Hello Snowhite
thanks for your prompt reply...
Please find Main.txt log from DSS....followed by extra.txt.
Since initial post I have run AVG again and the worm.aimven was back along with Zedo and Mediaplex. A lot of the pop ups have a Zedo prefix in the URL.
Downloader came back again but NAV (in whatever state it is in) claims to have dealt with it.
Am also getting pop up messages from Spybot asking permission to accept modification of files/registries.
I have latest version of Hijackthis in it's own folder.
Hope all this assists
Many thanks
'Stacks
Deckard's System Scanner v20071014.68
Run by Dave on 2007-11-07 13:24:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 3 Restore Point(s) --
3: 2007-11-07 13:24:41 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2007-11-06 19:42:47 UTC - RP2 - Removed Ad-Aware 2007
1: 2007-11-06 17:24:43 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Dave.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:05, on 07/11/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
D:\WINDOWS\system32\crypserv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
D:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
D:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe
D:\WINDOWS\System32\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Winamp\Winampa.exe
D:\WINDOWS\Mixer.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\WINDOWS\System32\wuauclt.exe
D:\Documents and Settings\Dave\Desktop\dss.exe
D:\Program Files\Messenger\msmsgs.exe
D:\PROGRA~1\HIJACK~1\Dave.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.nofrontteeth.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - D:\WINDOWS\system32\hggdecd.dll
O2 - BHO: (no name) - {7CAFBD4F-D00F-4B75-8828-0D5F91BA0F7D} - D:\WINDOWS\System32\tuvtt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\windows\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [HPWPTOOLBOX] D:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe "-i"
O4 - HKLM\..\Run: [QuickTime Task] D:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] D:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "D:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [hp Update 2100C] c:\sj644\hpupdate.exe
O4 - HKLM\..\Run: [FileFreedom] C:\Program Files\FileFreedom\filefreedom.exe
O4 - HKLM\..\Run: [DownloadAccelerator] D:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] File "d:\program files\common files\roxio shared\system\directcd.exe"" does not exist.
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [8cfd7076] rundll32.exe "D:\WINDOWS\System32\glaohtee.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security2.norton.com/SSC/SharedC ... vSniff.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
http://security2.norton.com/SSC/SharedC ... /cabsa.cab
O20 - Winlogon Notify: hggdecd - D:\WINDOWS\SYSTEM32\hggdecd.dll
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - D:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11139 bytes
-- File Associations -----------------------------------------------------------
.js - JSFile - DefaultIcon - D:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "D:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"
.scr - AutoCADScriptFile - shell\open\command - "D:\WINDOWS\System32\notepad.exe" "%1"
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 NetworkX - d:\windows\system32\ckldrv.sys
R1 SCDEmu - d:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 tvtool - d:\program files\tvtool 6.0\tvtool.sys
R2 SqtechUsb (SCAN05C/D USB Driver) - d:\windows\system32\drivers\fusb100.sys <Not Verified; Service & Quality Technology; Fusb100.sys>
R3 cmpci (C-Media PCI Audio Driver (WDM)) - d:\windows\system32\drivers\cmaudio.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
S2 LXARScan (Lexmark X73 MFP Scanner) - d:\windows\system32\drivers\lxarscan.sys (file missing)
S3 alcan5wn (Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - d:\windows\system32\drivers\alcan5wn.sys <Not Verified; Alcatel Bell; Alcatel USB ADSL NDIS WAN Miniport driver>
S3 alcaudsl (Alcatel Speed Touch ADSL Modem ATM Transport) - d:\windows\system32\drivers\alcaudsl.sys <Not Verified; Alcatel Bell; Alcatel Speed Touch USB ADSL Modem>
S3 C-Dilla - d:\windows\system32\drivers\cdant.sys <Not Verified; Macrovision; Licence Management System>
S3 STV674 (Xtra Digital Camera) - d:\windows\system32\drivers\stv674.sys (file missing)
S3 STV674m (Xtra Digital Cameram) - d:\windows\system32\drivers\stv674m.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 C-DillaSrv - d:\windows\system32\drivers\cdantsrv.exe <Not Verified; C-Dilla Ltd; CD-Secure/CD-Compress Windows NT>
R2 Crypkey License - crypserv.exe <Not Verified; Kenonic Controls Ltd.; CrypKey Software Licensing System>
S2 CLTNetCnService (Symantec Lic NetConnect service) - "d:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: USB Scanner
Device ID: ROOT\IMAGE\0000
Manufacturer: UMAX #0050
Name: USB Scanner
PNP Device ID: ROOT\IMAGE\0000
Service: SqtechUsb
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Parallel Device
Device ID: ROOT\LEGACY_HPFECP14\0000
Manufacturer:
Name: Parallel Device
PNP Device ID: ROOT\LEGACY_HPFECP14\0000
Service: HPFECP14
-- Scheduled Tasks -------------------------------------------------------------
2007-11-06 18:15:44 506 --a------ D:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job
2007-11-02 20:00:02 544 --a------ D:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Dave.job
-- Files created between 2007-10-07 and 2007-11-07 -----------------------------
