Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help with adsonmedia pop ups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help with adsonmedia pop ups

Unread postby tremma » July 25th, 2008, 1:17 am

Hello there

I have run adaware and AVG to try and get of it it finds the infected components and i delete them but it keeps returning. It cause an adsonmedia pop up to occur it will close whatever i have open to run it i have done the log for hijack and here it is :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:12 PM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\system32\spoolsv.exe
D:\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\System32\Rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dragons.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: - {0B428C12-8F5E-4D26-9ABF-7876339DBCA1} - C:\WINDOWS\system32\1Hf68rCy.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: adsonmedia browser optimizer - {fb6a340c-add3-4fdf-0c08-27960d06ad48} - C:\WINDOWS\system32\xitvnymhozzp.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [{930fbcb8-84bb-7a98-9bdb-0ec97af2b33b}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\xitvnymhozzp.dll" DllStart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D5FC114-CEFC-4568-B44C-B152380BA75D}: NameServer = 10.1.1.1,10.1.1.0
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7557 bytes



Thanking you

Troy
tremma
Active Member
 
Posts: 4
Joined: July 25th, 2008, 1:12 am
Advertisement
Register to Remove

Re: Help with adsonmedia pop ups

Unread postby random/random » July 25th, 2008, 10:00 am

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
User avatar
random/random
Developer
Developer
 
Posts: 7730
Joined: December 18th, 2005, 3:30 pm

Re: Help with adsonmedia pop ups

Unread postby tremma » July 25th, 2008, 9:43 pm

Please find the main txt and extra txt below and thanks for your time - i saw nothing regarding administor privilages it just automatically ran . Could not find options for this ???


Deckard's System Scanner v20071014.68
Run by Troy on 2008-07-26 11:33:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
68: 2008-07-26 01:33:53 UTC - RP110 - Deckard's System Scanner Restore Point
67: 2008-07-25 22:26:40 UTC - RP109 - Avg8 Update
66: 2008-07-25 22:17:55 UTC - RP108 - Avg8 Update
65: 2008-07-25 18:29:30 UTC - RP107 - System Checkpoint
64: 2008-07-24 09:27:29 UTC - RP106 - System Checkpoint


