AVG Trojan horse SHeur.ALJL?

**myotherhalf007** · 14-01-2008

As in another thread with same Title, I have the same problem.

AVG Anti-virus recently picked up a 'Trojan horse SHeur.ALJL' on a system scan and it cant be healed but is stored in vault.

This is the file path:
C:\Program files\Online services\BTOpenzone\QuickTourV2.exe

But later in the day AVG found another one in the System Restore folder which is now also in the vault.

This is the file path:
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP332\A0164429.exe

After enabling hidden files and folders I was able to see the size of the files in the AVG vault and they are both the same size, so presume the one in the System Restore folder is a copy.

The files are too big to upload to an online virus checker like VirusTotal (I did try to do this. they are 11.7 MB).

The frustrating thing is I wanted to do a System Restore to go back a few weeks but now it refuses to let me, possibly because this file has been moved to the vault.

I am tempted to restore the file back but a bit concerned about doing this!

I know how to clear out the System Restore folder but really want to use it to go back a few weeks at least.

There seem to be no information on the internet regarding Trojan horse SHeur.ALJL other than the thread I found in this forum.

**VopThis** · 14-01-2008

The frustrating thing is I wanted to do a System Restore to go back a few weeks but now it refuses to let me, possibly because this file has been moved to the vault.

I am tempted to restore the file back but a bit concerned about doing this!

A 'Restore Point' specific item only kicks in when there is a triggering event and should not be expected to impact all components of a given specific 'Restore Point'. Also note that AVG may immediately challenge any such user action taken by you unless disabled (do so off-line if absolutely necessary). Are any traces of this 'suspected infection' still being detected by AVG?

Lets first check if there are "System Restore Points' to return to - there may not be:

Please download Deckard's System Scanner (DSS) to your desktop.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - Main.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
Please go to that FOLDER and also copy the contents of Extra.txt to your post as well.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

What DSS will do:

Create a new System Restore point in Windows XP and Vista.
Clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
Check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed.

Post Logs:

DSS Scan Results: contents of:
- 1) Main.txt
- 2) Extra.txt

**myotherhalf007** · 14-01-2008

Thank you for your reply

Quote
"Lets first check if there are "System Restore Points' to return to - there may not be:"

I tried about 3 different dates of the Restore points but on the computer restart, I would get the message as below:

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 111
Date: 14/01/2008
Time: 01:13:14
User: N/A
Computer: LAPTOPHP
Description:
A restoration to "INSATLLING NEWT network inventory scanner" restore point failed. No changes have been made to the system.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
=====
Quote
"Are any traces of this 'suspected infection' still being detected by AVG?"

Only when I try to restore it back to its original location or save it to the desktop, AVG warns me of a Threat again, so because I choose Heal I have multiple copies in the vault.

I have changed my name in the following enclosed files with XXXXXXXXX , including the user names on my computer.

Also in the Extra.txt file, the name of the file moved to the vault is QuickTourV2.exe.lin.exe - with an extra extention - because I tried to rename it with an extention while choosing to save it back to its folder - but AVG grabbed it back!

Main.txt
Deckard's System Scanner v20071014.68
Run by XXXXXXXXXX on 2008-01-14 15:58:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
76: 2008-01-14 15:59:06 UTC - RP342 - Deckard's System Scanner Restore Point
75: 2008-01-14 01:33:01 UTC - RP341 - Restore Operation
74: 2008-01-14 01:24:08 UTC - RP340 - Restore Operation
73: 2008-01-14 01:13:14 UTC - RP339 - Restore Operation
72: 2008-01-14 01:03:51 UTC - RP338 - Restore Operation

-- First Restore Point --
1: 2007-10-16 14:42:51 UTC - RP267 - Installing Simpsons Cartoon

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-14 16:01:26
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\FDD + FMD Combo Reader\Czfmdser.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIA IE.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\FDD + FMD Combo Reader\CZFMDxpk.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\HPQ\Shared\HpqToaster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC 2.EXE
C:\Documents and Settings\XXXXXXXXXX\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?source...970-01,GGLH:en
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA IE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [CZFMDXPK] C:\PROGRA~1\FDD_FM~1\CZFMDXPK.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA IE.EXE /P30 "EPSON Stylus Photo R220 Series" /M "Stylus Photo R220" /EF "HKCU"
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O4 - HKCU\..\Run: [Tesco] "C:\Program Files\Tesco internet phone\TescoIP.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk.disabled = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Bookmark Master - {EC72627A-360F-4C0D-AD13-5A793AD580CE} - C:\Program Files\BookMark Master\FavMM.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} (SentinelVE3D Class) - http://download.microsoft.com/downlo...ualEarth3D.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CZFMDSER.EXE - Unknown owner - C:\Program Files\FDD + FMD Combo Reader\Czfmdser.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13836 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 cc_4g - c:\windows\system32\drivers\cc_4g.sys <Not Verified; SecureAction Research, LLC; CryptoExpert>
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R2 cc_firewall - c:\windows\system32\drivers\cc_firewall.sys <Not Verified; SecureAction Research, LLC; CryptoExpert>
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>

