Start menu is not being permitted to run, or it is waiting for something else to complete before it can run. If you click the unresponsive ‘Start’ button 10 times, then in maybe 30 seconds, when it is finally responsive, the Menu bar will open and close all 10 times, so the PC is seeing most inputs.

Internet Explorer:

Open windows will lock and ‘Not Responding’ will appear in the banner. Window will lock for up to 60seconds at a time. Checking Windows Task Manager, CPU Usage is low, Page File Usage is often at 1.5M or 75% of usage. If IE is left running overnight, by morning all IE windows will be completely unresponsive.

Quick Lauch:

Quick launch will often be unresponsive for up to 20seconds at a time, then when the icons are enabled, selecting them won’t launch its application for up to 20seconds.

File Manager:

File Manager will lock at time. While open, if you select it, sometimes it will be non-responsive for 15seconds at a time. Question: What are the chances that AVG is scanning everything, all the time, before File Manager is permitted to display the contents of any folder?

I'll post the logfiles in separate posts. Let me know what you find or what else I should do. THANKS !!

jk48326
New Member

Date Joined Sep 2009
Total Posts : 15

Posted 9-19-2009 4:40 (GMT +1)

I am unsure about removing old Java components. I'll post a screen capture of my 'add/remove programs' window. I am curious if 'JSE Runtime Environment 5.0' components are 'old' and should they be removed as part of your advice in removing old components? I already removed 2 of these, then started to question whether 'JSE' was related to your advice of removing older versions of 'Java(TM) 6'.

If I was incorrect in removing some of these J2SE components, how should I go about retrieving those Updates?

Thanks !!

I uploaded the screen capture file, but the Attachment Manager hasn't convinced me that it is actually attached. I'll trust it anyway rather than accidentally posting twice.

Image Attachment :

Java_J2SE_screenCapture.JPG 65KB (image/pjpeg)

This image has been viewed 58 time(s).

jk48326
New Member

Date Joined Sep 2009
Total Posts : 15

Posted 9-19-2009 4:41 (GMT +1)

Malwarebytes' Anti-Malware 1.41
Database version: 2819
Windows 5.1.2600 Service Pack 3

9/18/2009 3:44:43 AM
mbam-log-2009-09-18 (03-44-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 231436
Time elapsed: 1 hour(s), 22 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jk48326
New Member

Date Joined Sep 2009
Total Posts : 15

Posted 9-19-2009 4:43 (GMT +1)

DDS (Ver_09-07-30.01) - NTFSx86
Run by Jim at 23:21:14.91 on Fri 09/18/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.130 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\QUICKEN\bagent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jim\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 129.74.152.66:3124
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [QuickenScheduledUpdates] c:\progra~1\quicken\bagent.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\jim\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: skygolfgps.com\www
Trusted Zone: turbotax.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - hxxps://mygmgw.gm.com/http://usabhma06.mail.gm.com/iNotes.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mygmgw.gm.com/http://usabhembma19.mail.gm.com/iNotes6W.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232622251765
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - hxxp://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jim\applic~1\mozilla\firefox\profiles\0vu6jjhf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-20 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-1-29 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-20 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-15 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-15 297752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-2 133104]

=============== Created Last 30 ================

2009-09-17 16:01 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-09-09 23:21 153,088 -------- c:\windows\system32\dllcache\triedit.dll

==================== Find3M ====================

2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-15 02:44 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-15 02:44 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-25 19:01 8,266 a------- c:\windows\extend.dat
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-15 08:39 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 05:48 219,648 a------- c:\windows\PEV.exe
2009-07-10 09:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2008-09-15 16:19 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080916\index.dat

============= FINISH: 23:22:29.28 ===============

jk48326
New Member

Date Joined Sep 2009
Total Posts : 15

Posted 9-19-2009 4:45 (GMT +1)

(I tried to 'attach' this to the last post, but the Upload Manager said that I wasn't permitted to attach files that contained 'plain text' for some reason. This file isn't that big, so I'll post it anyway)

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/8/2005 1:34:09 AM
System Uptime: 9/17/2009 4:02:08 PM (31 hours ago)