-- First Restore Point --
1: 2008-04-28 13:28:35 UTC - RP43 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Troy.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:50 AM, on 7/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
D:\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Documents and Settings\Troy\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Troy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dragons.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: - {0B428C12-8F5E-4D26-9ABF-7876339DBCA1} - C:\WINDOWS\system32\1Hf68rCy.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: adsonmedia browser optimizer - {fb6a340c-add3-4fdf-0c08-27960d06ad48} - C:\WINDOWS\system32\xitvnymhozzp.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [{930fbcb8-84bb-7a98-9bdb-0ec97af2b33b}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\xitvnymhozzp.dll" DllStart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D5FC114-CEFC-4568-B44C-B152380BA75D}: NameServer = 10.1.1.1,10.1.1.0
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7546 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Video Controller
Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_00191822&REV_05\3&13C0B0C5&0&50
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_00191822&REV_05\3&13C0B0C5&0&50
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_14F1&DEV_8801&SUBSYS_00191822&REV_05\3&13C0B0C5&0&51
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_14F1&DEV_8801&SUBSYS_00191822&REV_05\3&13C0B0C5&0&51
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_14F1&DEV_8802&SUBSYS_00191822&REV_05\3&13C0B0C5&0&52
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_14F1&DEV_8802&SUBSYS_00191822&REV_05\3&13C0B0C5&0&52
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_14F1&DEV_8804&SUBSYS_00191822&REV_05\3&13C0B0C5&0&54
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_14F1&DEV_8804&SUBSYS_00191822&REV_05\3&13C0B0C5&0&54
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-26 11:29:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-26 11:00:00 350 --a------ C:\WINDOWS\Tasks\At60.job
2008-07-26 11:00:00 350 --a------ C:\WINDOWS\Tasks\At36.job
2008-07-26 11:00:00 350 --a------ C:\WINDOWS\Tasks\At12.job
2008-07-26 10:00:00 350 --a------ C:\WINDOWS\Tasks\At59.job
2008-07-26 10:00:00 350 --a------ C:\WINDOWS\Tasks\At35.job
2008-07-26 10:00:00 350 --a------ C:\WINDOWS\Tasks\At11.job
2008-07-26 09:00:00 350 --a------ C:\WINDOWS\Tasks\At58.job
2008-07-26 09:00:00 350 --a------ C:\WINDOWS\Tasks\At34.job
2008-07-26 09:00:00 350 --a------ C:\WINDOWS\Tasks\At10.job
2008-07-26 08:00:00 350 --a------ C:\WINDOWS\Tasks\At9.job
2008-07-26 08:00:00 350 --a------ C:\WINDOWS\Tasks\At57.job
2008-07-26 08:00:00 350 --a------ C:\WINDOWS\Tasks\At33.job
2008-07-26 07:00:00 350 --a------ C:\WINDOWS\Tasks\At8.job
2008-07-26 07:00:00 350 --a------ C:\WINDOWS\Tasks\At56.job
2008-07-26 07:00:00 350 --a------ C:\WINDOWS\Tasks\At32.job
2008-07-26 06:00:00 350 --a------ C:\WINDOWS\Tasks\At7.job
2008-07-26 06:00:00 350 --a------ C:\WINDOWS\Tasks\At55.job
2008-07-26 06:00:00 350 --a------ C:\WINDOWS\Tasks\At31.job
2008-07-26 05:00:00 350 --a------ C:\WINDOWS\Tasks\At6.job
2008-07-26 05:00:00 350 --a------ C:\WINDOWS\Tasks\At54.job
2008-07-26 05:00:00 350 --a------ C:\WINDOWS\Tasks\At30.job
2008-07-26 04:00:00 350 --a------ C:\WINDOWS\Tasks\At53.job
2008-07-26 04:00:00 350 --a------ C:\WINDOWS\Tasks\At5.job
2008-07-26 04:00:00 350 --a------ C:\WINDOWS\Tasks\At29.job
2008-07-26 03:00:00 350 --a------ C:\WINDOWS\Tasks\At52.job
2008-07-26 03:00:00 350 --a------ C:\WINDOWS\Tasks\At4.job
2008-07-26 03:00:00 350 --a------ C:\WINDOWS\Tasks\At28.job
2008-07-26 02:00:00 350 --a------ C:\WINDOWS\Tasks\At51.job
2008-07-26 02:00:00 350 --a------ C:\WINDOWS\Tasks\At3.job
2008-07-26 02:00:00 350 --a------ C:\WINDOWS\Tasks\At27.job
2008-07-26 01:00:00 350 --a------ C:\WINDOWS\Tasks\At50.job
2008-07-26 01:00:00 350 --a------ C:\WINDOWS\Tasks\At26.job
2008-07-26 01:00:00 350 --a------ C:\WINDOWS\Tasks\At2.job
2008-07-26 00:48:00 350 --a------ C:\WINDOWS\Tasks\At25.job
2008-07-26 00:26:00 350 --a------ C:\WINDOWS\Tasks\At1.job
2008-07-26 00:24:00 350 --a------ C:\WINDOWS\Tasks\At49.job
2008-07-25 19:00:00 350 --a------ C:\WINDOWS\Tasks\At68.job
2008-07-25 19:00:00 350 --a------ C:\WINDOWS\Tasks\At44.job
2008-07-25 19:00:00 350 --a------ C:\WINDOWS\Tasks\At20.job
2008-07-25 18:00:00 350 --a------ C:\WINDOWS\Tasks\At67.job
2008-07-25 18:00:00 350 --a------ C:\WINDOWS\Tasks\At43.job
2008-07-25 18:00:00 350 --a------ C:\WINDOWS\Tasks\At19.job
2008-07-25 17:00:00 350 --a------ C:\WINDOWS\Tasks\At66.job
2008-07-25 17:00:00 350 --a------ C:\WINDOWS\Tasks\At42.job
2008-07-25 17:00:00 350 --a------ C:\WINDOWS\Tasks\At18.job
2008-07-25 16:00:00 350 --a------ C:\WINDOWS\Tasks\At65.job
2008-07-25 16:00:00 350 --a------ C:\WINDOWS\Tasks\At41.job
2008-07-25 16:00:00 350 --a------ C:\WINDOWS\Tasks\At17.job
2008-07-25 15:00:00 350 --a------ C:\WINDOWS\Tasks\At64.job
2008-07-25 15:00:00 350 --a------ C:\WINDOWS\Tasks\At40.job
2008-07-25 15:00:00 350 --a------ C:\WINDOWS\Tasks\At16.job
2008-07-25 12:00:00 350 --a------ C:\WINDOWS\Tasks\At61.job
2008-07-25 12:00:00 350 --a------ C:\WINDOWS\Tasks\At37.job
2008-07-25 12:00:00 350 --a------ C:\WINDOWS\Tasks\At13.job
2008-07-24 21:00:00 350 --a------ C:\WINDOWS\Tasks\At70.job
2008-07-24 21:00:00 350 --a------ C:\WINDOWS\Tasks\At46.job
2008-07-24 21:00:00 350 --a------ C:\WINDOWS\Tasks\At22.job
2008-07-24 20:00:00 350 --a------ C:\WINDOWS\Tasks\At69.job
2008-07-24 20:00:00 350 --a------ C:\WINDOWS\Tasks\At45.job
2008-07-24 20:00:00 350 --a------ C:\WINDOWS\Tasks\At21.job
2008-07-24 14:00:00 350 --a------ C:\WINDOWS\Tasks\At63.job
2008-07-24 14:00:00 350 --a------ C:\WINDOWS\Tasks\At39.job
2008-07-24 14:00:00 350 --a------ C:\WINDOWS\Tasks\At15.job
2008-07-24 13:00:00 350 --a------ C:\WINDOWS\Tasks\At62.job
2008-07-24 13:00:00 350 --a------ C:\WINDOWS\Tasks\At38.job
2008-07-24 13:00:00 350 --a------ C:\WINDOWS\Tasks\At14.job
2008-07-22 23:00:00 350 --a------ C:\WINDOWS\Tasks\At72.job
2008-07-22 23:00:00 350 --a------ C:\WINDOWS\Tasks\At48.job
2008-07-22 23:00:00 350 --a------ C:\WINDOWS\Tasks\At24.job
2008-07-22 22:00:00 350 --a------ C:\WINDOWS\Tasks\At71.job
2008-07-22 22:00:00 350 --a------ C:\WINDOWS\Tasks\At47.job
2008-07-22 22:00:00 350 --a------ C:\WINDOWS\Tasks\At23.job


-- Files created between 2008-06-26 and 2008-07-26 -----------------------------

2008-07-25 14:58:44 0 d-------- C:\Program Files\Trend Micro
2008-07-11 14:05:26 0 d--h----- C:\$AVG8.VAULT$
2008-07-08 05:21:55 0 d-------- C:\Program Files\Lavasoft
2008-07-08 05:21:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-08 04:49:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-08 04:49:03 0 d-------- C:\Program Files\AVG
2008-07-08 04:49:03 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-08 04:46:05 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-07 22:22:45 64846 --a------ C:\WINDOWS\system32\ozlodntbokvmtnhne.exe
2008-07-07 21:33:00 158208 --a------ C:\WINDOWS\system32\xitvnymhozzp.dll
2008-07-07 20:00:26 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-07-07 20:00:26 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-07-07 20:00:12 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-07-07 18:29:23 19456 --a------ C:\WINDOWS\system32\1Hf68rCy.dll
2008-06-27 08:32:01 18816 --a------ C:\WINDOWS\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
2008-06-27 08:32:00 0 d-------- C:\Program Files\dvd43


-- Find3M Report ---------------------------------------------------------------

2008-07-25 23:35:33 0 d-------- C:\Program Files\lg_fwupdate
2008-07-17 09:43:30 0 d-------- C:\Documents and Settings\Troy\Application Data\uTorrent
2008-07-16 07:58:08 0 d-------- C:\Program Files\World of Warcraft
2008-07-08 05:21:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-26 14:30:13 668 --a------ C:\Documents and Settings\Troy\Application Data\vso_ts_preview.xml