2100-02-23 14:35:34 768 --a------ D:\Program Files\x73_lut.dat
2100-02-08 16:03:54 53248 --a------ D:\Program Files\ACMonitor_X73.exe <Not Verified; Silitek Corp.; ACMonitor>
2007-11-07 13:19:18 86080 --a------ D:\WINDOWS\System32\glaohtee.dll
2007-11-07 13:16:20 79936 --a------ D:\WINDOWS\System32\hupgnhej.dll
2007-11-07 07:03:21 0 d-------- D:\Documents and Settings\Elaine\Application Data\Grisoft
2007-11-06 23:38:54 327257 ---hs---- D:\WINDOWS\System32\ttvut.ini2
2007-11-06 22:31:06 0 d-------- D:\Documents and Settings\Dave\Application Data\Grisoft
2007-11-06 22:30:37 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-11-06 19:11:17 0 d-------- D:\Documents and Settings\Dave\Application Data\Lavasoft
2007-11-06 18:15:28 0 d-------- D:\Documents and Settings\Dave\Application Data\AntiSpyware
2007-11-06 13:11:21 87104 -----n--- D:\WINDOWS\System32\jdbhvjyf.dll
2007-11-06 13:08:23 81472 --a------ D:\WINDOWS\System32\oekqvfgw.dll
2007-11-06 13:08:19 8284 --a------ D:\WINDOWS\System32\wwnibtem.dll
2007-11-06 13:05:36 294621 ---hs---- D:\WINDOWS\System32\ttvut.bak2
2007-11-06 11:28:06 0 d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2007-11-05 22:24:57 83008 --a------ D:\WINDOWS\System32\hspagswb.dll
2007-11-05 18:52:40 6505 ---hs---- D:\WINDOWS\System32\ttvut.bak1
2007-11-05 18:52:15 320608 --a------ D:\WINDOWS\System32\tuvtt.dll
2007-11-05 10:24:07 0 d--h----- D:\Program Files\ApplePie
2007-11-05 10:24:05 145929 --a------ D:\WINDOWS\System32\sysdl132.exe
2007-11-05 10:04:15 36352 --a------ D:\WINDOWS\System32\hggdecd.dll
-- Find3M Report ---------------------------------------------------------------
2007-09-05 12:27:08 7932090 --a------ D:\DWG2PDF.exe <Not Verified; AutoDWG; AutoDWG DWG2PDF Converter>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]
05/11/2007 10:04 36352 --a------ D:\WINDOWS\system32\hggdecd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CAFBD4F-D00F-4B75-8828-0D5F91BA0F7D}]
05/11/2007 18:52 320608 --a------ D:\WINDOWS\System32\tuvtt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" []
"NeroCheck"="D:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"PrinTray"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" []
"Lexmark X1100 Series"="D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [19/08/2003 14:43]
"HPWPTOOLBOX"="D:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe" [21/10/2004 03:31]
"QuickTime Task"="D:\WINDOWS\System32\qttask.exe" [23/04/2002 15:26]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [30/10/2006 09:36]
"PWRISOVM.EXE"="D:\Program Files\PowerISO\PWRISOVM.EXE" [18/03/2006 02:24]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [22/01/2007 22:19]
"SSC_UserPrompt"="D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [03/11/2004 00:59]
"NAV CfgWiz"="D:\Program Files\Common Files\Symantec Shared\SymProbe.exe" []
"Symantec PIF AlertEng"="D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 18:30]
"WinampAgent"="D:\Program Files\Winamp\Winampa.exe" [13/12/2003 01:50]
"SpeedTouch USB Diagnostics"="D:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" []
"RealTray"="D:\Program Files\Real\RealPlayer\realplay.exe" [05/01/2005 22:55]
"NAV Agent"="D:\PROGRA~1\NORTON~1\navapw32.exe" [21/04/2003 01:02]
"hp Update 2100C"="c:\sj644\hpupdate.exe" [24/01/2002 16:24]
"FileFreedom"="C:\Program Files\FileFreedom\filefreedom.exe" [22/02/2002 01:08]
"DownloadAccelerator"="D:\PROGRA~1\DAP\DAP.exe" []
"C-Media Mixer"="Mixer.exe" [30/04/2001 15:55 D:\WINDOWS\mixer.exe]
"AdaptecDirectCD"="File d:\program files\common files\roxio shared\system\directcd.exe" []
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/01/2005 22:55]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 09:25]
"8cfd7076"="D:\WINDOWS\System32\glaohtee.dll" [07/11/2007 13:19]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\System32\ctfmon.exe" [23/08/2001 12:00]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [23/06/2007 09:08]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 16:46]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=D:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [13/07/2003 18:03:35]
Image Transfer.lnk - D:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [30/05/2004 16:51:45]
AutoCAD Startup Accelerator.lnk - D:\Program Files\Common Files\Autodesk Shared\acstart16.exe [05/03/2005 14:18:22]
WinZip Quick Pick.lnk - D:\Program Files\WinZip\WZQKPICK.EXE [21/02/2002 21:08:51]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{ED0ACB58-556F-21DA-DDFE-6D20F3F611BB}"= D:\WINDOWS\system32\kb1ss1p.dll [01/01/1999 00:01 36864]
"{634BBAB7-3F60-4426-944F-A62B9007F67F}"= D:\WINDOWS\system32\hggdecd.dll [05/11/2007 10:04 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggdecd]
hggdecd.dll 05/11/2007 10:04 36352 D:\WINDOWS\system32\hggdecd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 D:\WINDOWS\System32\tuvtt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Offers]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WNAD]
-- End of Deckard's System Scanner: finished at 2007-11-07 13:27:00 ------------
-------------------------------------------------------------------------
eckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600)
Architecture: X86; Language: English
CPU 0: AMD Athlon(TM)Processor
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 511.47 MiB / 178.4 MiB
Pagefile Memory (total/avail): 1251.1 MiB / 857.17 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1949.22 MiB
A: is Removable (No Media)
C: is Fixed (FAT32) - 9.76 GiB total, 7.08 GiB free.