Motherboard: Dell Computer Corp. | | 0TC666
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 145 GiB total, 12.824 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1087: 6/21/2009 3:09:04 PM - System Checkpoint
RP1088: 6/22/2009 4:09:03 PM - System Checkpoint
RP1089: 6/23/2009 5:09:07 PM - System Checkpoint
RP1090: 6/24/2009 5:21:05 PM - System Checkpoint
RP1091: 6/25/2009 6:33:05 PM - System Checkpoint
RP1092: 6/26/2009 7:21:11 PM - System Checkpoint
RP1093: 6/27/2009 3:37:41 AM - Avg8 Update
RP1094: 6/27/2009 3:48:54 AM - Avg8 Update
RP1095: 6/28/2009 5:10:05 AM - System Checkpoint
RP1096: 6/29/2009 5:44:41 AM - System Checkpoint
RP1097: 6/30/2009 8:15:26 AM - System Checkpoint
RP1098: 7/1/2009 8:50:37 AM - System Checkpoint
RP1099: 7/2/2009 9:26:34 AM - System Checkpoint
RP1100: 7/3/2009 9:31:18 AM - System Checkpoint
RP1101: 7/4/2009 11:55:16 AM - System Checkpoint
RP1102: 7/5/2009 2:38:22 AM - Avg8 Update
RP1103: 7/5/2009 2:39:26 AM - Avg8 Update
RP1104: 7/6/2009 3:21:05 AM - System Checkpoint
RP1105: 7/7/2009 3:25:00 AM - System Checkpoint
RP1106: 7/8/2009 4:25:48 AM - System Checkpoint
RP1107: 7/9/2009 5:24:59 AM - System Checkpoint
RP1108: 7/10/2009 5:37:01 AM - System Checkpoint
RP1109: 7/11/2009 4:15:05 AM - Avg8 Update
RP1110: 7/12/2009 4:25:27 AM - System Checkpoint
RP1111: 7/13/2009 5:24:36 AM - System Checkpoint
RP1112: 7/14/2009 6:24:30 AM - System Checkpoint
RP1113: 7/15/2009 3:00:52 AM - Software Distribution Service 3.0
RP1114: 7/15/2009 8:39:07 AM - Installed Java(TM) 6 Update 14
RP1115: 7/16/2009 9:33:51 AM - System Checkpoint
RP1116: 7/17/2009 9:34:00 AM - System Checkpoint
RP1117: 7/18/2009 10:34:02 AM - System Checkpoint
RP1118: 7/19/2009 4:12:44 AM - Avg8 Update
RP1119: 7/20/2009 6:24:46 AM - System Checkpoint
RP1120: 7/21/2009 7:36:46 AM - System Checkpoint
RP1121: 7/22/2009 8:12:45 AM - System Checkpoint
RP1122: 7/23/2009 10:00:52 AM - System Checkpoint
RP1123: 7/26/2009 3:59:58 PM - System Checkpoint
RP1124: 7/27/2009 4:12:38 PM - System Checkpoint
RP1125: 7/28/2009 5:12:43 PM - System Checkpoint
RP1126: 7/29/2009 3:00:24 AM - Software Distribution Service 3.0
RP1127: 7/30/2009 3:12:38 AM - System Checkpoint
RP1128: 7/31/2009 4:13:10 AM - System Checkpoint
RP1129: 8/1/2009 5:12:41 AM - System Checkpoint
RP1130: 8/2/2009 6:12:51 AM - System Checkpoint
RP1131: 8/13/2009 4:28:52 PM - Software Distribution Service 3.0
RP1132: 8/14/2009 5:36:28 PM - System Checkpoint
RP1133: 8/15/2009 2:43:27 AM - Avg8 Update
RP1134: 8/15/2009 2:45:03 AM - Avg8 Update
RP1135: 8/16/2009 9:25:59 AM - System Checkpoint
RP1136: 8/17/2009 10:36:19 AM - System Checkpoint
RP1137: 8/18/2009 11:48:18 AM - System Checkpoint
RP1138: 8/19/2009 1:00:18 PM - System Checkpoint
RP1139: 8/20/2009 2:01:59 PM - System Checkpoint
RP1140: 8/21/2009 2:25:58 PM - System Checkpoint
RP1141: 8/22/2009 2:54:12 PM - System Checkpoint
RP1142: 8/25/2009 3:05:53 AM - System Checkpoint
RP1143: 8/26/2009 8:27:27 AM - System Checkpoint
RP1144: 8/27/2009 3:00:18 AM - Software Distribution Service 3.0
RP1145: 8/28/2009 10:20:56 AM - System Checkpoint
RP1146: 8/29/2009 11:49:16 AM - System Checkpoint
RP1147: 8/30/2009 1:08:42 PM - System Checkpoint
RP1148: 8/31/2009 1:09:14 PM - System Checkpoint
RP1149: 9/1/2009 1:33:14 PM - System Checkpoint
RP1150: 9/2/2009 1:45:15 PM - System Checkpoint
RP1151: 9/3/2009 2:09:15 PM - System Checkpoint
RP1152: 9/4/2009 2:33:18 PM - System Checkpoint
RP1153: 9/5/2009 2:45:13 PM - System Checkpoint
RP1154: 9/6/2009 3:45:15 PM - System Checkpoint
RP1155: 9/7/2009 4:45:11 PM - System Checkpoint
RP1156: 9/8/2009 5:21:13 PM - System Checkpoint
RP1157: 9/9/2009 6:33:08 PM - System Checkpoint
RP1158: 9/10/2009 3:00:24 AM - Software Distribution Service 3.0
RP1159: 9/12/2009 11:57:04 AM - System Checkpoint
RP1160: 9/13/2009 1:01:03 PM - System Checkpoint
RP1161: 9/14/2009 1:13:05 PM - System Checkpoint
RP1162: 9/15/2009 1:18:11 PM - System Checkpoint
RP1163: 9/16/2009 1:42:10 PM - System Checkpoint
RP1164: 9/17/2009 2:20:44 PM - Software Distribution Service 3.0
RP1165: 9/17/2009 3:59:17 PM - Restore Operation
RP1166: 9/17/2009 7:27:27 PM - 9/17/2009, before running CCleaner-RegistryClean
RP1167: 9/18/2009 7:51:17 PM - System Checkpoint

==== Installed Programs ======================

1310
1310_Help
1310Tour
1310Trb
2001 TurboTax Premier
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Adobe Reader Chinese Traditional Fonts
Adobe Shockwave Player
AiO_Scan
AIOMinimal
AiOSoftware
AnswerWorks 5.0 English Runtime
AOLIcon
AVG Free 8.5
Bitzi's Bitcollider 0.6.0
BUM
CCleaner (remove only)
Copy
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
Deer Avenger 4
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support Center
Dell System Restore
DellSupport
Director
DMX Update
DocProc
Download Updater (AOL LLC)
DVD X Copy Platinum 4.0.3
DVD X Rescue
EarthLink setup files
ESPN Java Check
Expert Do-It-Yourself Lawyer
Fax
GdiplusUpgrade
Google Earth Plugin
Google Talk (remove only)
Google Update Helper
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HPSystemDiagnostics
InstantShare
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
ItsDeductible Express
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 14
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
KODAK EASYSHARE Gallery Easy Upload, v2.1
KODAK EASYSHARE Gallery Upload ActiveX Control
Learn2 Player (Uninstall Only)
LogViewer
Macromedia Flash Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Event Monitor
Modem Helper
Modem On Hold
Monopoly
Mozilla Firefox (3.5.2)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch® Jukebox
My Way Search Assistant
OpenOffice.org 3.0
overland
PhotoGallery
PokerStars
PowerDVD 5.5
PrintScreen
QFolder
QuickBooks Simple Start Special Edition
Quicken 2008
Quicken WillMaker Plus 2005
Quicken WillMaker Plus 2008
QuickProjects
QuickTime
Readme
RealPlayer
SafeCast Shared Components
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SkinsHP1
SkinsHP2
SkyCaddie Desktop
Sonic Audio module
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
TrayApp
TurboTax Basic 2002
TurboTax Deluxe 2005
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
TurboTax Premier 2004
TurboTax Premier Home & Business 2002
TurboTax Premier Home & Business 2003
Unload
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
WexTech AnswerWorks
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8 Release Candidate 1
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12

==== Event Viewer Messages From Past Week ========

9/17/2009 3:50:46 PM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 8070194f, parameter3 f79c6c30, parameter4 f79c692c.
9/16/2009 4:44:50 PM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 80515b55, parameter3 f79cec34, parameter4 f79ce930.

==== End Of File ===========================

jk48326
New Member

Date Joined Sep 2009
Total Posts : 15

Posted 9-19-2009 4:47 (GMT +1)

More info: I recently installed Yahoo IM and immediately got a Blue Screen halt. This happened twice in one day just after installing Yahoo IM. I tried uninstalling it and got the Blue Screen again. I performed a Restore Operation on 9/17, going back 1 day. I have not seen the Blue Screen since.