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B428C12-8F5E-4D26-9ABF-7876339DBCA1}]
07/11/2008 01:03 AM 19456 --a------ C:\WINDOWS\system32\1Hf68rCy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fb6a340c-add3-4fdf-0c08-27960d06ad48}]
07/07/2008 09:33 PM 158208 --a------ C:\WINDOWS\system32\xitvnymhozzp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [04/26/2005 01:22 PM]
"SoundMan"="SOUNDMAN.EXE" [05/17/2005 08:48 PM C:\WINDOWS\SOUNDMAN.EXE]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [03/14/2006 12:06 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [03/30/2008 04:57 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="D:\iTunesHelper.exe" [03/30/2008 10:36 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/30/2003 12:14 AM]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [03/21/2006 01:19 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [12/05/2005 06:04 PM]
"{930fbcb8-84bb-7a98-9bdb-0ec97af2b33b}"="C:\WINDOWS\system32\xitvnymhozzp.dll" [07/07/2008 09:33 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/26/2008 08:26 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/14/2004 02:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 10:00 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= D:\DVDREG~1\DVDShell.dll [10/09/2004 02:18 PM 49152]
"{650CA63D-4A01-4BF8-A608-9B1EBB36292E}"= C:\WINDOWS\system32\Rg5UD4b8.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-07-26 11:36:30 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) D CPU 2.66GHz
CPU 1: Intel(R) Pentium(R) D CPU 2.66GHz
Percentage of Memory in Use: 25%
Physical Memory (total/avail): 2047.48 MiB / 1529.3 MiB
Pagefile Memory (total/avail): 3940.41 MiB / 3532.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.87 MiB

C: is Fixed (NTFS) - 39.07 GiB total, 20.34 GiB free.
D: is Fixed (NTFS) - 147.24 GiB total, 44.46 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - SAMSUNG SP2004C SCSI Disk Device - 186.18 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 39.07 GiB - C:
\PARTITION1 - Installable File System - 147.24 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\iTunes.exe"="D:\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Troy\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Troy
LOGONSERVER=\\COMPUTER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\AVG\AVG8;C:\Program Files\AVG\AVG8
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Troy\LOCALS~1\Temp
TMP=C:\DOCUME~1\Troy\LOCALS~1\Temp
USERDOMAIN=COMPUTER
USERNAME=Troy
USERPROFILE=C:\Documents and Settings\Troy
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Troy (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
ConvertXtoDVD 3.0.0.9 --> "D:\convertxtoDVD\unins000.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "D:\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "D:\DVD Shrink\unins000.exe"
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
DVD43 v3.7.0 --> "C:\Program Files\dvd43\unins000.exe"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Enhancement Browser Tools Adsonmedia --> C:\WINDOWS\system32\ozlodntbokvmtnhne.exe
ffdshow [rev 1946] [2008-04-21] --> "C:\Program Files\ffdshow\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
LG ODD Auto Firmware Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly REMOVE
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x9 REMOVE
ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
WinAVI Video Converter 9.0 --> "C:\WINDOWS\WinAVI Video Converter 9.0\uninstall.exe" "/U:C:\Program Files\WinAVI Video Converter 9.0\Uninstall\uninstall.xml"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type612 / Error
Event Submitted/Written: 07/24/2008 10:14:05 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ventrilo.exe, version 3.0.1.0, faulting module unknown, version 0.0.0.0, fault address 0x4b435553.
Processing media-specific event for [ventrilo.exe!ws!]

Event Record #/Type595 / Error
Event Submitted/Written: 07/23/2008 10:07:55 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type594 / Error
Event Submitted/Written: 07/23/2008 10:07:20 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type593 / Error
Event Submitted/Written: 07/23/2008 10:05:16 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application InCDsrv.exe, version 4.3.18.0, faulting module InCDsrv.exe, version 4.3.18.0, fault address 0x000b19d5.
Processing media-specific event for [InCDsrv.exe!ws!]

Event Record #/Type531 / Error
Event Submitted/Written: 07/11/2008 00:23:38 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 804666644.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1861395 / Error
Event Submitted/Written: 07/26/2008 11:00:00 AM
Event ID/Source: 7901 / Schedule
Event Description:
The At60.job command failed to start due to the following error:
%%2147942402

Event Record #/Type1861394 / Error
Event Submitted/Written: 07/26/2008 11:00:00 AM
Event ID/Source: 7901 / Schedule
Event Description:
The At36.job command failed to start due to the following error:
%%2147942402

Event Record #/Type1861393 / Error
Event Submitted/Written: 07/26/2008 11:00:00 AM
Event ID/Source: 7901 / Schedule
Event Description:
The At12.job command failed to start due to the following error:
%%2147942402

Event Record #/Type1861392 / Error
Event Submitted/Written: 07/26/2008 10:00:00 AM
Event ID/Source: 7901 / Schedule
Event Description:
The At59.job command failed to start due to the following error:
%%2147942402

Event Record #/Type1861391 / Error
Event Submitted/Written: 07/26/2008 10:00:00 AM
Event ID/Source: 7901 / Schedule
Event Description:
The At35.job command failed to start due to the following error:
%%2147942402



-- End of Deckard's System Scanner: finished at 2008-07-26 11:36:30 ------------
tremma
Active Member
 