S3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.3500>
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
S3 PLCMPR5 (PLCMPR5 NDIS Protocol Driver) - c:\windows\system32\plcmpr5.sys (file missing)
S3 PLCNDIS5 (PLCNDIS5 NDIS Protocol Driver) - c:\windows\system32\plcndis5.sys <Not Verified; Intellon, Inc.; PCAUSA Rawether for Windows>
S3 SNDP202 (Dual Mode Camera (8008 VGA)) - c:\windows\system32\drivers\sndp202.sys <Not Verified; ; DualMode Camera Driver>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CZFMDSER.EXE - "c:\progra~1\fdd_fm~1\czfmdser.exe"
R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\4164CB009FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\4164CB009FC000
Service: NIC1394

-- Scheduled Tasks -------------------------------------------------------------

2008-01-14 16:00:18 442 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D27BBB13-C911-4A50-A732-D1A0CF04F1C2}.job

-- Files created between 2007-12-14 and 2008-01-14 -----------------------------

2008-01-14 01:30:40 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-01-14 01:30:40 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-13 05:27:25 0 d-------- C:\Program Files\ThreatFire
2008-01-13 05:27:25 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-10 01:29:16 0 d-------- C:\Documents and Settings\XXXXXXXXXX\dwhelper
2008-01-04 14:56:36 0 d-------- C:\Program Files\EA GAMES
2008-01-04 14:56:35 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2008-01-01 04:31:57 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\SiteAdvisor
2007-12-28 19:42:14 5 --a------ C:\vdir
2007-12-28 00:49:01 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\Printer Info Cache

-- Find3M Report ---------------------------------------------------------------

2008-01-14 13:32:32 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\MailWasher
2008-01-14 01:30:34 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\Identities
2008-01-14 01:05:41 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\AVG7
2008-01-14 01:05:28 0 d-------- C:\Program Files\DynDNS Updater
2008-01-13 22:22:03 0 d-------- C:\Program Files\DigiGuide TV Guide
2008-01-11 18:15:40 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-10 23:43:20 6622 --a------ C:\Documents and Settings\XXXXXXXXXX\Application Data\wklnhst.dat
2008-01-05 15:19:12 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\Free Download Manager
2007-12-29 18:01:56 0 d-------- C:\Program Files\Trillian
2007-12-29 10:29:00 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-28 22:26:55 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\U3
2007-11-29 01:49:28 0 d-------- C:\Program Files\Tesco internet phone
2007-11-26 23:53:16 0 d-------- C:\Program Files\WinTidy
2007-11-14 09:38:56 0 d-------- C:\Program Files\Windows Live Safety Center
2007-11-14 02:16:13 262144 --a------ C:\WINDOWS\system32\default_user_class.dat
2007-11-14 02:09:27 0 d-------- C:\Program Files\QuickTime

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [06/08/2005 04:56]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [12/08/2006 07:25]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [27/09/2006 17:10]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [27/09/2006 17:10]
"nwiz"="nwiz.exe" [27/09/2006 17:10 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [26/07/2006 22:44 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/09/2007 02:27]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [11/07/2006 20:55]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [19/06/2006 10:33]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [13/07/2006 14:02]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [11/10/2005 09:23]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [28/07/2004 07:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [28/07/2004 07:50]
"KernelFaultCheck"="C:\WINDOWS\system32\dumpre p 0 -k" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc. exe" [21/12/2007 09:35]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATIAIE.exe" [09/03/2005 05:00]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [16/10/2006 21:12]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [16/10/2006 21:17]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [16/10/2006 21:13]
"CZFMDXPK"="C:\PROGRA~1\FDD_FM~1\CZFMDXPK.exe" [14/06/2004 09:37]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 02:29]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [14/11/2007 16:05]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [20/12/2007 11:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATIAIE.exe" [09/03/2005 05:00]
"DynDNS Updater"="C:\Program Files\DynDNS Updater\DynDNS.exe" [17/09/2006 10:32]
"Tesco"="C:\Program Files\Tesco internet phone\TescoIP.exe" [28/11/2007 17:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [16/03/2006 04:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [12/05/2006 13:33:22]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE [14/03/2007 09:07:50]
HP Photosmart Premier Fast Start.lnk.disabled [29/06/2006 18:47:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\R oyale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale. theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"gStart"=C:\Garmin\gStart.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCh eck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{743e3d44-daea-11db-b70f-001636b00c52}]

-- End of Deckard's System Scanner: finished at 2008-01-14 16:02:48 ------------

Extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Turion(tm) 64 X2 Mobile Technology TL-52
CPU 1: AMD Turion(tm) 64 X2 Mobile Technology TL-52
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 1022.54 MiB / 488.96 MiB
Pagefile Memory (total/avail): 2460.14 MiB / 1918.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1908.02 MiB

C: is Fixed (NTFS) - 82.79 GiB total, 12.26 GiB free.
D: is Fixed (FAT32) - 9.34 GiB total, 2.38 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9100824AS - 93.16 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 82.79 GiB - C:
\PARTITION1 - Unknown - 9.35 GiB - D:
\PARTITION2 - Unknown - 1027.6 MiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
AntivirusOverride is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: ZoneAlarm Firewall v7.0.462.000 (Check Point, LTD.)
AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\s ystem32\\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\s ystem32\\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Disabled:AOL"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSReg isterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\Documents and Settings\\XXXXXXXXX\\Application Data\\U3\\00001853E473E419\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\skype.exe"="C:\\Documents and Settings\\XXXXXXXXX\\Application Data\\U3\\00001853E473E419\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\skype.exe:*:Enabled:Skype"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\XXXXXXXXX\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LAPTOPHP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\XXXXXXXXX
LANG=C
LOGONSERVER=\\LAPTOPHP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;C:\Program Files\QuickTime\QTSystem\;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PCTYPE=PAVILION
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\XXXXXX~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\XXXXX~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=LAPTOPHP
USERNAME=XXXXXXXXX
USERPROFILE=C:\Documents and Settings\XXXXXXXXX
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