RP1165: 9/17/2009 3:59:17 PM - Restore Operation

Do you have a recommendation whether to ever ever ever use Yahoo IM ??

jk48326
New Member

Date Joined Sep 2009
Total Posts : 15

Posted 9-19-2009 4:48 (GMT +1)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:23 AM, on 9/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\QUICKEN\bagent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office\Winword.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.74.152.66:3124
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\PROGRA~1\QUICKEN\bagent.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://mygmgw.gm.com/http://usabhma06.mail.gm.com/iNotes.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mygmgw.gm.com/http://usabhembma19.mail.gm.com/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232622251765
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 11619 bytes

jk48326
New Member

Date Joined Sep 2009
Total Posts : 15

Posted 9-19-2009 4:59 (GMT +1)

A few more quirks I will explain.

1) Very often I am naturally myself wanting to select a hot link on a website or an activation button in an application, or selecting text in a file. What I see periodically is that it no longer takes '1 click' to do any of this. I already deleted this post because I wanted to change it, and the actual 'remove' button needed to be pushed twice. It ignored me the first time.

2) I ran the 'RSIT' application that I read about in another post. It looks like I might have pieces of BearShare still laying around on the PC, which could be the cause of all of these strange behaviors. I know that you recommend removal of these sorts of programs before even starting a forum. I have removed both BearShare and Limewire, but remnants of both could still be hiding somewhere.

Should I post the RSIT logs?

3) I have tried removing 'Musicmatch® Jukebox' and then decided that I still wanted it. I am not sure if I succeeded in reinstalling it or not. It is behaving strangely and sometimes not at all, but it is not a critical program for me anyway. Same with RealPlayer. I suspect that both are just massive spyware anyway. Do you have advice on these two programs?

jk48326
New Member

Date Joined Sep 2009
Total Posts : 15

Posted 9-19-2009 5:01 (GMT +1)

info.txt logfile of random's system information tool 1.06 2009-09-19 11:27:36

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2001 TurboTax Premier-->C:\Program Files\Tax01\TaxUnst.EXE "C:\Program Files\Tax01\Uninstall.log" -NoGui
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Reader Chinese Traditional Fonts-->MsiExec.exe /I{AC76BA86-7AD7-2448-0000-705000000001}
Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bitzi's Bitcollider 0.6.0-->C:\PROGRA~1\BITCOL~1\UNWISE.EXE C:\PROGRA~1\BITCOL~1\INSTALL.LOG
BUM-->MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Deer Avenger 4-->C:\PROGRA~1\DEERAV~1\UNWISE.EXE /U C:\PROGRA~1\DEERAV~1\INSTALL.LOG
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Picture Studio v3.0-->MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
DMX Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE8913B7-B2C4-48BE-8A26-84390FF4F231}\Setup.exe" -l0x9 -L0x9 /SMAINT
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
DVD X Copy Platinum 4.0.3-->"C:\Program Files\321Studios\Platinum\uninstall.exe"
DVD X Rescue-->C:\PROGRA~1\321STU~1\DVDXRE~1\UNWISE.EXE C:\PROGRA~1\321STU~1\DVDXRE~1\INSTALL.LOG
EarthLink setup files-->MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
Expert Do-It-Yourself Lawyer-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Expert Software\Do-It-Yourself Lawyer\DeIsL1.isu"
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Earth Plugin-->MsiExec.exe /I{B535B621-5559-11DE-A7A1-005056806466}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Documents and Settings\Jim\Desktop\FIX\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Image Zone 3.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5-->"C:\Program Files\HP\Digital Imaging\{18E0918E-1060-48f3-925C-56C82E88551B}\setup\hpzscr01.exe" -datfile hposcr03.dat
Intel(R) 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
ItsDeductible Express-->MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch-->C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LogViewer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5090856-6E87-4AE1-B6FE-DD4149CB097A}\Setup.exe" -l0x9
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 97, Professional Edition-->C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Monopoly-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Monopoly\Uninst.isu"
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickBooks Simple Start Special Edition-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
Quicken 2008-->MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
Quicken WillMaker Plus 2005-->C:\WINDOWS\unvise32.exe C:\Program Files\Quicken WillMaker Plus 2005\uninstal.log
Quicken WillMaker Plus 2008-->C:\WINDOWS\unvise32.exe C:\Program Files\Quicken WillMaker Plus 2008\uninstal.log
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SafeCast Shared Components-->C:\WINDOWS\CDAC13BA.EXE /uninstall
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SkyCaddie Desktop-->"C:\Program Files\SkyGolf\SkyCaddie Desktop\UninstSkyCaddie.exe"
Sonic Audio module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TurboTax Basic 2002-->C:\Program Files\TurboTax\Basic 2002\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2002\Uninstall.log" -NoGui
TurboTax Deluxe 2005-->C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006-->C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005-->MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
TurboTax Premier 2004-->C:\Program Files\TurboTax\Premier 2004\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2004\Uninstall.log" -NoGui
TurboTax Premier Home & Business 2002-->C:\Program Files\TurboTax\Premier Home & Business 2002\TaxUnst.EXE "C:\Program Files\TurboTax\Premier Home & Business 2002\Uninstall.log" -NoGui
TurboTax Premier Home & Business 2003-->C:\Program Files\TurboTax\Premier Home & Business 2003\TaxUnst.EXE "C:\Program Files\TurboTax\Premier Home & Business 2003\Uninstall.log" -NoGui
Update for Windows Internet Explorer 8 (KB961813)-->"C:\WINDOWS\ie8updates\KB961813-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Internet Explorer 8 Release Candidate 1-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free (disabled)

======System event log======

Computer Name: MATISSE
Event Code: 7901
Message: The At32.job command failed to start due to the following error:
%%2147942402

Record Number: 27373
Source Name: Schedule
Time Written: 20090707070000.000000-240
Event Type: error
User:

Computer Name: MATISSE
Event Code: 7901
Message: The At7.job command failed to start due to the following error:
%%2147942402

Record Number: 27372
Source Name: Schedule
Time Written: 20090707060000.000000-240
Event Type: error
User:

Computer Name: MATISSE
Event Code: 7901
Message: The At31.job command failed to start due to the following error:
%%2147942402

Record Number: 27371
Source Name: Schedule
Time Written: 20090707060000.000000-240
Event Type: error
User:

Computer Name: MATISSE
Event Code: 7901
Message: The At6.job command failed to start due to the following error:
%%2147942402

Record Number: 27370
Source Name: Schedule
Time Written: 20090707050000.000000-240
Event Type: error
User:

Computer Name: MATISSE
Event Code: 7901
Message: The At30.job command failed to start due to the following error:
%%2147942402

Record Number: 27369
Source Name: Schedule
Time Written: 20090707050000.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: MATISSE
Event Code: 1000
Message: Faulting application bearshare.exe, version 5.2.4.7, faulting module unknown, version 0.0.0.0, fault address 0x00000103.

Record Number: 509
Source Name: Application Error
Time Written: 20060715090148.000000-240
Event Type: error
User:

Computer Name: MATISSE
Event Code: 1000
Message: Faulting application bearshare.exe, version 5.2.4.7, faulting module unknown, version 0.0.0.0, fault address 0x00000103.