D: is Fixed (FAT32) - 14.63 GiB total, 6.16 GiB free.
E: is Fixed (FAT32) - 6.82 GiB total, 1.8 GiB free.
F: is Fixed (FAT32) - 6.9 GiB total, 6.87 GiB free.
G: is CDROM (No Media)
H: is CDROM (CDFS)
I: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - Maxtor 4D040H2 - 38.16 GiB - 4 partitions
\PARTITION0 (bootable) - Unknown - 9.77 GiB - C:
\PARTITION1 - Unknown - 14.65 GiB - D:
\PARTITION2 - Unknown - 6.83 GiB - E:
\PARTITION3 - Unknown - 6.91 GiB - F:
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=D:\Documents and Settings\All Users.WINDOWS
APPDATA=D:\Documents and Settings\Dave\Application Data
CLASSPATH=.;D:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=JOLLY1
ComSpec=D:\WINDOWS\system32\cmd.exe
HOMEDRIVE=D:
HOMEPATH=\
KENNUNG=123
KUNDEN_KENNUNG=123
LOGONSERVER=\\JOLLY1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\System32\Wbem;D:\PROGRA~1\COMMON~1\AUTODE~1;D:\PROGRA~1\COMMON~1\ROXIOS~1\DLLSHA~1;D:\WPAT;D:\Program Files\QuickTime\QTSystem\;D:\Program Files\Common Files\Autodesk Shared\;D:\Program Files\Internet Explorer;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 4 Stepping 4, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0404
ProgramFiles=D:\Program Files
PROMPT=$P$G
PS5ROOT=D:\Program Files\Roxio\Easy CD Creator 6\PhotoSuite\
QTJAVA=D:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
STATIONS_NUMMER=11
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\Dave\LOCALS~1\Temp
TMP=D:\DOCUME~1\Dave\LOCALS~1\Temp
USERDOMAIN=JOLLY1
USERNAME=Dave
USERPROFILE=D:\Documents and Settings\Dave
windir=D:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Dave
(admin)
Elaine
(admin)
Administrator
(new local, admin)
-- Add/Remove Programs ---------------------------------------------------------
AVG Anti-Spyware 7.5 --> D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
HijackThis 2.0.2 --> "D:\Program Files\Hijackthis\HijackThis.exe" /uninstall
-- Application Event Log -------------------------------------------------------
Event Record #/Type8630 / Error
Event Submitted/Written: 11/07/2007 01:20:55 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2600.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type8590 / Error
Event Submitted/Written: 11/07/2007 10:03:41 AM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error
Initialization of the COM subsystem failed. Error code: 0x8007041D
Event Record #/Type8568 / Error
Event Submitted/Written: 11/07/2007 08:39:58 AM
Event ID/Source: 48 / NSCService
Event Description:
Failed to create the COM Module!
Event Record #/Type8535 / Error
Event Submitted/Written: 11/07/2007 01:06:24 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2600.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type8534 / Error
Event Submitted/Written: 11/07/2007 01:04:18 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2600.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type125218 / Error
Event Submitted/Written: 11/07/2007 11:41:00 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 119 minutes.
NtpClient has no source of accurate time.
Event Record #/Type125217 / Error
Event Submitted/Written: 11/07/2007 11:41:00 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
Event Record #/Type125181 / Error
Event Submitted/Written: 11/07/2007 10:40:59 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.
Event Record #/Type125180 / Error
Event Submitted/Written: 11/07/2007 10:40:59 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
Event Record #/Type125161 / Error
Event Submitted/Written: 11/07/2007 10:10:58 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.
-- End of Deckard's System Scanner: finished at 2007-11-07 13:27:00 ------------