Posts: 4
Joined: July 25th, 2008, 1:12 am

Re: Help with adsonmedia pop ups

Unread postby random/random » July 26th, 2008, 7:24 am

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: Select all
    C:\WINDOWS\Tasks\At19.job
    C:\WINDOWS\Tasks\At66.job
    C:\WINDOWS\Tasks\At42.job
    C:\WINDOWS\Tasks\At18.job
    C:\WINDOWS\Tasks\At65.job
    C:\WINDOWS\Tasks\At41.job
    C:\WINDOWS\Tasks\At17.job
    C:\WINDOWS\Tasks\At64.job
    C:\WINDOWS\Tasks\At40.job
    C:\WINDOWS\Tasks\At16.job
    C:\WINDOWS\Tasks\At61.job
    C:\WINDOWS\Tasks\At37.job
    C:\WINDOWS\Tasks\At13.job
    C:\WINDOWS\Tasks\At70.job
    C:\WINDOWS\Tasks\At46.job
    C:\WINDOWS\Tasks\At22.job
    C:\WINDOWS\Tasks\At69.job
    C:\WINDOWS\Tasks\At45.job
    C:\WINDOWS\Tasks\At21.job
    C:\WINDOWS\Tasks\At63.job
    C:\WINDOWS\Tasks\At39.job
    C:\WINDOWS\Tasks\At15.job
    C:\WINDOWS\Tasks\At62.job
    C:\WINDOWS\Tasks\At38.job
    C:\WINDOWS\Tasks\At14.job
    C:\WINDOWS\Tasks\At72.job
    C:\WINDOWS\Tasks\At48.job
    C:\WINDOWS\Tasks\At24.job
    C:\WINDOWS\Tasks\At71.job
    C:\WINDOWS\Tasks\At47.job
    C:\WINDOWS\Tasks\At23.job
    C:\WINDOWS\system32\ozlodntbokvmtnhne.exe
    C:\WINDOWS\system32\xitvnymhozzp.dll
    C:\WINDOWS\system32\1Hf68rCy.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B428C12-8F5E-4D26-9ABF-7876339DBCA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fb6a340c-add3-4fdf-0c08-27960d06ad48}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\{930fbcb8-84bb-7a98-9bdb-0ec97af2b33b}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{650CA63D-4A01-4BF8-A608-9B1EBB36292E}
    HKEY_CLASSES_ROOT\CLSID\{0B428C12-8F5E-4D26-9ABF-7876339DBCA1}
    HKEY_CLASSES_ROOT\CLSID\{fb6a340c-add3-4fdf-0c08-27960d06ad48}
    HKEY_CLASSES_ROOT\CLSID\{650CA63D-4A01-4BF8-A608-9B1EBB36292E}

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Go to Start > Run... and copy/paste the text below into the Runbox:

Code: Select all
"%userprofile%\desktop\dss.exe" /config


A window will open. Click on Check All, then click Scan!.

When it has finished, Deckard's System Scanner will open two Notepad files: main.txt and extra.txt- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply
User avatar
random/random
Developer
Developer
 
Posts: 7730
Joined: December 18th, 2005, 3:30 pm

Re: Help with adsonmedia pop ups

Unread postby tremma » July 26th, 2008, 6:24 pm

OT MOVE IT Results :


File/Folder :\WINDOWS\Tasks\At19.job not found.
C:\WINDOWS\Tasks\At66.job moved successfully.
C:\WINDOWS\Tasks\At42.job moved successfully.
C:\WINDOWS\Tasks\At18.job moved successfully.
C:\WINDOWS\Tasks\At65.job moved successfully.
C:\WINDOWS\Tasks\At41.job moved successfully.
C:\WINDOWS\Tasks\At17.job moved successfully.
C:\WINDOWS\Tasks\At64.job moved successfully.
C:\WINDOWS\Tasks\At40.job moved successfully.
C:\WINDOWS\Tasks\At16.job moved successfully.
C:\WINDOWS\Tasks\At61.job moved successfully.
C:\WINDOWS\Tasks\At37.job moved successfully.
C:\WINDOWS\Tasks\At13.job moved successfully.
C:\WINDOWS\Tasks\At70.job moved successfully.
C:\WINDOWS\Tasks\At46.job moved successfully.
C:\WINDOWS\Tasks\At22.job moved successfully.
C:\WINDOWS\Tasks\At69.job moved successfully.
C:\WINDOWS\Tasks\At45.job moved successfully.
C:\WINDOWS\Tasks\At21.job moved successfully.
C:\WINDOWS\Tasks\At63.job moved successfully.
C:\WINDOWS\Tasks\At39.job moved successfully.
C:\WINDOWS\Tasks\At15.job moved successfully.
C:\WINDOWS\Tasks\At62.job moved successfully.
C:\WINDOWS\Tasks\At38.job moved successfully.
C:\WINDOWS\Tasks\At14.job moved successfully.
C:\WINDOWS\Tasks\At72.job moved successfully.
C:\WINDOWS\Tasks\At48.job moved successfully.
C:\WINDOWS\Tasks\At24.job moved successfully.
C:\WINDOWS\Tasks\At71.job moved successfully.
C:\WINDOWS\Tasks\At47.job moved successfully.
C:\WINDOWS\Tasks\At23.job moved successfully.
C:\WINDOWS\system32\ozlodntbokvmtnhne.exe moved successfully.
C:\WINDOWS\system32\xitvnymhozzp.dll unregistered successfully.
C:\WINDOWS\system32\xitvnymhozzp.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\1Hf68rCy.dll
C:\WINDOWS\system32\1Hf68rCy.dll NOT unregistered.
C:\WINDOWS\system32\1Hf68rCy.dll moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B428C12-8F5E-4D26-9ABF-7876339DBCA1} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B428C12-8F5E-4D26-9ABF-7876339DBCA1}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fb6a340c-add3-4fdf-0c08-27960d06ad48} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fb6a340c-add3-4fdf-0c08-27960d06ad48}\\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\{930fbcb8-84bb-7a98-9bdb-0ec97af2b33b} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\{930fbcb8-84bb-7a98-9bdb-0ec97af2b33b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{930fbcb8-84bb-7a98-9bdb-0ec97af2b33b}\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{650CA63D-4A01-4BF8-A608-9B1EBB36292E} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{650CA63D-4A01-4BF8-A608-9B1EBB36292E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{650CA63D-4A01-4BF8-A608-9B1EBB36292E}\ deleted successfully.
< HKEY_CLASSES_ROOT\CLSID\{0B428C12-8F5E-4D26-9ABF-7876339DBCA1} >
Registry key HKEY_CLASSES_ROOT\CLSID\{0B428C12-8F5E-4D26-9ABF-7876339DBCA1}\\ deleted successfully.
< HKEY_CLASSES_ROOT\CLSID\{fb6a340c-add3-4fdf-0c08-27960d06ad48} >
Registry key HKEY_CLASSES_ROOT\CLSID\{fb6a340c-add3-4fdf-0c08-27960d06ad48}\\ not found.
< HKEY_CLASSES_ROOT\CLSID\{650CA63D-4A01-4BF8-A608-9B1EBB36292E} >
Registry key HKEY_CLASSES_ROOT\CLSID\{650CA63D-4A01-4BF8-A608-9B1EBB36292E}\\ not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07272008_081727