Record Number: 507
Source Name: Application Error
Time Written: 20060714141343.000000-240
Event Type: error
User:

Computer Name: MATISSE
Event Code: 1000
Message: Faulting application bearshare.exe, version 5.2.4.7, faulting module unknown, version 0.0.0.0, fault address 0x00000103.

Record Number: 506
Source Name: Application Error
Time Written: 20060714074213.000000-240
Event Type: error
User:

Computer Name: MATISSE
Event Code: 1000
Message: Faulting application bearshare.exe, version 5.2.4.7, faulting module unknown, version 0.0.0.0, fault address 0x00000103.

Record Number: 503
Source Name: Application Error
Time Written: 20060712150328.000000-240
Event Type: error
User:

Computer Name: MATISSE
Event Code: 1000
Message: Faulting application bearshare.exe, version 5.2.4.7, faulting module unknown, version 0.0.0.0, fault address 0x00000103.

Record Number: 501
Source Name: Application Error
Time Written: 20060712091100.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"VERSION"=3.0.5.001
"SESSIONID"=1120691547954htx60561b5a415:104fd618317:5d18
"COLLECTIONID"=COL8143
"ITEMID"=dj-22741-15
"UPDATEDIR"=C:\DOCUME~1\Jim\LOCALS~1\Temp\radB7A11.tmp
"TOOLPATH"=/C:\Program%20Files\HP\HP%20Software%20Update\install.htm
"HMSERVER"=https://wwss1pro.cce.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.22.20030804
"OSVER"=winXPH
"LANG"=1033
"TIMEOUT"=0

-----------------EOF-----------------

jk48326
New Member

Date Joined Sep 2009
Total Posts : 15

Posted 9-19-2009 5:02 (GMT +1)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jim at 2009-09-19 11:27:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (9%) free of 149 GB
Total RAM: 1022 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:32 AM, on 9/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\QUICKEN\bagent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office\Winword.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\5TEIQK60\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Jim.exe

--
End of file - 11732 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-15 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 118844]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-07-31 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"mmtask"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [2004-09-14 53248]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2005-01-12 241664]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-05-31 122941]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-10-09 16384]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2006-11-07 1121280]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-15 2007832]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-10-09 202544]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-03-11 180269]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-31 149280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-10-09 202544]
"QuickenScheduledUpdates"=C:\PROGRA~1\QUICKEN\bagent.exe [2008-04-21 87328]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Documents and Settings\Jim\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-15 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\SYSTEM32\MSHTA.EXE"="C:\WINDOWS\SYSTEM32\MSHTA.EXE:*:Enabled:Microsoft (R) HTML Application host"
"C:\Program Files\Quicken WillMaker Plus 2005\qwp.exe"="C:\Program Files\Quicken WillMaker Plus 2005\qwp.exe:*:Enabled:Quicken WillMaker Plus 2005 application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe"="C:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe:*:Enabled:SkyCaddie Desktop"
"C:\WINDOWS\SYSTEM32\dpvsetup.exe"="C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\SYSTEM32\rundll32.exe"="C:\WINDOWS\SYSTEM32\rundll32.exe:*:Enabled:Run a DLL as an App"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f975347-2285-11de-bde4-001320634e8a}]
shell\AutoRun\command - F:\setupSNK.exe

======List of files/folders created in the last 1 months======

2009-09-19 11:27:24 ----D---- C:\rsit
2009-09-19 10:59:40 ----D---- C:\Program Files\Trend Micro
2009-09-19 10:17:24 ----A---- C:\WINDOWS\system32\REN1F8.tmp
2009-09-19 10:17:24 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-19 10:17:24 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-19 10:17:24 ----A---- C:\WINDOWS\system32\java.exe
2009-09-17 14:21:58 ----DC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-10 03:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-10 03:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-08-27 03:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$

======List of files/folders modified in the last 1 months======

2009-09-19 11:27:25 ----D---- C:\WINDOWS\Prefetch
2009-09-19 10:59:40 ----RD---- C:\Program Files
2009-09-19 10:25:32 ----D---- C:\Program Files\Java
2009-09-19 10:25:22 ----D---- C:\WINDOWS\SYSTEM32
2009-09-19 10:25:19 ----SHD---- C:\WINDOWS\Installer
2009-09-19 10:17:26 ----D---- C:\WINDOWS\temp
2009-09-19 10:15:09 ----D---- C:\Downloads
2009-09-19 03:52:51 ----HD---- C:\$AVG8.VAULT$
2009-09-18 22:45:32 ----HD---- C:\WINDOWS\INF
2009-09-18 22:45:32 ----D---- C:\WINDOWS
2009-09-18 07:06:49 ----A---- C:\WINDOWS\WIN.INI
2009-09-18 05:23:04 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-18 02:21:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-18 02:21:30 ----D---- C:\WINDOWS\system32\DRIVERS
2009-09-17 19:24:13 ----D---- C:\WINDOWS\Debug
2009-09-17 19:24:12 ----D---- C:\WINDOWS\Minidump
2009-09-17 19:15:15 ----D---- C:\My Music
2009-09-17 18:31:16 ----D---- C:\Program Files\Mozilla Firefox
2009-09-17 16:09:42 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-17 16:09:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-17 16:03:12 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
2009-09-17 16:01:53 ----D---- C:\WINDOWS\system32\CONFIG
2009-09-17 16:01:32 ----D---- C:\WINDOWS\system32\WBEM
2009-09-17 16:01:31 ----D---- C:\WINDOWS\Registration
2009-09-17 16:00:12 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-09-17 15:59:37 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-09-17 14:20:10 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-17 11:25:08 ----D---- C:\Documents and Settings\All Users\Application Data\yahoo!
2009-09-15 04:14:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-15 04:10:13 ----D---- C:\WINDOWS\network diagnostic
2009-09-10 08:31:36 ----D---- C:\Documents and Settings\Jim\Application Data\Real
2009-09-03 23:49:43 ----D---- C:\WINDOWS\system32\FxsTmp
2009-08-28 17:38:20 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-15 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-15 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-06 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []
R2 CDRPDACC;Arrowkey Device Access; \??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2241]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-02-26 51056]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-02-26 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-02-26 21488]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2006-06-04 34528]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Jim\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbser;SkyCaddie USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-15 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-15 297752]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2006-04-13 52736]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-31 153376]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-10-09 202544]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-02 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

jk48326
New Member

Date Joined Sep 2009
Total Posts : 15

Posted 9-19-2009 5:07 (GMT +1)

Finally, I should tell you that I had a bout with the 'SHeur2.MKJ Trojan Horse' this past January, 2009. It was a bit of a chore to remove it because AVG kept on finding it and deleting it, but it would keep on reappearing upon reboot or rerunning of the AVG scan. That time was when I first found YOU guys, and it was information from your forum that taught me hot to get rid of this Trojan Horse. It took Ccleaner, Malwarebytes, and ComboFix to get rid of it, by following your self-help instructions. So I didn't need to post anything at that time.