XXXXXXXXX (admin)
XXXXX
XXXXXX
XXXXXXX
XXXXXX XXXXX (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acronis True Image Home --> MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
AloeCam 2.2 --> C:\Program Files\AloeCam22\UnInstall.exe
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\Setup.exe" -l0x9
Ashampoo WinOptimizer 2008 --> "C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2008\Uninstall\1806_Uninstall.exe"
Astra Image Webcam Video Grabber 1.0c --> "C:\Program Files\Astra Image WVG\unins000.exe"
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
BookMark Master v3.13 --> C:\PROGRA~1\BOOKMA~1\UNWISE.EXE C:\PROGRA~1\BOOKMA~1\INSTALL.LOG
Broadcom 802.11 Wireless LAN Adapter --> "C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Bubblet! --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\House of Bytes Software\Bubblet!\Uninst.isu"
CamStudio --> C:\Program Files\CamStudio\uninstall.exe
Canon CanoScan Toolbox 4.9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x9 anything
Canon ScanGear Starter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x9 anything
Celestia 1.4.1 --> "C:\Program Files\Celestia\unins000.exe"
CITIZEN FDD + FMD Combo Reader --> C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\FDD_FM~1\CZFMDSET.ISU -cC:\PROGRA~1\FDD_FM~1\CZFMDUNI.DLL
Clock 2.3 --> C:\Program Files\Clock\uninst.exe
CmdHere Powertoy For Windows XP --> MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
Cool Edit Pro 2.0 --> C:\Program Files\coolpro2\cep2unin.exe
Cool Ruler --> C:\WINDOWS\uninst.exe -f"C:\Program Files\CoolRuler\DeIsL1.isu" -c"C:\Program Files\CoolRuler\_ISREG32.DLL"
Crime Catcher 3.22 --> "C:\Program Files\Crime Catcher\unins000.exe"
CryptoExpert 2007 Lite --> "C:\Program Files\CryptoExpert 2007 Lite\unins000.exe"
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1 \IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
dCut --> MsiExec.exe /I{885EE19A-486C-4A85-BA1B-19D719C72798}
DigiGuide TV Guide --> "C:\Program Files\DigiGuide TV Guide\uninstall.exe"
DiscAPI (Studio 10) --> MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Dual Mode Camera (8008 VGA) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E85397AD-D60E-4141-82E6-FAA312A09271}\Setup.exe" -l0x9
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab (remove only) --> "C:\Program Files\DVDFab\uninstall.exe"
DVDFab HD Decrypter 3.1.7.0 --> "C:\Program Files\DVDFab HD Decrypter 3\unins000.exe"
DVRMSToolbox --> MsiExec.exe /I{53885844-2604-4C08-9F67-1DD9C70D8513}
DynDNS Updater 3.1 --> "C:\Program Files\DynDNS Updater\unins000.exe"
EarthCam Mobile v4.0 --> MsiExec.exe /I{FD92A71A-200D-4F0F-93E5-AEBEB7C20311}
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1 \IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
EasyGPS --> "C:\Program Files\EasyGPS\unins000.exe"
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1DF4AC80-F76B-42AE-A263-15D2313D4472}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDAT E.EXE /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
ESPR220 User's Guide --> C:\Program Files\EPSON\TPMANUAL\ESPR220\REF_G\DOCUNINS.EXE
EXIFeditor --> MsiExec.exe /I{50FC1CE8-FF32-4F3B-B654-050DD6ECD474}
FastStone Image Viewer 3.2 --> C:\Program Files\FastStone Image Viewer\uninst.exe
Focus Magic --> C:\Program Files\Focus Magic\esuninst.exe C:\Program Files\Focus Magic
Free Download Manager 2.1 --> "C:\Program Files\Free Download Manager\unins000.exe"
Garmin POI Loader --> MsiExec.exe /X{3A3923F8-AA05-4281-9F6F-DC6F85D0092D}
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GTK+ 2.10.6-1 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe"
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\Setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Pavilion Webcam Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC397D90-720E-426D-B381-0A10C6FD5A49}\setup.exe" -l0x9 -removeonly
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Quick Launch Buttons 6.10 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP QuickPlay 2.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP User Guides 0031 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13BCF6CB-2F54-4962-9B11-32F07048ACF3}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 H1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\Setup.exe" -l0x9 hpquninst
ImageIngesterPro --> MsiExec.exe /I{177DA980-44D4-4536-8184-7257F273612D}
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player --> MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
MailWasher --> "C:\Program Files\MailWasher\unins000.exe"