Deckard's System Scanner v20071014.68
Run by Troy on 2008-07-27 08:22:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
68: 2008-07-26 01:33:53 UTC - RP110 - Deckard's System Scanner Restore Point
67: 2008-07-25 22:26:40 UTC - RP109 - Avg8 Update
66: 2008-07-25 22:17:55 UTC - RP108 - Avg8 Update
65: 2008-07-25 18:29:30 UTC - RP107 - System Checkpoint
64: 2008-07-24 09:27:29 UTC - RP106 - System Checkpoint


-- First Restore Point --
1: 2008-04-28 13:28:35 UTC - RP43 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Troy.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:12 AM, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
D:\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Troy\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Troy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dragons.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D5FC114-CEFC-4568-B44C-B152380BA75D}: NameServer = 10.1.1.1,10.1.1.0
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7284 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Video Controller
Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_00191822&REV_05\3&13C0B0C5&0&50
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_00191822&REV_05\3&13C0B0C5&0&50
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_14F1&DEV_8801&SUBSYS_00191822&REV_05\3&13C0B0C5&0&51
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_14F1&DEV_8801&SUBSYS_00191822&REV_05\3&13C0B0C5&0&51
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_14F1&DEV_8802&SUBSYS_00191822&REV_05\3&13C0B0C5&0&52
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_14F1&DEV_8802&SUBSYS_00191822&REV_05\3&13C0B0C5&0&52
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_14F1&DEV_8804&SUBSYS_00191822&REV_05\3&13C0B0C5&0&54
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_14F1&DEV_8804&SUBSYS_00191822&REV_05\3&13C0B0C5&0&54
Service:


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\svchost.exe (pid 952)
2007-07-24 15:17:08 147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>

C:\WINDOWS\explorer.exe (pid 1464)
2005-12-19 19:16:10 135168 --a------ C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll <Not Verified; ScanSoft, Inc.; OmniPage>
2007-05-22 09:59:22 128512 --a------ C:\Program Files\WinRAR\RarExt.dll
2004-10-09 14:18:02 49152 --a------ D:\DVD Region+CSS Free\DVDShell.dll <Not Verified; Fengtao Software Inc.; DVD Region-Free - Watch and copy CSS encrypted DVDs from any region!>

C:\WINDOWS\system32\rundll32.exe (pid 2020)
-- :: 0 --------- C:\WINDOWS\system32\xitvnymhozzp.dll
2005-12-19 19:16:10 135168 --a------ C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll <Not Verified; ScanSoft, Inc.; OmniPage>


-- Scheduled Tasks -------------------------------------------------------------

2008-07-27 08:00:00 350 --a------ C:\WINDOWS\Tasks\At9.job
2008-07-27 08:00:00 350 --a------ C:\WINDOWS\Tasks\At57.job
2008-07-27 08:00:00 350 --a------ C:\WINDOWS\Tasks\At33.job
2008-07-27 07:00:00 350 --a------ C:\WINDOWS\Tasks\At8.job
2008-07-27 07:00:00 350 --a------ C:\WINDOWS\Tasks\At56.job
2008-07-27 07:00:00 350 --a------ C:\WINDOWS\Tasks\At32.job
2008-07-27 06:00:00 350 --a------ C:\WINDOWS\Tasks\At7.job
2008-07-27 06:00:00 350 --a------ C:\WINDOWS\Tasks\At55.job
2008-07-27 06:00:00 350 --a------ C:\WINDOWS\Tasks\At31.job
2008-07-27 05:00:00 350 --a------ C:\WINDOWS\Tasks\At6.job
2008-07-27 05:00:00 350 --a------ C:\WINDOWS\Tasks\At54.job
2008-07-27 05:00:00 350 --a------ C:\WINDOWS\Tasks\At30.job
2008-07-27 04:00:00 350 --a------ C:\WINDOWS\Tasks\At53.job
2008-07-27 04:00:00 350 --a------ C:\WINDOWS\Tasks\At5.job
2008-07-27 04:00:00 350 --a------ C:\WINDOWS\Tasks\At29.job
2008-07-27 03:00:00 350 --a------ C:\WINDOWS\Tasks\At52.job
2008-07-27 03:00:00 350 --a------ C:\WINDOWS\Tasks\At4.job
2008-07-27 03:00:00 350 --a------ C:\WINDOWS\Tasks\At28.job
2008-07-27 02:00:00 350 --a------ C:\WINDOWS\Tasks\At51.job
2008-07-27 02:00:00 350 --a------ C:\WINDOWS\Tasks\At3.job
2008-07-27 02:00:00 350 --a------ C:\WINDOWS\Tasks\At27.job
2008-07-27 01:00:00 350 --a------ C:\WINDOWS\Tasks\At50.job
2008-07-27 01:00:00 350 --a------ C:\WINDOWS\Tasks\At26.job
2008-07-27 01:00:00 350 --a------ C:\WINDOWS\Tasks\At2.job
2008-07-27 00:48:00 350 --a------ C:\WINDOWS\Tasks\At25.job
2008-07-27 00:26:00 350 --a------ C:\WINDOWS\Tasks\At1.job
2008-07-27 00:24:00 350 --a------ C:\WINDOWS\Tasks\At49.job
2008-07-26 19:00:00 350 --a------ C:\WINDOWS\Tasks\At68.job
2008-07-26 19:00:00 350 --a------ C:\WINDOWS\Tasks\At44.job
2008-07-26 19:00:00 350 --a------ C:\WINDOWS\Tasks\At20.job
2008-07-26 18:00:00 350 --a------ C:\WINDOWS\Tasks\At67.job
2008-07-26 18:00:00 350 --a------ C:\WINDOWS\Tasks\At43.job
2008-07-26 18:00:00 350 --a------ C:\WINDOWS\Tasks\At19.job
2008-07-26 11:29:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-26 11:00:00 350 --a------ C:\WINDOWS\Tasks\At60.job
2008-07-26 11:00:00 350 --a------ C:\WINDOWS\Tasks\At36.job
2008-07-26 11:00:00 350 --a------ C:\WINDOWS\Tasks\At12.job
2008-07-26 10:00:00 350 --a------ C:\WINDOWS\Tasks\At59.job
2008-07-26 10:00:00 350 --a------ C:\WINDOWS\Tasks\At35.job
2008-07-26 10:00:00 350 --a------ C:\WINDOWS\Tasks\At11.job
2008-07-26 09:00:00 350 --a------ C:\WINDOWS\Tasks\At58.job
2008-07-26 09:00:00 350 --a------ C:\WINDOWS\Tasks\At34.job
2008-07-26 09:00:00 350 --a------ C:\WINDOWS\Tasks\At10.job