Perhaps the behaviors I am seeing now, might be remnants of that Trojan Horse.

I'll attach screen captures of the AVG scan run back in January 2009. I have not seen any trace of this Trojan Horse since removing it with your 'FIX' instructions.

Image Attachment :

SHeur2.MKJ Trojan Horse info Jan 2009.JPG 83KB (image/pjpeg)

This image has been viewed 31 time(s).

Image Attachment :

SHeur2.MKJ Trojan Horse info Jan 2009 (2).JPG 158KB (image/pjpeg)

This image has been viewed 36 time(s).

jk48326
New Member

Date Joined Sep 2009
Total Posts : 15

Posted 9-19-2009 5:13 (GMT +1)

Oh, I guess there is one more piece of information I should give you. When I first boot, it now takes forever to finish !! I read somewhere on your forum about selecting which components should boot on start-up and how some can be selected to boot sometime later. When I boot, once the PC looks like it is ready, I would like to start working. But usually all of the start-up applications are still launching and during this time the PC is completely unusable.

I wonder if much of this boot-up delay is AVG Free 8.5.409 scanning components before you are allowed to do anything. Do you know if AVG is known to add a huge amount of time to the boot-up process ?? Is this an unfortunate consequence of choosing to use AVG Free ?? Your forum suggests 'Avast' and 'Avira'. Do you recommend that I cease using AVG and begin using one of those others?? The reason I ask this is because there are about 4-5 other users that have selected AVG Free on my recommendation, and I wish to know your opinion on whether I should rethink giving this advice.

Thanks !!

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16739

Posted 9-20-2009 4:13 (GMT +1)

Hello jk48326 smile

Please download Combofix from:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

And save to the desktop.

Close all other browser windows.

Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.

Post the contents of that log in your next reply

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

jk48326
New Member

Date Joined Sep 2009
Total Posts : 15

Posted 9-20-2009 7:58 (GMT +1)

Actually I had figured you would ask me to run Combo-Fix. I already ran it, but didn't post it yet. Here is the log.

ComboFix 09-09-18.02 - Jim 09/19/2009 14:46.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.607 [GMT -4:00]
Running from: c:\downloads\ComboFix\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-08-19 to 2009-09-19 )))))))))))))))))))))))))))))))
.