Manual CanoScan LiDE 60 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B72D50-1C7E-491C-8086-9E060051D316}\setup.exe" -l0x9
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Word 97 --> C:\Program Files\Microsoft Office\Office\Setup\AcmeWord.exe /w Word97.stf
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.11) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Neat Image v5 Demo (with plug-in) --> "C:\Program Files\Neat Image\unins000.exe"
Network Stumbler 0.4.0 (remove only) --> "C:\Program Files\Network Stumbler\uninst.exe"
NEWT Freeware 1.0 Build 106 --> "C:\Program Files\Komodo Labs\NEWT Freeware\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Opera 9.20 --> MsiExec.exe /X{E5EC3E84-F3D6-4ECB-9486-69FCF11694B3}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Outlook Express Key 7.11 Demo --> C:\Program Files\Passware\demos\un-oekeyd.exe
PFrank 1.94 --> "C:\Program Files\PFrank\unins000.exe"
Photo Story 3 for Windows --> MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
PhotoMerge --> MsiExec.exe /I{56FBA5C9-E402-4EC5-972D-BED958ED78EC}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PIF DESIGNER --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything
PowerPacket Utilities --> MsiExec.exe /X{EA4ABA3D-10ED-449F-8D79-503CA2CFB373}
PowerpointImageExtractor --> "C:\Program Files\PowerpointImageExtractor_V1_2\unins000.exe"
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
PrintFolder 1.3 --> "C:\Program Files\PrintFolder\unins000.exe"
PrintFolders 2.2 --> "C:\Program Files\PrintFolders\Uninstall.exe" "C:\Program Files\PrintFolders\install.log"
Professor Franklin --> C:\Program Files\Professor Franklin\Uninstal.exe
Quick View Plus --> C:\WINDOWS\UNINSQVP.EXE
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RAPID (Studio 10) --> MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}
Real Alternative 1.51 --> "C:\Program Files\Real Alternative\unins000.exe"
Rename It 3.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Rename It 3.0\Uninst.isu"
RoughDraft 3.0 --> "C:\Program Files\RoughDraft\uninstall.exe"
SDP Downloader --> MsiExec.exe /I{B547CB8D-549A-436E-97B5-E79F911B11E2}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spunins t.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spunins t.exe"
Serif DrawPlus 4.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Serif\dp40.isu"
Serif PagePlus SE 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}\Setup.exe" -l0x9
Serif PhotoPlus 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}\Setup.exe" -l0x9
SetFileDate 2.0 --> "C:\Program Files\SetFileDate\unins000.exe"
ShiftN 2.6 --> "C:\Program Files\ShiftN\unins000.exe"
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at 8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
Solo Antivirus 5.2 --> "C:\SRN Micro\unins000.exe"
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder --> MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
Spell Checker For OE 2.1 --> C:\Program Files\Common Files\Microsoft Shared\proof\Uninstal.exe
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Studio 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exe" -l0x9 UNINSTALL
SUPER © Version 2006.19 (FIX) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUnin stall
SyncToy --> MsiExec.exe /I{B5688129-7595-4E5B-9990-CEF981A31264}
Tesco internet phone --> "C:\Program Files\Tesco internet phone\unins000.exe"
Tesco Internet Phone --> "C:\Program Files\Tesco internet phone\unins001.exe"
ThreatFire 3.0 --> "C:\Program Files\ThreatFire\unins000.exe"
Timershot Powertoy for Windows XP --> MsiExec.exe /I{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}
Toddler Keys --> MsiExec.exe /I{7339E7E7-FB6A-46EC-8303-D31E655EF617}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Beta) --> MsiExec.exe /I{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "
Windows Live Messenger --> MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spunins t.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spunins t.exe"
WinTidy 1.0.11 --> "C:\Program Files\WinTidy\unins000.exe"
xplorer² lite --> "C:\Program Files\zabkat\xplorer2_lite\Uninstall.exe"
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type14214 / Error
Event Submitted/Written: 01/14/2008 04:01:48 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type14213 / Error
Event Submitted/Written: 01/14/2008 00:57:09 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-01-14 12:57:09,421 LAPTOPHP [005240:005248] ERROR 000 AVG7.KRNL.ACT File C:\Program Files\Online Services\BTOpenzone\QuickTourV2.exe.lin.exe could not be unplaned from CleanDrv removal, error: 2