-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-25 14:58:44 0 d-------- C:\Program Files\Trend Micro
2008-07-11 14:05:26 0 d--h----- C:\$AVG8.VAULT$
2008-07-08 05:21:55 0 d-------- C:\Program Files\Lavasoft
2008-07-08 05:21:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-08 04:49:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-08 04:49:03 0 d-------- C:\Program Files\AVG
2008-07-08 04:49:03 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-08 04:46:05 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-07 20:00:26 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-07-07 20:00:26 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-07-07 20:00:12 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-06-27 08:32:01 18816 --a------ C:\WINDOWS\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
2008-06-27 08:32:00 0 d-------- C:\Program Files\dvd43


-- Find3M Report ---------------------------------------------------------------

2008-07-27 08:15:05 0 d-------- C:\Documents and Settings\Troy\Application Data\uTorrent
2008-07-25 23:35:33 0 d-------- C:\Program Files\lg_fwupdate
2008-07-16 07:58:08 0 d-------- C:\Program Files\World of Warcraft
2008-07-08 05:21:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [04/26/2005 01:22 PM]
"SoundMan"="SOUNDMAN.EXE" [05/17/2005 08:48 PM C:\WINDOWS\SOUNDMAN.EXE]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [03/14/2006 12:06 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [03/30/2008 04:57 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="D:\iTunesHelper.exe" [03/30/2008 10:36 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/30/2003 12:14 AM]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [03/21/2006 01:19 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [12/05/2005 06:04 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/26/2008 08:26 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/14/2004 02:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 10:00 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= D:\DVDREG~1\DVDShell.dll [10/09/2004 02:18 PM 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-07-27 08:23:14 ------------






Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) D CPU 2.66GHz
CPU 1: Intel(R) Pentium(R) D CPU 2.66GHz
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 2047.48 MiB / 1507.09 MiB
Pagefile Memory (total/avail): 3940.41 MiB / 3412.91 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1903.05 MiB

C: is Fixed (NTFS) - 39.07 GiB total, 20.31 GiB free.
D: is Fixed (NTFS) - 147.24 GiB total, 44.46 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - SAMSUNG SP2004C SCSI Disk Device - 186.18 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 39.07 GiB - C:
\PARTITION1 - Installable File System - 147.24 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\iTunes.exe"="D:\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Troy\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Troy
LOGONSERVER=\\COMPUTER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Troy\LOCALS~1\Temp
TMP=C:\DOCUME~1\Troy\LOCALS~1\Temp
USERDOMAIN=COMPUTER
USERNAME=Troy
USERPROFILE=C:\Documents and Settings\Troy
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Troy (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
ConvertXtoDVD 3.0.0.9 --> "D:\convertxtoDVD\unins000.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "D:\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "D:\DVD Shrink\unins000.exe"
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
DVD43 v3.7.0 --> "C:\Program Files\dvd43\unins000.exe"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Enhancement Browser Tools Adsonmedia --> C:\WINDOWS\system32\ozlodntbokvmtnhne.exe
ffdshow [rev 1946] [2008-04-21] --> "C:\Program Files\ffdshow\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
LG ODD Auto Firmware Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly REMOVE
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x9 REMOVE
ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
WinAVI Video Converter 9.0 --> "C:\WINDOWS\WinAVI Video Converter 9.0\uninstall.exe" "/U:C:\Program Files\WinAVI Video Converter 9.0\Uninstall\uninstall.xml"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type632 / Error
Event Submitted/Written: 07/26/2008 11:46:46 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Ad-Aware.exe, version 7.1.0.10, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type612 / Error
Event Submitted/Written: 07/24/2008 10:14:05 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ventrilo.exe, version 3.0.1.0, faulting module unknown, version 0.0.0.0, fault address 0x4b435553.
Processing media-specific event for [ventrilo.exe!ws!]

Event Record #/Type595 / Error
Event Submitted/Written: 07/23/2008 10:07:55 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type594 / Error
Event Submitted/Written: 07/23/2008 10:07:20 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type593 / Error
Event Submitted/Written: 07/23/2008 10:05:16 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application InCDsrv.exe, version 4.3.18.0, faulting module InCDsrv.exe, version 4.3.18.0, fault address 0x000b19d5.
Processing media-specific event for [InCDsrv.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1861465 / Error
Event Submitted/Written: 07/27/2008 08:00:00 AM
Event ID/Source: 7901 / Schedule
Event Description:
The At9.job command failed to start due to the following error:
%%2147942402

Event Record #/Type1861464 / Error
Event Submitted/Written: 07/27/2008 08:00:00 AM
Event ID/Source: 7901 / Schedule
Event Description:
The At57.job command failed to start due to the following error:
%%2147942402