2009-09-19 15:27 . 2009-09-19 15:29 -------- d-----w- C:\rsit
2009-09-19 14:59 . 2009-09-19 14:59 -------- d-----w- c:\program files\Trend Micro
2009-09-17 20:01 . 2009-09-17 20:01 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-10 03:21 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-19 14:25 . 2005-07-05 14:44 -------- d-----w- c:\program files\Java
2009-09-18 09:23 . 2009-07-17 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-18 06:21 . 2009-01-22 12:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-17 15:25 . 2006-07-23 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-09-15 08:14 . 2009-07-17 03:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-10 18:54 . 2009-01-22 12:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-01-22 12:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-15 06:44 . 2008-06-20 06:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-15 06:44 . 2008-06-20 06:32 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-15 06:44 . 2008-01-29 06:12 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 19:23 . 2009-09-19 14:17 411368 ----a-w- c:\windows\system32\REN1F8.tmp
2009-07-25 23:01 . 2009-07-25 23:01 8266 ----a-w- c:\windows\extend.dat
2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:39 . 2009-07-15 12:40 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-14 03:43 . 2004-08-04 10:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-08-03_07.06.09   )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 10:00 . 2008-04-14 00:12 49152              c:\windows\SYSTEM32\wdigest(3).dll
+ 2007-01-29 08:58 . 2009-07-14 11:03 46080              c:\windows\SYSTEM32\tzchange.exe
+ 2004-08-04 10:00 . 2009-06-12 12:31 76288              c:\windows\SYSTEM32\telnet.exe
+ 2004-08-04 10:00 . 2009-02-03 19:59 56832              c:\windows\SYSTEM32\secur32(3).dll
- 2009-01-31 23:32 . 2009-07-05 16:37 84661              c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
+ 2009-01-31 23:32 . 2009-09-10 12:29 84661              c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288              c:\windows\SYSTEM32\DLLCACHE\telnet.exe
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992              c:\windows\SYSTEM32\DLLCACHE\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880              c:\windows\SYSTEM32\DLLCACHE\atl.dll
+ 2004-08-04 10:00 . 2009-06-10 14:13 84992              c:\windows\SYSTEM32\avifil32.dll
- 2004-08-04 10:00 . 2008-04-14 00:11 84992              c:\windows\SYSTEM32\avifil32.dll
+ 2009-08-13 20:33 . 2008-04-14 00:11 58880              c:\windows\$NtUninstallKB973507$\atl.dll
+ 2009-08-13 20:33 . 2008-04-14 00:11 84992              c:\windows\$NtUninstallKB971557$\avifil32.dll
+ 2009-08-13 20:33 . 2008-04-14 00:12 75776              c:\windows\$NtUninstallKB960859$\telnet.exe
+ 2009-08-13 20:33 . 2008-07-08 13:02 26488              c:\windows\$hf_mig$\KB973869\update\spcustom.dll
+ 2009-08-13 20:33 . 2008-07-08 13:02 17272              c:\windows\$hf_mig$\KB973869\spmsg.dll
+ 2009-08-13 20:29 . 2009-05-26 11:40 26488              c:\windows\$hf_mig$\KB973815\update\spcustom.dll
+ 2009-08-13 20:29 . 2009-05-26 11:40 17272              c:\windows\$hf_mig$\KB973815\spmsg.dll
+ 2009-08-13 20:33 . 2009-05-26 11:40 26488              c:\windows\$hf_mig$\KB973507\update\spcustom.dll
+ 2009-08-13 20:33 . 2009-05-26 11:40 17272              c:\windows\$hf_mig$\KB973507\spmsg.dll
+ 2009-07-17 19:25 . 2009-07-17 19:25 58880              c:\windows\$hf_mig$\KB973507\SP3QFE\atl.dll
+ 2009-08-13 20:33 . 2009-05-26 11:40 26488              c:\windows\$hf_mig$\KB973354\update\spcustom.dll
+ 2009-08-13 20:33 . 2009-05-26 11:40 17272              c:\windows\$hf_mig$\KB973354\spmsg.dll
+ 2009-08-13 20:33 . 2008-07-08 13:02 26488              c:\windows\$hf_mig$\KB971657\update\spcustom.dll
+ 2009-08-13 20:33 . 2008-07-08 13:02 17272              c:\windows\$hf_mig$\KB971657\spmsg.dll
+ 2009-08-13 20:33 . 2008-07-08 13:02 26488              c:\windows\$hf_mig$\KB971557\update\spcustom.dll
+ 2009-08-13 20:33 . 2008-07-08 13:02 17272              c:\windows\$hf_mig$\KB971557\spmsg.dll
+ 2009-06-10 14:01 . 2009-06-10 14:01 84992              c:\windows\$hf_mig$\KB971557\SP3QFE\avifil32.dll
+ 2009-08-13 20:33 . 2008-07-08 13:02 26488              c:\windows\$hf_mig$\KB960859\update\spcustom.dll
+ 2009-08-13 20:33 . 2008-07-08 13:02 17272              c:\windows\$hf_mig$\KB960859\spmsg.dll
+ 2009-06-12 12:03 . 2009-06-12 12:03 80896              c:\windows\$hf_mig$\KB960859\SP3QFE\tlntsess.exe
+ 2009-06-12 12:03 . 2009-06-12 12:03 76288              c:\windows\$hf_mig$\KB960859\SP3QFE\telnet.exe
+ 2009-08-13 20:33 . 2008-07-08 13:02 26488              c:\windows\$hf_mig$\KB956744\update\spcustom.dll
+ 2009-08-13 20:33 . 2008-07-08 13:02 17272              c:\windows\$hf_mig$\KB956744\spmsg.dll
- 2004-08-04 10:00 . 2008-04-14 00:12 132096              c:\windows\SYSTEM32\wkssvc.dll
+ 2004-08-04 10:00 . 2009-06-10 06:14 132096              c:\windows\SYSTEM32\wkssvc.dll
+ 2009-01-22 10:43 . 2009-09-17 20:01 742716              c:\windows\SYSTEM32\Restore\rstrlog.dat
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440              c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2004-08-04 10:00 . 2008-04-14 00:11 299520              c:\windows\SYSTEM32\kerberos(3).dll
+ 2009-09-19 14:17 . 2009-07-31 19:23 149280              c:\windows\SYSTEM32\javaws.exe
+ 2009-09-19 14:17 . 2009-07-31 19:23 145184              c:\windows\SYSTEM32\javaw.exe
+ 2009-09-19 14:17 . 2009-07-31 19:23 145184              c:\windows\SYSTEM32\java.exe
+ 2004-08-04 10:00 . 2009-07-14 03:43 286208              c:\windows\SYSTEM32\DLLCACHE\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096              c:\windows\SYSTEM32\DLLCACHE\wkssvc.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 204800              c:\windows\SYSTEM32\DLLCACHE\mswebdvd.dll
+ 2009-08-13 20:33 . 2008-07-08 13:02 382840              c:\windows\$NtUninstallKB973869$\spuninst\updspapi.dll
+ 2009-08-13 20:33 . 2008-07-08 13:02 231288              c:\windows\$NtUninstallKB973869$\spuninst\spuninst.exe
+ 2009-08-13 20:29 . 2009-05-26 11:40 382840              c:\windows\$NtUninstallKB973815$\spuninst\updspapi.dll
+ 2009-08-13 20:29 . 2009-05-26 11:40 231288              c:\windows\$NtUninstallKB973815$\spuninst\spuninst.exe
+ 2009-08-13 20:29 . 2008-04-14 00:12 203776              c:\windows\$NtUninstallKB973815$\mswebdvd.dll
+ 2009-08-13 20:32 . 2006-10-19 02:47 314880              c:\windows\$NtUninstallKB973540_WM9$\wmpdxm.dll
+ 2009-08-13 20:32 . 2007-07-27 14:41 382840              c:\windows\$NtUninstallKB973540_WM9$\spuninst\updspapi.dll
+ 2009-08-13 20:32 . 2007-07-27 14:41 231288              c:\windows\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe
+ 2009-08-13 20:33 . 2009-05-26 11:40 382840              c:\windows\$NtUninstallKB973507$\spuninst\updspapi.dll
+ 2009-08-13 20:33 . 2009-05-26 11:40 231288              c:\windows\$NtUninstallKB973507$\spuninst\spuninst.exe
+ 2009-08-13 20:33 . 2009-05-26 11:40 382840              c:\windows\$NtUninstallKB973354$\spuninst\updspapi.dll
+ 2009-08-13 20:33 . 2009-05-26 11:40 231288              c:\windows\$NtUninstallKB973354$\spuninst\spuninst.exe
+ 2009-08-13 20:33 . 2008-04-14 00:12 132096              c:\windows\$NtUninstallKB971657$\wkssvc.dll
+ 2009-08-13 20:33 . 2009-05-26 11:40 382840              c:\windows\$NtUninstallKB971657$\spuninst\updspapi.dll
+ 2009-08-13 20:33 . 2008-07-08 13:02 231288              c:\windows\$NtUninstallKB971657$\spuninst\spuninst.exe
+ 2009-08-13 20:33 . 2009-05-26 11:40 382840              c:\windows\$NtUninstallKB971557$\spuninst\updspapi.dll
+ 2009-08-13 20:33 . 2008-07-08 13:02 231288              c:\windows\$NtUninstallKB971557$\spuninst\spuninst.exe
+ 2009-08-13 20:33 . 2009-05-26 11:40 382840              c:\windows\$NtUninstallKB960859$\spuninst\updspapi.dll
+ 2009-08-13 20:33 . 2008-07-08 13:02 231288              c:\windows\$NtUninstallKB960859$\spuninst\spuninst.exe
+ 2009-08-13 20:33 . 2008-07-08 13:02 382840              c:\windows\$NtUninstallKB956744$\spuninst\updspapi.dll
+ 2009-08-13 20:33 . 2008-07-08 13:02 231288              c:\windows\$NtUninstallKB956744$\spuninst\spuninst.exe
+ 2009-08-13 20:33 . 2008-07-08 13:02 382840              c:\windows\$hf_mig$\KB973869\update\updspapi.dll
+ 2009-08-13 20:33 . 2008-07-08 13:02 755576              c:\windows\$hf_mig$\KB973869\update\update.exe
+ 2009-08-13 20:33 . 2008-07-08 13:02 231288              c:\windows\$hf_mig$\KB973869\spuninst.exe
+ 2009-08-13 20:29 . 2009-05-26 11:40 382840              c:\windows\$hf_mig$\KB973815\update\updspapi.dll
+ 2009-08-13 20:29 . 2009-05-26 11:40 755576              c:\windows\$hf_mig$\KB973815\update\update.exe
+ 2009-08-13 20:29 . 2009-05-26 11:40 231288              c:\windows\$hf_mig$\KB973815\spuninst.exe
+ 2009-08-05 08:52 . 2009-08-05 08:52 204800              c:\windows\$hf_mig$\KB973815\SP3QFE\mswebdvd.dll
+ 2009-08-13 20:33 . 2009-05-26 11:40 382840              c:\windows\$hf_mig$\KB973507\update\updspapi.dll
+ 2009-08-13 20:33 . 2009-05-26 11:40 755576              c:\windows\$hf_mig$\KB973507\update\update.exe
+ 2009-08-13 20:33 . 2009-05-26 11:40 231288              c:\windows\$hf_mig$\KB973507\spuninst.exe
+ 2009-08-13 20:33 . 2009-05-26 11:40 382840              c:\windows\$hf_mig$\KB973354\update\updspapi.dll
+ 2009-08-13 20:33 . 2009-05-26 11:40 755576              c:\windows\$hf_mig$\KB973354\update\update.exe
+ 2009-08-13 20:33 . 2009-05-26 11:40 231288              c:\windows\$hf_mig$\KB973354\spuninst.exe
+ 2009-08-13 20:33 . 2009-05-26 11:40 382840              c:\windows\$hf_mig$\KB971657\update\updspapi.dll
+ 2009-08-13 20:33 . 2009-05-26 11:40 755576              c:\windows\$hf_mig$\KB971657\update\update.exe
+ 2009-08-13 20:33 . 2008-07-08 13:02 231288              c:\windows\$hf_mig$\KB971657\spuninst.exe
+ 2009-06-10 06:17 . 2009-06-10 06:17 134144              c:\windows\$hf_mig$\KB971657\SP3QFE\wkssvc.dll
+ 2009-08-13 20:33 . 2009-05-26 11:40 382840              c:\windows\$hf_mig$\KB971557\update\updspapi.dll
+ 2009-08-13 20:33 . 2009-05-26 11:40 755576              c:\windows\$hf_mig$\KB971557\update\update.exe
+ 2009-08-13 20:33 . 2008-07-08 13:02 231288              c:\windows\$hf_mig$\KB971557\spuninst.exe
+ 2009-08-13 20:33 . 2009-05-26 11:40 382840              c:\windows\$hf_mig$\KB960859\update\updspapi.dll
+ 2009-08-13 20:33 . 2009-05-26 11:40 755576              c:\windows\$hf_mig$\KB960859\update\update.exe
+ 2009-08-13 20:33 . 2008-07-08 13:02 231288              c:\windows\$hf_mig$\KB960859\spuninst.exe
+ 2009-08-13 20:33 . 2008-07-08 13:02 382840              c:\windows\$hf_mig$\KB956744\update\updspapi.dll
+ 2009-08-13 20:33 . 2009-05-26 11:40 755576              c:\windows\$hf_mig$\KB956744\update\update.exe
+ 2009-08-13 20:33 . 2008-07-08 13:02 231288              c:\windows\$hf_mig$\KB956744\spuninst.exe
- 2004-08-04 10:00 . 2008-06-18 10:03 2458112              c:\windows\SYSTEM32\WMVCore.dll
+ 2004-08-04 10:00 . 2009-05-20 08:56 2458112              c:\windows\SYSTEM32\WMVCore.dll
+ 2004-08-04 10:00 . 2009-06-10 13:19 2066432              c:\windows\SYSTEM32\mstscax.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424              c:\windows\SYSTEM32\Macromed\Flash\NPSWF32.dll
+ 2004-08-04 10:00 . 2009-05-20 08:56 2458112              c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll
- 2004-08-04 10:00 . 2008-06-18 10:03 2458112              c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll
+ 2009-06-10 13:19 . 2009-06-10 13:19 2066432              c:\windows\SYSTEM32\DLLCACHE\mstscax.dll
+ 2009-08-13 11:02 . 2009-07-10 13:27 1315328              c:\windows\SYSTEM32\DLLCACHE\msoe.dll
+ 2009-08-13 20:33 . 2008-04-14 00:12 1314816              c:\windows\$NtUninstallKB973354$\msoe.dll
+ 2009-08-13 20:33 . 2008-04-14 00:11 2061824              c:\windows\$NtUninstallKB956744$\mstscax.dll
+ 2009-07-10 22:54 . 2009-07-10 22:54 1315328              c:\windows\$hf_mig$\KB973354\SP3QFE\msoe.dll
+ 2009-08-13 11:02 . 2009-06-09 15:21 2067968              c:\windows\$hf_mig$\KB956744\SP3QFE\lhmstscx.dll
+ 2004-08-04 10:00 . 2009-07-14 03:43 10841088              c:\windows\SYSTEM32\wmp.dll
+ 2005-07-11 01:36 . 2009-08-28 21:38 24689600              c:\windows\SYSTEM32\MRT.exe
+ 2004-08-04 10:00 . 2009-07-14 03:43 10841088              c:\windows\SYSTEM32\DLLCACHE\wmp.dll
+ 2009-08-13 20:32 . 2008-11-11 22:34 10838016              c:\windows\$NtUninstallKB973540_WM9$\wmp.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 20:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 202544]
"QuickenScheduledUpdates"="c:\progra~1\QUICKEN\bagent.exe" [2008-04-21 87328]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-15 2007832]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 202544]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-11 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]