Event Record #/Type14212 / Error
Event Submitted/Written: 01/14/2008 11:21:40 AM
Event ID/Source: 100 / AVG7
Event Description:
2008-01-14 11:21:40,875 LAPTOPHP [003048:001732] ERROR 000 AVG7.KRNL.ACT File C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP332\A0164429.exe could not be unplaned from CleanDrv removal, error: 2

Event Record #/Type14166 / Error
Event Submitted/Written: 01/14/2008 01:08:00 AM
Event ID/Source: 0 / Media Center Scheduler
Event Description:

Event Record #/Type14155 / Error
Event Submitted/Written: 01/13/2008 09:33:02 PM
Event ID/Source: 0 / Media Center Scheduler
Event Description:

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type35736 / Error
Event Submitted/Written: 01/14/2008 04:01:50 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The CZFMDSER.EXE service has reported an invalid current state 0.

Event Record #/Type35732 / Warning
Event Submitted/Written: 01/14/2008 03:46:51 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A5D9E7D9. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type35728 / Error
Event Submitted/Written: 01/14/2008 03:46:44 PM
Event ID/Source: 32003 / ipnathlp
Event Description:
The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.

Event Record #/Type35727 / Warning
Event Submitted/Written: 01/14/2008 03:46:43 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A5D9E7D9. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type35577 / Error
Event Submitted/Written: 01/13/2008 05:33:27 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

-- End of Deckard's System Scanner: finished at 2008-01-14 16:02:48 ------------

**myotherhalf007** · 16-01-2008

Can anyone advise please?
Wondered if I have done, what I was asked to do, properly.

**VopThis** · 18-01-2008

The following was not a very promising outcome. It may be more practical to make sure your Acronis backups are reliable and do a fresh re-install because the potential causes of your issues may indeed be very complex and not completely determinable:

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
76: 2008-01-14 15:59:06 UTC - RP342 - Deckard's System Scanner Restore Point
75: 2008-01-14 01:33:01 UTC - RP341 - Restore Operation
74: 2008-01-14 01:24:08 UTC - RP340 - Restore Operation
73: 2008-01-14 01:13:14 UTC - RP339 - Restore Operation
72: 2008-01-14 01:03:51 UTC - RP338 - Restore Operation

Four of the five restore points did not want to become the usable replaced 'restore point'. Potentially, 'TreatFire' and any other running anti-malware tools may have interfered with your attempts - uninstall or disable such tools for now:

2008-01-13 05:27:25 0 d-------- C:\Program Files\ThreatFire
2008-01-13 05:27:25 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2007-11-14 09:38:56 0 d-------- C:\Program Files\Windows Live Safety Center

J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}

Your system has an outdated version of Sun Java that could create serious security exposure issues for your PC.

Update your Java.

Older JAVA versions have vulnerabilities that malware can and are using to infect systems.

Please follow these steps to remove older version Java components.

Close any programs you may have running, ESPECIALLY your web browser
Click Start > Control Panel.
Click Add/Remove Programs.
Check any item with Java Runtime Environment (JRE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove all versions of Java.
Reboot your computer once all Java components are removed.

Download the latest version of Java Runtime Environment (JRE) 6.0 Update 3 or higher, and install it to your computer.

New Version should show as (HijackThis log):

C:\Program Files\Java\jre1.6.0_03\… or higher

Clean out TEMPORARY FILES procedures:
To clean your temp folder, recycle bin, etc..please download this free tool:

CCleaner http://www.ccleaner.com/downloadbuilds.asp

Install Options:

Don't install any Toolbars, or other programs, should it ask you!
Just uncheck the option of installing the Yahoo toolbar.

It will put a shortcut on your Desktop.

Do not run CCleaner until requested later.

Run CCleaner in SAFE MODE (reboot tapping the F8 key after the beep).

Re-run AVG in safe mode (may get a better result) and clean out the vault.

Select the ‘Options’ BUTTON option (top LEFT), ‘Advanced’ BUTTON, and then UNCHECK the ‘Only delete files in Windows Temp Folders older than 48 hours’ (often, the latest download traffic could be the bearer of bad content).

Select the ‘Cleaner’ BUTTON option (top LEFT), if not already selected. Use the ’Windows’ TAB up front by default.

Uncheck ‘Cookies’ option (advisable)
Optionally, Uncheck ‘Recently Typed URLs’ option (potentially still useful)
Click the ‘Analyse’ button.
Thereafter, click ‘Run Cleaner’ after you have reviewed what it proposes to clean.

REBOOT and re-run the DSS scans.

**myotherhalf007** · 18-01-2008

Done a System Restore to one I done earlier in the day and it worked!

As I had lost my Power Options except for ones I created, I installed a reg file to fix it, but I wasn't happy with it. I had done a System Restore Point before adding the registry file, so I done a Sytem Restore back to the one I done earlier in the day for this and it worked! So it seems to working for some dates.

I uninstalled Threatfire to be sure it wasn't interferring with the Restore Points and tried the System Restore again to go back to the earliest one - but still no joy.

Also for some reason Firefox (which is what I use mainly) has started acting up. I am not asking for help with this but thought I would mention it incase there is a connection with the problem.

Uninstalled Java & installed Java Runtime Environment (JRE) 6 Update 4

I have done as you asked - up to installing CCleaner. But you said "Do not run CCleaner until requested later"

Regarding Acronis Trueimage, the last backup I did was 12 months ago and was about to tidy up the computer in order to do another one!

Thank you for your help with this.

**VopThis** · 19-01-2008

All of your older 'restore points' seem to indeed be corrupt in spite of any current success. This would seem to favor a clean re-install option.

The remaining procedures were indeed provided in my last post after this line:

Do not run CCleaner until requested later.

Run CCleaner in SAFE MODE (reboot tapping the F8 key after the beep).

Re-run AVG in safe mode (may get a better result) and clean out the vault.

Select the ‘Options’ BUTTON option (top LEFT), ‘Advanced’ BUTTON, and then UNCHECK the ‘Only delete files in Windows Temp Folders older than 48 hours’ (often, the latest download traffic could be the bearer of bad content).

Select the ‘Cleaner’ BUTTON option (top LEFT), if not already selected. Use the ’Windows’ TAB up front by default.

Uncheck ‘Cookies’ option (advisable)
Optionally, Uncheck ‘Recently Typed URLs’ option (potentially still useful)
Click the ‘Analyse’ button.
Thereafter, click ‘Run Cleaner’ after you have reviewed what it proposes to clean.

REBOOT and re-run the DSS scans.

**myotherhalf007** · 19-01-2008

All done as per instructions.

Enclosed Main.txt file as below, but there wasn't another Extra.txt created?

Main.txt:

Deckard's System Scanner v20071014.68
Run by XXXXXXXXXX on 2008-01-19 12:07:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as XXXXXXXXXX.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:36, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\FDD_FM~1\CZFMDSER.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA IE.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\FDD_FM~1\CZFMDXPK.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Documents and Settings\XXXXXXXXXX\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\XXXXXXXXXX.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?source...970-01,GGLH:en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA IE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [CZFMDXPK] C:\PROGRA~1\FDD_FM~1\CZFMDXPK.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA IE.EXE /P30 "EPSON Stylus Photo R220 Series" /M "Stylus Photo R220" /EF "HKCU"
O4 - HKCU\..\Run: [Tesco] "C:\Program Files\Tesco internet phone\TescoIP.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk.disabled
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bookmark Master - {EC72627A-360F-4C0D-AD13-5A793AD580CE} - C:\PROGRA~1\BOOKMA~1\FavMM.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=pavilion &pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CZFMDSER.EXE - Unknown owner - C:\PROGRA~1\FDD_FM~1\CZFMDSER.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11527 bytes

-- Files created between 2007-12-19 and 2008-01-19 -----------------------------

2008-01-19 02:14:51 0 dr-h----- C:\Documents and Settings\XXXXXXXXXX\Recent
2008-01-18 17:13:08 0 d-------- C:\Program Files\CCleaner
2008-01-18 16:58:27 0 d-------- C:\Program Files\Trend Micro
2008-01-18 15:13:50 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-01-18 15:13:50 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-15 00:20:28 14680064 --a------ C:\Documents and Settings\XXXXXXXXXX\ntuser.dat
2008-01-13 05:27:25 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-10 01:29:16 0 d-------- C:\Documents and Settings\XXXXXXXXXX\dwhelper
2008-01-04 14:56:36 0 d-------- C:\Program Files\EA GAMES
2008-01-04 14:56:35 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2008-01-01 04:31:57 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\SiteAdvisor
2007-12-28 19:42:14 5 --a------ C:\vdir
2007-12-28 00:49:01 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\Printer Info Cache

-- Find3M Report ---------------------------------------------------------------

2008-01-19 12:03:19 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\MailWasher
2008-01-19 01:56:02 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\AVG7
2008-01-18 16:55:20 0 d-------- C:\Program Files\Java
2008-01-18 15:14:11 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\dvdcss
2008-01-18 15:13:48 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\Identities
2008-01-17 11:25:08 0 d-------- C:\Program Files\DigiGuide TV Guide
2008-01-15 00:06:54 0 d-------- C:\Program Files\WinTidy
2008-01-15 00:05:39 0 d-------- C:\Program Files\DynDNS Updater
2008-01-11 18:15:40 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-10 23:43:20 6622 --a------ C:\Documents and Settings\XXXXXXXXXX\Application Data\wklnhst.dat
2008-01-05 15:19:12 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\Free Download Manager
2007-12-29 18:01:56 0 d-------- C:\Program Files\Trillian
2007-12-29 10:29:00 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-28 22:26:55 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\U3
2007-11-29 01:49:28 0 d-------- C:\Program Files\Tesco internet phone
2007-11-14 02:16:13 262144 --a------ C:\WINDOWS\system32\default_user_class.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [06/08/2005 04:56]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [12/08/2006 07:25]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [27/09/2006 17:10]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [27/09/2006 17:10]
"nwiz"="nwiz.exe" [27/09/2006 17:10 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [26/07/2006 22:44 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/09/2007 02:27]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [11/07/2006 20:55]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [19/06/2006 10:33]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [13/07/2006 14:02]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [11/10/2005 09:23]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [28/07/2004 07:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [28/07/2004 07:50]
"KernelFaultCheck"="C:\WINDOWS\system32\dumpre p 0 -k" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc. exe" [21/12/2007 09:35]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATIAIE.exe" [09/03/2005 05:00]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [16/10/2006 21:12]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [16/10/2006 21:17]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [16/10/2006 21:13]
"CZFMDXPK"="C:\PROGRA~1\FDD_FM~1\CZFMDXPK.exe" [14/06/2004 09:37]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 02:29]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [14/11/2007 16:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [14/12/2007 03:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATIAIE.exe" [09/03/2005 05:00]
"Tesco"="C:\Program Files\Tesco internet phone\TescoIP.exe" [28/11/2007 17:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [16/03/2006 04:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [12/05/2006 13:33:22]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE [14/03/2007 09:07:50]
HP Photosmart Premier Fast Start.lnk.disabled [29/06/2006 18:47:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\R oyale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale. theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"gStart"=C:\Garmin\gStart.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCh eck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{743e3d44-daea-11db-b70f-001636b00c52}]

-- End of Deckard's System Scanner: finished at 2008-01-19 12:08:08 ------------

**VopThis** · 19-01-2008

Your latest DSS post did not include your latest restore point details (probably the same?). Meanwhile, all of this has distracted our focus from a suspected generic malware determination (or false positive) which may or may not be still be present:

http://www.google.ca/search?hl=en&q=+SHeur&btnG=Search

When did you start using Hive Cleaner (never heard of it until today - certainly not recommended for end users):

C:\Program Files\UPHClean\uphclean.exe
http://www.google.ca/search?hl=en&q=...22&btnG=Search

I have no way of knowing what could go wrong with such a tool - it is indeed possible that it trashed all your previous restore points (with essentially no functional restore points remaining - not a good situation). Your situation is not very typical and is still suggestive that your best course of action is a re-install after backing up user files in Acronis.

WE can scan for additional malware issues (with no clear direction on which tools might potentially help, if any) but that may not likely resolve the issues above.

Download SUPERAntiSpyware (SAS) free home version:

http://www.superantispyware.com/supe...freevspro.html

Install it and double-click the icon on your desktop to run it:

It will ask if you want to update the program definitions, click "Yes",
Let it through your firewall!
Under "Configuration and Preferences", click the Preferences BUTTON.
Click the Scanning Control TAB.
Under "Scanner Options" make sure the following and additional items are checked:
- Close browsers before scanning
- Scan for tracking cookies (default)
- Terminate memory threats before quarantining.
- Ignore System Restore/Volume Information on ME and XP
- Optional scan item:
  - Scan Alternate Data Streams (OPTIONAL Selection – deeper, trickier infection issues - longer scan).
- Click the Close button to leave the control center screen.
On the main screen, under "Scan for Harmful Software" click Scan your computer.
- On the left check "C:\Fixed Drive".
- On the right, under "Complete Scan", choose Perform Complete Scan.
- Click "Next" to start the scan. Please be patient while it scans your computer.
- After the scan is complete a summary box will appear. Click "OK".
- Make sure everything in the white box has a check next to it, then click "Next".
- It will quarantine what it found and if it asks if you want to reboot, click "Yes".
To retrieve the removal information - please do the following:
- After reboot, double-click the "SUPERAntiSpyware icon" on your desktop.
- Click "Preferences". Click the Statistics/Logs TAB.
- Under "Scanner Logs", double-click "SUPERAntiSpyware Scan Log".
- It will open in your default text editor (such as Notepad/Wordpad).
- Please highlight everything , then right-click and choose copy.
Click close and close again to exit the program.
Please paste:
- The SAS LOG information.
- A new HijackThis LOG (with any current observations).

**myotherhalf007** · 20-01-2008

When did you start using Hive Cleaner (never heard of it until today - certainly not recommended for end users)

UPHClean v1.6d was I installed on the 13/11/2007 - for a slow logoff problem and an error I kept getting Event ID 1517 to do with user log off etc. It really did solve the problem but after reading the links you sent me, I'm not sure about it now. I have never gone back using a System Restore point since installing it, so wouldn't have realised it was a problem.

I don't want to do a re-install as I don't have any problems other than the possible virus found and the system restore problem. I know that is serious in itself but I do back up my email and data files, so would rather take the risk and try and fix the System Restore by clearing it out and starting again from this point, then check it now and again by going back to an earlier restore point.

I have installed SUPERAntiSpyware & followed your instructions and enclose the log file.

Regarding the file Extra.txt - should I still be getting one when I run Deckard's System Scanner?

I really apprieciate your help with this but if you feel you have done enough, I understand.

Main.txt:
Deckard's System Scanner v20071014.68
Run by XXXXXXXXXXXXX on 2008-01-19 22:18:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as XXXXXXXXXXXXX.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:18:20, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\FDD_FM~1\CZFMDSER.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA IE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\FDD_FM~1\CZFMDXPK.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\Documents and Settings\XXXXXXXXXX\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\XXXXXXXXXX~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA IE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [CZFMDXPK] C:\PROGRA~1\FDD_FM~1\CZFMDXPK.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA IE.EXE /P30 "EPSON Stylus Photo R220 Series" /M "Stylus Photo R220" /EF "HKCU"
O4 - HKCU\..\Run: [Tesco] "C:\Program Files\Tesco internet phone\TescoIP.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk.disabled
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bookmark Master - {EC72627A-360F-4C0D-AD13-5A793AD580CE} - C:\PROGRA~1\BOOKMA~1\FavMM.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=pavilion &pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CZFMDSER.EXE - Unknown owner - C:\PROGRA~1\FDD_FM~1\CZFMDSER.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11679 bytes

-- Files created between 2007-12-19 and 2008-01-19 -----------------------------

2008-01-19 20:53:15 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-19 20:53:07 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-19 20:53:07 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\SUPERAntiSpyware.com
2008-01-19 20:52:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-19 02:14:51 0 dr-h----- C:\Documents and Settings\XXXXXXXXXX\Recent
2008-01-18 17:13:08 0 d-------- C:\Program Files\CCleaner
2008-01-18 16:58:27 0 d-------- C:\Program Files\Trend Micro
2008-01-18 15:13:50 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-01-18 15:13:50 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-15 00:20:28 14680064 --a------ C:\Documents and Settings\XXXXXXXXXX\ntuser.dat
2008-01-13 05:27:25 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-10 01:29:16 0 d-------- C:\Documents and Settings\XXXXXXXXXX\dwhelper
2008-01-04 14:56:36 0 d-------- C:\Program Files\EA GAMES
2008-01-04 14:56:35 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2008-01-01 04:31:57 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\SiteAdvisor
2007-12-28 19:42:14 5 --a------ C:\vdir
2007-12-28 00:49:01 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\Printer Info Cache

-- Find3M Report ---------------------------------------------------------------

2008-01-19 20:52:23 0 d-------- C:\Program Files\Common Files
2008-01-19 16:11:52 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\MailWasher
2008-01-19 01:56:02 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\AVG7
2008-01-18 16:55:20 0 d-------- C:\Program Files\Java
2008-01-18 15:14:11 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\dvdcss
2008-01-18 15:13:48 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\Identities
2008-01-17 11:25:08 0 d-------- C:\Program Files\DigiGuide TV Guide
2008-01-15 00:06:54 0 d-------- C:\Program Files\WinTidy
2008-01-15 00:05:39 0 d-------- C:\Program Files\DynDNS Updater
2008-01-11 18:15:40 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-10 23:43:20 6622 --a------ C:\Documents and Settings\XXXXXXXXXX\Application Data\wklnhst.dat
2008-01-05 15:19:12 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\Free Download Manager
2007-12-29 18:01:56 0 d-------- C:\Program Files\Trillian
2007-12-29 10:29:00 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-28 22:26:55 0 d-------- C:\Documents and Settings\XXXXXXXXXX\Application Data\U3
2007-11-29 01:49:28 0 d-------- C:\Program Files\Tesco internet phone
2007-11-14 02:16:13 262144 --a------ C:\WINDOWS\system32\default_user_class.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [06/08/2005 04:56]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [12/08/2006 07:25]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [27/09/2006 17:10]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [27/09/2006 17:10]
"nwiz"="nwiz.exe" [27/09/2006 17:10 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [26/07/2006 22:44 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/09/2007 02:27]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [11/07/2006 20:55]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [19/06/2006 10:33]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [13/07/2006 14:02]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [11/10/2005 09:23]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [28/07/2004 07:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [28/07/2004 07:50]
"KernelFaultCheck"="C:\WINDOWS\system32\dumpre p 0 -k" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc. exe" [21/12/2007 09:35]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATIAIE.exe" [09/03/2005 05:00]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [16/10/2006 21:12]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [16/10/2006 21:17]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [16/10/2006 21:13]
"CZFMDXPK"="C:\PROGRA~1\FDD_FM~1\CZFMDXPK.exe" [14/06/2004 09:37]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 02:29]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [14/11/2007 16:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [14/12/2007 03:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATIAIE.exe" [09/03/2005 05:00]
"Tesco"="C:\Program Files\Tesco internet phone\TescoIP.exe" [28/11/2007 17:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [16/03/2006 04:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 14:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [12/05/2006 13:33:22]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE [14/03/2007 09:07:50]
HP Photosmart Premier Fast Start.lnk.disabled [29/06/2006 18:47:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\R oyale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale. theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"gStart"=C:\Garmin\gStart.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCh eck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{743e3d44-daea-11db-b70f-001636b00c52}]

-- End of Deckard's System Scanner: finished at 2008-01-19 22:18:54 ------------

SUPERAntiSpyware Scan Log - 01-19-2008 - 22-03-09.log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/19/2008 at 10:03 PM

Application Version : 3.9.1008

Core Rules Database Version : 3384
Trace Rules Database Version: 1378

Scan type : Complete Scan
Total Scan Time : 01:00:13

Memory items scanned : 470
Memory threats detected : 0
Registry items scanned : 6535
Registry threats detected : 0
File items scanned : 38862
File threats detected : 52

Adware.Tracking Cookie
C:\Documents and Settings\XXXXX\Cookies\XXXXX@112.2o7[2].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@2o7[2].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@ad.uk.tangozebra[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@ad.yieldmanager[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@adopt.euroclick[2].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@adrevenue[2].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@adrevolver[2].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@ads.revsci[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@adtech[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@advertising[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@adviva[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@allyours.virginmedia[2].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@atdmt[2].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@bluestreak[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@bs.serving-sys[2].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@carphonewarehouse.112 .2o7[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@doubleclick[2].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@ehg-systemax.hitbox[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@ehg-techtarget.hitbox[2].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@fastclick[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@hitbox[2].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@imrworldwide[2].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@linksynergy[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@machinemart.122.2o7[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@media.adrevolver[2].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@media.adrevolver[3].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@mediaplex[2].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@msnportal.112.2o7[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@nextag.co[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@pcstats[2].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@questionmarket[2].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@revsci[2].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@roiservice[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@server.iad.liveperson[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@server.iad.liveperson[3].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@server.lon.liveperson[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@server.lon.liveperson[3].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@serving-sys[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@smartadserver[2].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@statcounter[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@statse.webtrendslive[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@tacoda[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@tracking.summitmedia. co[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@tradedoubler[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@tribalfusion[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@virginmedia[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@www.clickmanage[2].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@www.virginmedia[1].txt
C:\Documents and Settings\XXXXX\Cookies\XXXXX@xiti[1].txt
C:\Documents and Settings\XXXXXXXXXXX\Cookies\XXXXXXXXXXX@2o7[1].txt
C:\Documents and Settings\XXXXXXXXXXX\Cookies\XXXXXXXXXXX@statcount er[2].txt
C:\Documents and Settings\XXXXXXXXXXX\Cookies\XXXXXXXXXXX@tradedoub ler[2].txt

AVG Trojan horse SHeur.ALJL?

AVG Trojan horse SHeur.ALJL?

Similar Threads

AVG Trojan horse SHeur.ALJL?

Trojan Horse

Trojan Horse

TROJAN HORSE can't get rid!!! please help!!

Trojan Horse