Event Record #/Type1861463 / Error
Event Submitted/Written: 07/27/2008 08:00:00 AM
Event ID/Source: 7901 / Schedule
Event Description:
The At33.job command failed to start due to the following error:
%%2147942402

Event Record #/Type1861462 / Error
Event Submitted/Written: 07/27/2008 07:00:00 AM
Event ID/Source: 7901 / Schedule
Event Description:
The At8.job command failed to start due to the following error:
%%2147942402

Event Record #/Type1861461 / Error
Event Submitted/Written: 07/27/2008 07:00:00 AM
Event ID/Source: 7901 / Schedule
Event Description:
The At56.job command failed to start due to the following error:
%%2147942402



-- End of Deckard's System Scanner: finished at 2008-07-27 08:23:14 ------------
tremma
Active Member
 
Posts: 4
Joined: July 25th, 2008, 1:12 am

Re: Help with adsonmedia pop ups

Unread postby random/random » July 27th, 2008, 7:03 am

  • Download Pocket Killbox by Option^Explicit from here
  • Double-click on Killbox.exe to start Pocket Killbox
  • Select the Delete on reboot option
  • Click on All Files
  • Select the text in the below codebox and press Ctrl+C to copy it to the clipboard
    Code: Select all
    C:\WINDOWS\system32\xitvnymhozzp.dll
    C:\WINDOWS\Tasks\At9.job
    C:\WINDOWS\Tasks\At57.job
    C:\WINDOWS\Tasks\At33.job
    C:\WINDOWS\Tasks\At8.job
    C:\WINDOWS\Tasks\At56.job
    C:\WINDOWS\Tasks\At32.job
    C:\WINDOWS\Tasks\At7.job
    C:\WINDOWS\Tasks\At55.job
    C:\WINDOWS\Tasks\At31.job
    C:\WINDOWS\Tasks\At6.job
    C:\WINDOWS\Tasks\At54.job
    C:\WINDOWS\Tasks\At30.job
    C:\WINDOWS\Tasks\At53.job
    C:\WINDOWS\Tasks\At5.job
    C:\WINDOWS\Tasks\At29.job
    C:\WINDOWS\Tasks\At52.job
    C:\WINDOWS\Tasks\At4.job
    C:\WINDOWS\Tasks\At28.job
    C:\WINDOWS\Tasks\At51.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\At27.job
    C:\WINDOWS\Tasks\At50.job
    C:\WINDOWS\Tasks\At26.job
    C:\WINDOWS\Tasks\At2.job
    C:\WINDOWS\Tasks\At25.job
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Tasks\At49.job
    C:\WINDOWS\Tasks\At68.job
    C:\WINDOWS\Tasks\At44.job
    C:\WINDOWS\Tasks\At20.job
    C:\WINDOWS\Tasks\At67.job
    C:\WINDOWS\Tasks\At43.job
    C:\WINDOWS\Tasks\At19.job
    C:\WINDOWS\Tasks\At60.job
    C:\WINDOWS\Tasks\At36.job
    C:\WINDOWS\Tasks\At12.job
    C:\WINDOWS\Tasks\At59.job
    C:\WINDOWS\Tasks\At35.job
    C:\WINDOWS\Tasks\At11.job
    C:\WINDOWS\Tasks\At58.job
    C:\WINDOWS\Tasks\At34.job
    C:\WINDOWS\Tasks\At10.job
  • Go back to Pocket Killbox and click File > Paste from clipboard
  • Click on the button in Pocket Killbox that looks like thisImage
  • You will now get the prompt Files will be removed on reboot, Do you want reboot now?
  • Click Yes, this will restart your pc
  • Note: If your PC does not restart automatically, please restart it manually

Go to Start > Run... and copy/paste the text below into the Runbox:

Code: Select all
"%userprofile%\desktop\dss.exe" /config


A window will open. Click on Check All, then click Scan!.

When it has finished, Deckard's System Scanner will open two Notepad files: main.txt and extra.txt- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply
User avatar
random/random
Developer
Developer
 
Posts: 7730
Joined: December 18th, 2005, 3:30 pm

Re: Help with adsonmedia pop ups

Unread postby tremma » July 27th, 2008, 6:14 pm

All instructions were followed and here are the two txt's you requested


Deckard's System Scanner v20071014.68
Run by Troy on 2008-07-28 08:11:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
68: 2008-07-26 01:33:53 UTC - RP110 - Deckard's System Scanner Restore Point
67: 2008-07-25 22:26:40 UTC - RP109 - Avg8 Update
66: 2008-07-25 22:17:55 UTC - RP108 - Avg8 Update
65: 2008-07-25 18:29:30 UTC - RP107 - System Checkpoint
64: 2008-07-24 09:27:29 UTC - RP106 - System Checkpoint


-- First Restore Point --
1: 2008-04-28 13:28:35 UTC - RP43 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Troy.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:35 AM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
D:\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Troy\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Troy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dragons.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D5FC114-CEFC-4568-B44C-B152380BA75D}: NameServer = 10.1.1.1,10.1.1.0
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7189 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Video Controller
Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_00191822&REV_05\3&13C0B0C5&0&50
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_00191822&REV_05\3&13C0B0C5&0&50
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_14F1&DEV_8801&SUBSYS_00191822&REV_05\3&13C0B0C5&0&51
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_14F1&DEV_8801&SUBSYS_00191822&REV_05\3&13C0B0C5&0&51
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_14F1&DEV_8802&SUBSYS_00191822&REV_05\3&13C0B0C5&0&52
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_14F1&DEV_8802&SUBSYS_00191822&REV_05\3&13C0B0C5&0&52
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_14F1&DEV_8804&SUBSYS_00191822&REV_05\3&13C0B0C5&0&54
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_14F1&DEV_8804&SUBSYS_00191822&REV_05\3&13C0B0C5&0&54
Service:


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\svchost.exe (pid 972)
2007-07-24 15:17:08 147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>

C:\WINDOWS\explorer.exe (pid 1436)
2005-12-19 19:16:10 135168 --a------ C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll <Not Verified; ScanSoft, Inc.; OmniPage>
2004-10-09 14:18:02 49152 --a------ D:\DVD Region+CSS Free\DVDShell.dll <Not Verified; Fengtao Software Inc.; DVD Region-Free - Watch and copy CSS encrypted DVDs from any region!>