c:\documents and settings\Jim\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-11 51984]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-15 06:44 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\MSHTA.EXE"=
"c:\\Program Files\\Quicken WillMaker Plus 2005\\qwp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [6/20/2008 2:32 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [6/20/2008 2:32 AM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/15/2008 8:27 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/15/2008 8:27 AM 297752]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/2/2009 11:54 AM 133104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-02 15:53]

2009-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-02 15:53]

2009-09-19 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-07-17 19:31]

2009-09-13 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-07-17 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 129.74.152.66:3124
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
Trusted Zone: skygolfgps.com\www
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\0vu6jjhf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-19 14:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5540)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2009-09-19 14:57
ComboFix-quarantined-files.txt 2009-09-19 18:57
ComboFix2.txt 2009-08-03 07:09
ComboFix3.txt 2009-01-26 13:10

Pre-Run: 13,763,567,616 bytes free
Post-Run: 13,740,654,592 bytes free

273 --- E O F --- 2009-09-10 07:05

jk48326
New Member

Date Joined Sep 2009
Total Posts : 15

Posted 10-6-2009 5:05 (GMT +1)

Hello all. I was wondering if there is something else I need to do in order to assist with this PC diagnosis. I posted the ComboFix log as requested but haven't seen a response in a number of weeks. I am wondering if I have done what was requested of me satisfactorily to this point.

I am still seeing the same behavioral traits on this computer, most notably when moving between different browser windows, the newly highlighted window will sometimes take 30 seconds to respond to its first mouse click on a browser tab, then subsequent mouse clicks on different tabs in that window are also ignored. If I continue this several more times, the browser window banner message eventually says '(Not responding)', and if I continue trying other windows to find something that is alive, or even the tray or the Start menu which also becomes non-responsive, the mouse eventually freezes and I get the 'PC locked' beep. A minute later everything will free up, and the PC does remember many of the mouse clicks because the Start menu will open/close many times from me attempting to select it. Then if I go select a different browser window again, the whole thing starts over again.

This also affects Windows Explorer, which I still find very strange. File Manager used to be hugely fast because it was just looking at your hard drive. For some reason Windows Explorer seems to be checking a bunch of network connections and neighborhood stuff in the background every time you want to use it, which is annoyingly slow. And I can't believe that AVG's active scanner would be to blame for all of this behavior, but it really looks like something is interfering with EVERY SINGLE thing that you try to do on this computer.

Let me know if you guys can help with this. This is not an old computer and it really should not be doing this. I really can't tell if I am dealing with a very well hidden keylogger or else built-in WinXP network services that are getting stuck and are hijacking resources or just interfering with everything that I try to do. I was just on someone's laptop Sunday night, and was reminded of how blazingly fast the really easy things like Start menu, Windows Explorer, and Internet Exporer should be.

I am to the point of doing a huge backup and completely rebuilding this PC, which I really do dread because this is a Dell an I'm not really sure where to find the stupid master re-install CD that contains all the stuff that came with the PC anyway. So I don't have an OEM copy of WinXP, just what came with this computer, and rebuilding it suddenly doesn't seem trivial. I might just need to crack a WinXP CD and install fresh that way. It isn't the 'right' license, but the license I do have does entitle me to run one installation of WinXP so I think this would be good enough. Naturally, I'd rather not have to do this at all since I have dozens of other applications and updates that I would have to perform too.

Finally, I do run AVG-free. Do you really recommend one of those other free virus services more ?? I am willing to try a different one, just in case this whole issue is due to AVG-free's active scanner just being horribly invasive and slow. Do you know of the other two being that much better ?? This I would really like to know because I have personally installed AVG on several other people's PC for them, and I would hate to find that I am giving them the same problems that I see.

Also, I think I am going to run Hijack-this and install the log here. If we are truly stuck here, that's probably the next thing you would have asked me for anyway.

Let me know if you want me to re-run any of the scans and repost logfiles though, since the ones currently posted are pretty old now.

Thanks !!

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16739

Posted 10-7-2009 7:53 (GMT +1)

Sorry, I´ve completely missed you.

Please follow this guide:

Before-posting-a-log

Follow the instructions and copy the logs here, in this Topic.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

jk48326
New Member

Date Joined Sep 2009
Total Posts : 15

Posted 10-7-2009 5:00 (GMT +1)

I already performed most of what is requested in that 'Before posting a log' Instruction Set, and posted the results above. Should I completely re-run those utilities and repost??

I had one question that I needed answered though, about the Instruction Set. I was confused during the Sun Java maintenance step. I posted this question in Post #2 above.

MalwareBytes Log is Post #3.
DDS Log is Post #4.
The 2nd DDS Log is Post #5.
Post #6 described a problem I had while loading the latest Yahoo IM, which caused a Blue Screen. Do you know anything about Yahoo IM versions causing serious problems that should prompt us to never use Yahoo IM?
HijackThis Log is Post #8
POst #9 describes the computer quirks some more, but also mentions that there may be remnants of Bearshare and Limewire. I removed both, but Limewire still had a desktop icon and what I thought was a Bearshare utility ('BAgent') looks actually to be an AVG-Free component.
Post #10 & #11 are the result of a System Information Tool that I read about in another post.
You asked for a ComboFix Log in Post #13, and I attached the ComboFix Log in Post #14.

I might have started with a slightly different instruction set though because I am noticing now that the order of logfile posting is slightly different than I remember reading. Do you suggest that I just start this over again. I can, I just don't want to if what you want is already posted.

New news though.... In my posts, I asked your opinion of AVG-Free, because it really looked like AVG is the culprit that was hogging all resources all the time, and never showing up in the Task Manager window. If this is indeed a characteristic of AVG, I'd like to know that, and I would be perfectly willing to try one of the other 2 free Virus Utilities that you suggest. Here is what I found just today. I planned to install AVAST today and before doing so, I disabled most utilities in AVG rather than just uninstalling it.

The moment I disabled AVG, my system is completely fast and responsive. I really think that AVG has become a very secretive resource hog, interefering with every operation I try to do, and honestly all of us computer users are multi-tasking individuals, so while trying to do 3 things at once on the computer, this seems to have caused AVG to just lock everything !!

I am blaming AVG for ALL of the symptoms that are described in Post #1 and #9. I am curious whether you guys already know if AVG is a secretive resource hog or not, and do you recommend never using it ?? I will honor your recommendations here because I am responsible for deploying AVG-Free onto several other people's computers, and I really need to know if I should change all of those installations to AVAST.

Thank you in advance for your help. I now suspect that you will find nothing bizarre in any of my posts because it appears that AVG was to blame for all of it. Let me know if you concur.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16739

Posted 10-8-2009 5:45 (GMT +1)

I am blaming AVG for ALL of the symptoms

Ok, let´s remove it then.

But first download Antivirus and a Firewall from here:

http://www.cybertechhelp.com/forums/showpost.php?p=80739&postcount=1

Then uninstall your AVG Antivirus
http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

Install the programs you have chosen. Run a complete scan with the antivirus programs, and please tell how things goes ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

jk48326
New Member

Date Joined Sep 2009
Total Posts : 15

Posted 10-8-2009 9:29 (GMT +1)

I disabled AVG Active Scan and everything on the computer suddenly was fast with no waiting before anything ran. I really think that the Active Scanner of any virus utility is going to stall everything you do, since it has to scan what you are touching or looking at, before you touch it or look at it, right ??

I installed AVAST and set it up. Ran fine, set up logging and let it run an initial scan. Ran fine. Full scan was about 10x faster than AVG though, but I can't find anywhere that AVAST will let you set up a daily scan in the middle of the night like AVG did. I think AVAST 'non-free' lets you do that, but maybe not the free version. Do you know for sure, since AVAST is one of the Virus Packages that your post suggested?

I didn't want to completely remove AVG first because I do like its daily scan feature, so I just turned off its utilities.

So I ran a complete scan with AVAST and it found some Decompression Bomb and some archives that it couldn't scan. Other than that it was completely clean, but AVAST didn't appear to find all of the tracking cookies that AVG did.

Forum Information

Currently it is Sunday, March 14, 2010 1:43 AM (GMT +1)
There are a total of 76.176 posts in 17.594 threads.
In the last 3 days there were 5 new threads and 68 reply posts. View Active Threads