-- Scheduled Tasks -------------------------------------------------------------

2008-07-26 11:29:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-28 08:04:52 0 d-------- C:\!KillBox
2008-07-25 14:58:44 0 d-------- C:\Program Files\Trend Micro
2008-07-11 14:05:26 0 d--h----- C:\$AVG8.VAULT$
2008-07-08 05:21:55 0 d-------- C:\Program Files\Lavasoft
2008-07-08 05:21:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-08 04:49:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-08 04:49:03 0 d-------- C:\Program Files\AVG
2008-07-08 04:49:03 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-08 04:46:05 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-07 20:00:26 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-07-07 20:00:26 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-07-07 20:00:12 0 dr------- C:\Documents and Settings\NetworkService\Favorites


-- Find3M Report ---------------------------------------------------------------

2008-07-28 08:09:44 0 d-------- C:\Program Files\lg_fwupdate
2008-07-27 08:45:56 0 d-------- C:\Documents and Settings\Troy\Application Data\uTorrent
2008-07-16 07:58:08 0 d-------- C:\Program Files\World of Warcraft
2008-07-08 05:21:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-27 08:32:01 0 d-------- C:\Program Files\dvd43


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [04/26/2005 01:22 PM]
"SoundMan"="SOUNDMAN.EXE" [05/17/2005 08:48 PM C:\WINDOWS\SOUNDMAN.EXE]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [03/14/2006 12:06 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [03/30/2008 04:57 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="D:\iTunesHelper.exe" [03/30/2008 10:36 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/30/2003 12:14 AM]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [03/21/2006 01:19 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [12/05/2005 06:04 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/26/2008 08:26 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/14/2004 02:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 10:00 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= D:\DVDREG~1\DVDShell.dll [10/09/2004 02:18 PM 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-07-28 08:12:31 ------------






Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) D CPU 2.66GHz
CPU 1: Intel(R) Pentium(R) D CPU 2.66GHz
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 2047.48 MiB / 1570.36 MiB
Pagefile Memory (total/avail): 3940.41 MiB / 3570.81 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.05 MiB

C: is Fixed (NTFS) - 39.07 GiB total, 20.3 GiB free.
D: is Fixed (NTFS) - 147.24 GiB total, 44.46 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - SAMSUNG SP2004C SCSI Disk Device - 186.18 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 39.07 GiB - C:
\PARTITION1 - Installable File System - 147.24 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\iTunes.exe"="D:\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Troy\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Troy
LOGONSERVER=\\COMPUTER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Troy\LOCALS~1\Temp
TMP=C:\DOCUME~1\Troy\LOCALS~1\Temp
USERDOMAIN=COMPUTER
USERNAME=Troy
USERPROFILE=C:\Documents and Settings\Troy
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Troy (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
ConvertXtoDVD 3.0.0.9 --> "D:\convertxtoDVD\unins000.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "D:\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "D:\DVD Shrink\unins000.exe"
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
DVD43 v3.7.0 --> "C:\Program Files\dvd43\unins000.exe"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Enhancement Browser Tools Adsonmedia --> C:\WINDOWS\system32\ozlodntbokvmtnhne.exe
ffdshow [rev 1946] [2008-04-21] --> "C:\Program Files\ffdshow\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
LG ODD Auto Firmware Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly REMOVE
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x9 REMOVE
ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
WinAVI Video Converter 9.0 --> "C:\WINDOWS\WinAVI Video Converter 9.0\uninstall.exe" "/U:C:\Program Files\WinAVI Video Converter 9.0\Uninstall\uninstall.xml"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type632 / Error
Event Submitted/Written: 07/26/2008 11:46:46 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Ad-Aware.exe, version 7.1.0.10, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type612 / Error
Event Submitted/Written: 07/24/2008 10:14:05 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ventrilo.exe, version 3.0.1.0, faulting module unknown, version 0.0.0.0, fault address 0x4b435553.
Processing media-specific event for [ventrilo.exe!ws!]

Event Record #/Type595 / Error
Event Submitted/Written: 07/23/2008 10:07:55 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type594 / Error
Event Submitted/Written: 07/23/2008 10:07:20 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type593 / Error
Event Submitted/Written: 07/23/2008 10:05:16 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application InCDsrv.exe, version 4.3.18.0, faulting module InCDsrv.exe, version 4.3.18.0, fault address 0x000b19d5.
Processing media-specific event for [InCDsrv.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1861551 / Error
Event Submitted/Written: 07/28/2008 08:01:50 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type1861550 / Error
Event Submitted/Written: 07/28/2008 08:01:50 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type1861529 / Error
Event Submitted/Written: 07/28/2008 08:00:00 AM
Event ID/Source: 7901 / Schedule
Event Description:
The At9.job command failed to start due to the following error:
%%2147942402

Event Record #/Type1861528 / Error
Event Submitted/Written: 07/28/2008 08:00:00 AM
Event ID/Source: 7901 / Schedule
Event Description:
The At57.job command failed to start due to the following error:
%%2147942402

Event Record #/Type1861527 / Error
Event Submitted/Written: 07/28/2008 08:00:00 AM
Event ID/Source: 7901 / Schedule
Event Description:
The At33.job command failed to start due to the following error:
%%2147942402



-- End of Deckard's System Scanner: finished at 2008-07-28 08:12:31 ------------
tremma
Active Member
 
Posts: 4
Joined: July 25th, 2008, 1:12 am

Re: Help with adsonmedia pop ups

Unread postby random/random » July 28th, 2008, 9:06 am

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with a new HijackThis log and a description of any remaining problems.
User avatar
random/random
Developer
Developer
 
Posts: 7730
Joined: December 18th, 2005, 3:30 pm

Re: Help with adsonmedia pop ups

Unread postby random/random » August 5th, 2008, 4:19 pm

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
random/random
Developer
Developer
 
Posts: 7730
Joined: December 18th, 2005, 3:30 pm
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware