Please Help Me For The Third Time![INACTIVE]

[francis]

Hi BT

This is the third time i have posted this log file and no one has helped me.

Please can someone help me ASAP.

Here is a highjackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:28:21 AM, on 2008/08/04

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATKOSD2\ATKOSD2.exe

C:\Program Files\ATK Hotkey\Hcontrol.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\WINDOWS\system32\ASUSTPE.exe

C:\WINDOWS\ASScrPro.exe

C:\Program Files\Atheros\ACU.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\WINDOWS\system32\ctfmon.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\PVSW\bin\w3dbsmgr.exe

C:\Program Files\ATK Hotkey\ATKOSD.exe

C:\Program Files\ATK Hotkey\KBFiltr.exe

C:\Program Files\ATK Hotkey\WDC.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\StkCSrv.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AdvancedTool - {6C4ECE5C-7CB8-36C5-6F3B-D414CE8F8E22} - C:\Program Files\AdvancedTool\AdvancedTool-2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"

O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"

O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"

O4 - HKLM\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe

O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe

O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WHITNEY_S2P] C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')

O4 - Startup: CCC.lnk = ?

O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\bin\w3dbsmgr.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

--

End of file - 8799 bytes

Regards,

Francis

[sarahw]

Hi,

Welcome to the site

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

I want you to show hidden files. There are instructions HERE to help you do this.

You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time.

Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.

These instructions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat.

[sarahw]

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform full scan (Full scan is optional. According to the program's creator Quick Scan will do just fine.).

Click Scan.

When the scan is complete, click OK, then Show Results to view the results.

If Malware is found...

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad.

Please save it to your desktop.

NOTE: Logs can be retrieved at a later date from the Malwarebytes' Anti-Malware main screen:

Launch Malwarebytes' Anti-Malware.

Click the Logs tab.

Double-click log-mm.dd.yyyy [xxxxxx].txt.

In your next reply post the Malwarebytes' Anti-Malware log.

Click HERE and run an online scan with Kaspersky WebScanner

• Click on Kaspersky Online Scanner
  
• You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
    
  • Once the files have been downloaded click on NEXT
    
  • Now click on Scan Settings
    
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
      
    • Scan Options:
      Scan Archives
      Scan Mail Bases
      

  [*]Click OK

  [*]Now under select a target to scan:

  • Select My Computer
    

  [*]This will program will start and scan your system.

  [*]The scan will take a while so be patient and let it run.

  [*]Once the scan is complete it will display if your system has been infected.

  • Now click on the Save as Text button:
    

  [*]Save the file to your desktop.

  [*]Copy and paste that information into your next post.

[francis]

Hi Thanks so much for your reply.

Malwarebytes log follows:

Malwarebytes' Anti-Malware 1.24

Database version: 1027

Windows 5.1.2600 Service Pack 3

10:25:21 PM 2008/08/05

mbam-log-8-5-2008 (22-25-21).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 110029

Time elapsed: 19 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Dialtech\My Documents\PLAY_MP3.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Dialtech\My Documents\RegCure\patch.eXe (Trojan.Downloader) -> Quarantined and deleted successfully.

And online Kaspersky log follows

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Wednesday, August 6, 2008

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Wednesday, August 06, 2008 04:38:14

Records in database: 1059544

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

F:\

Scan statistics:

Files scanned: 76275

Threat name: 5

Infected objects: 13

Suspicious objects: 0

Duration of the scan: 01:05:00

File name / Threat name / Threats count

C:\Program Files\AdvancedTool\AdvancedTool-2.dll/C:\Program Files\AdvancedTool\AdvancedTool-2.dll Infected: not-a-virus:AdWare.Win32.Agent.duy 1

C:\Documents and Settings\Dialtech\Local Settings\Temp\tem37.tmp.exe Infected: not-a-virus:AdWare.Win32.Agent.duy 1

C:\Documents and Settings\Dialtech\Local Settings\Temp\upd5.tmp.exe Infected: not-a-virus:AdWare.Win32.Agent.duy 1

C:\Documents and Settings\Dialtech\My Documents\Call Manager\CMSi.msi Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 2

C:\Documents and Settings\Dialtech\My Documents\Music Downloads\faulty towers other.mpg Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\Documents and Settings\Dialtech\My Documents\Music Downloads\faulty towers.zip Infected: not-a-virus:AdWare.Win32.Agent.dva 1

C:\Documents and Settings\Dialtech\My Documents\Incomplete\T-5745425-faulty towers.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\Program Files\AdvancedTool\AdvancedTool-2.dll Infected: not-a-virus:AdWare.Win32.Agent.duy 1

C:\System Volume Information\_restore{1CE13E1E-B44A-480C-A018-0CA155F769B9}\RP158\A0017580.dll Infected: not-a-virus:AdWare.Win32.Agent.duy 1

C:\QooBox\Quarantine\C\Program Files\InternetSoftware\InternetSoftware-1.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.bjb 1

C:\QooBox\Quarantine\C\Program Files\InternetSoftware\InternetSoftware-2.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.bjb 1

C:\QooBox\Quarantine\C\Documents and Settings\Dialtech\My Documents\Music Downloads\wheeping josh groban.mp3.vir Infected: Trojan-Downloader.WMA.Wimad.n 1

The selected area was scanned.

Thanks

I wait for your reply

Francis

[sarahw]

Can you uninstall this program:

AdvancedTool

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  C:\Documents and Settings\Dialtech\Local Settings\Temp\tem37.tmp.exe
  C:\Documents and Settings\Dialtech\Local Settings\Temp\upd5.tmp.exe
  C:\Documents and Settings\Dialtech\My Documents\Call Manager\CMSi.msi
  C:\Documents and Settings\Dialtech\My Documents\Music Downloads\faulty towers other.mpg
  C:\Documents and Settings\Dialtech\My Documents\Music Downloads\faulty towers.zip
  C:\Documents and Settings\Dialtech\My Documents\Incomplete\T-5745425-faulty towers.mp3

  
  

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  
• Click the red Moveit! button.
  
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  
• Close OTMoveIt2
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
  
• Double-click on dss.exe and follow the prompts.
  
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
  

[francis]

Hi There

OTmoveit2 Log file as follows:

C:\Documents and Settings\Dialtech\Local Settings\Temp\tem37.tmp.exe moved successfully.

C:\Documents and Settings\Dialtech\Local Settings\Temp\upd5.tmp.exe moved successfully.

C:\Documents and Settings\Dialtech\My Documents\Call Manager\CMSi.msi moved successfully.

C:\Documents and Settings\Dialtech\My Documents\Music Downloads\faulty towers other.mpg moved successfully.

C:\Documents and Settings\Dialtech\My Documents\Music Downloads\faulty towers.zip moved successfully.

C:\Documents and Settings\Dialtech\My Documents\Incomplete\T-5745425-faulty towers.mp3 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08082008_082430

Main.txt log:

Deckard's System Scanner v20071014.68

Run by Dialtech on 2008-08-08 08:31:03

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --

28: 2008-08-08 06:31:08 UTC - RP167 - Deckard's System Scanner Restore Point

27: 2008-08-07 06:38:17 UTC - RP166 - System Checkpoint

26: 2008-08-05 14:06:14 UTC - RP165 - System Checkpoint

25: 2008-08-01 15:31:56 UTC - RP164 - System Checkpoint

24: 2008-07-31 12:04:26 UTC - RP163 - Uniblue RegistryBooster

-- First Restore Point --

1: 2008-07-07 15:17:23 UTC - RP140 - Francis July

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Dialtech.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:32:30 AM, on 2008/08/08

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATKOSD2\ATKOSD2.exe

C:\Program Files\ATK Hotkey\Hcontrol.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\ATK Hotkey\ATKOSD.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ASUSTPE.exe

C:\Program Files\ATK Hotkey\KBFiltr.exe

C:\WINDOWS\System32\StkCSrv.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\Program Files\ATK Hotkey\WDC.exe

C:\WINDOWS\ASScrPro.exe

C:\Program Files\Atheros\ACU.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\PVSW\bin\w3dbsmgr.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Documents and Settings\Dialtech\Desktop\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Dialtech.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"

O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"

O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"

O4 - HKLM\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe

O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe

O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WHITNEY_S2P] C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')

O4 - Startup: CCC.lnk = ?

O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\bin\w3dbsmgr.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

--

End of file - 8771 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*

.reg - regfile - shell\open\command - regedit.exe "%1" %*

.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S2 DgiVecp - c:\windows\system32\drivers\dgivecp.sys <Not Verified; DeviceGuys, Inc.; DeviceGuys, Inc. Team MFP for Windows NT, 9x, and 3.1>

S2 SSPORT - c:\windows\system32\drivers\ssport.sys (file missing)

S3 catchme - c:\combofix\catchme.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe <Not Verified; Atheros; Atheros Configuration Service (ACS)>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-06-26 03:00:02 482 --a------ C:\WINDOWS\Tasks\RegCure.job

-- Files created between 2008-07-08 and 2008-08-08 -----------------------------

2008-08-05 22:02:19 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-07-31 14:02:47 0 d-------- C:\Documents and Settings\Dialtech\Application Data\Uniblue

2008-07-23 18:14:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

2008-07-23 18:08:38 0 d-------- C:\Program Files\Windows Media Connect 2

2008-07-23 18:07:13 0 d-------- C:\WINDOWS\system32\LogFiles

2008-07-23 18:07:13 0 d-------- C:\WINDOWS\system32\drivers\UMDF

2008-07-23 18:06:38 0 d-------- C:\504cd8bd088c3e14a0

2008-07-23 17:25:51 0 d-------- C:\Program Files\AdvancedTool

2008-07-21 17:59:32 0 d-------- C:\WINDOWS\Prefetch

2008-07-21 17:51:05 0 d-------- C:\WINDOWS\system32\scripting

2008-07-21 17:51:04 0 d-------- C:\WINDOWS\system32\en

2008-07-21 17:51:04 0 d-------- C:\WINDOWS\l2schemas

2008-07-21 17:51:03 0 d-------- C:\WINDOWS\system32\bits

2008-07-21 17:48:30 0 d-------- C:\WINDOWS\ServicePackFiles

-- Find3M Report ---------------------------------------------------------------

2008-08-05 17:34:44 290912 --a------ C:\WINDOWS\xcopy.bin

2008-07-06 10:23:52 0 d-------- C:\Documents and Settings\Dialtech\Application Data\Malwarebytes

2008-06-23 18:54:32 0 d-------- C:\Program Files\Trend Micro

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATKOSD2"="C:\Program Files\ATKOSD2\ATKOSD2.exe" [2007/07/03 10:48 AM]

"ATKHOTKEY"="C:\Program Files\ATK Hotkey\Hcontrol.exe" [2007/07/12 10:25 AM]

"RTHDCPL"="RTHDCPL.EXE" [2006/10/30 12:49 PM C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006/05/16 11:04 AM C:\WINDOWS\SkyTel.exe]

"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006/11/02 08:27 AM]

"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2007/07/19 03:41 PM]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006/05/25 01:02 PM]

"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2007/07/10 10:59 AM]

"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006/01/03 03:14 AM]

"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006/11/22 10:31 AM]

"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006/07/26 06:01 PM]

"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2007/07/05 04:53 PM]

"ASUSTPE"="C:\WINDOWS\system32\ASUSTPE.exe" [2007/01/16 04:13 PM]

"ASUS Camera ScreenSaver"="C:\WINDOWS\ASScrProlog.exe" [2008/02/24 10:10 PM]

"ASUS Screen Saver Protector"="C:\WINDOWS\ASScrPro.exe" [2008/02/24 10:10 PM]

"ACU"="C:\Program Files\Atheros\ACU.exe" [2007/05/03 05:42 PM]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008/06/27 07:13 PM]

"WHITNEY_S2P"="C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2006/03/27 08:35 AM]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008/01/11 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006/11/10 12:35 PM]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008/04/14 05:42 AM]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006/11/13 01:39 PM]

"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

"@"="" []

C:\Documents and Settings\Dialtech\Start Menu\Programs\Startup\

CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006/09/29 09:57:36 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Pervasive.SQL Workgroup Engine.lnk - C:\PVSW\bin\w3dbsmgr.exe [2007/04/15 01:43:14 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=0 (0x0)

"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=0 (0x0)

"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

eapsvcs eaphost

dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

napagent

hkmsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a74fad96-0edc-11dd-8883-001d60b07209}]

Auto\command- driver.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL driver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb

-- End of Deckard's System Scanner: finished at 2008-08-08 08:33:25 ------------

extra.txt log:

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0

Architecture: X86; Language: English

CPU 0: Intel® Pentium® Dual CPU T2330 @ 1.60GHz

Percentage of Memory in Use: 49%

Physical Memory (total/avail): 895.17 MiB / 456.21 MiB

Pagefile Memory (total/avail): 2168.54 MiB / 1744.59 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1908.09 MiB

C: is Fixed (FAT32) - 42.37 GiB total, 27.31 GiB free.

D: is Fixed (FAT32) - 28.23 GiB total, 28.23 GiB free.

E: is CDROM (No Media)

F: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541680J9SA00 - 74.53 GiB - 3 partitions

\PARTITION0 - Unknown - 3.91 GiB

\PARTITION1 (bootable) - Unknown - 42.38 GiB - C:

\PARTITION2 - Extended w/Extended Int 13 - 28.24 GiB - D:

\\.\PHYSICALDRIVE1 - Generic-xD/SDMMC/MS/Pro USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Dialtech\Application Data

CLASSPATH=C:\PVSW\bin\pvjdbc2x.jar;C:\PVSW\bin\pvjdbc2.jar;C:\PVSW\bin\jpscs.jar

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=FRANCIS

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Dialtech

LOGONSERVER=\\FRANCIS

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\PVSW\bin;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0f0d

ProgramFiles=C:\Program Files

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Dialtech\LOCALS~1\Temp

TMP=C:\DOCUME~1\Dialtech\LOCALS~1\Temp

USERDOMAIN=FRANCIS

USERNAME=Dialtech

USERPROFILE=C:\Documents and Settings\Dialtech

VSL=C:\PVSW\\bin

windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Dialtech (admin)

Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5689AA5-C9EC-4CF6-86D0-208170E07865}\Setup.exe"

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B60D3A4E-B4F1-4B27-981D-11070553ED61}\Setup.exe"

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1B56A46-976C-44A8-AFE4-2ED9FE7F06A7}\Setup.exe"

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{141B185B-6035-419C-97E5-C06AE9BCA2B8}\Setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{932D1E32-BEFA-4D68-9B83-DFB96A42556D}\Setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{953F45F6-BF1B-437B-AED8-30ED4F4047B8}\Setup.exe" -l0x9

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Adobe Reader 8.1.2 Security Update 1 (KB403742) -->

ASUS InstantFun --> MsiExec.exe /I{57B15AD4-8C9D-4164-82BB-E33D8644E757}

ASUS Live Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe" -l0x9

ASUS Splendid Video Enhancement Technology --> C:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe -runfromtemp -l0x0009 -removeonly

ASUS Touch Pad Extra --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB891739-2EB3-45A8-9CBD-941C255CECD4}\SETUP.EXE" -l0x9

Asus_Camera_ScreenSaver --> "C:\WINDOWS\ASUS Camera ScreenSaver Uninstaller.exe"

Atheros Client Installation Program --> C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\SETUP.exe -runfromtemp -l0x0009 -removeonly

ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6d65

ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}

ATK Hotkey --> C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.exe -runfromtemp -l0x0009 -removeonly

ATK Media --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\SETUP.EXE" -l0x9

ATKOSD2 --> C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.exe -runfromtemp -l0x0009 -removeonly

AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL

Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

High Definition Audio Driver Package - KB888111 -->

HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Installation_Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DB7A1C6-309D-436D-B4C1-23FE2961EE3C}\Setup.exe"

Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}

Lantronix DeviceInstaller --> MsiExec.exe /I{D1E5C933-9522-44B0-BC17-D24A778C6C9A}

LifeFrame2 --> MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}

Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Motorola SM56 Speakerphone Modem --> rundll32.exe sm56co6a.dll,SM56UnInstaller

MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

NB Probe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\SETUP.EXE" -l0x9

NoAdware v5.0 --> "C:\Program Files\NoAdware5.0\unins000.exe"

OfficeServ Manager Launch Pad Uninstall --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{514BC368-5859-4022-8FBC-3F8EDF374D73}\setup.exe" -l0x9

Pastel Xpress 2007 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{077E0FF9-CC35-435C-B946-DEA4009439FA}

Pervasive System Analyzer --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Common Files\Pervasive Software Shared\PSA\psa.isu"

Pervasive.SQL 9.60 Workgroup for Windows --> MsiExec.exe /X{D8C0330E-C815-4C6F-9BFD-0FD570155790}

PL-2303 USB-to-Serial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed

Power4 Gear --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4462AD13-F2AA-4CBD-9F95-293C38EED870}\setup.exe" -l0x9

Readiris Pro 9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CA9D105-113C-11D8-AB3E-000102B0F79A}\setup.exe" -l0x9

Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly

Realtek USB 2.0 Card Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\SETUP.exe" -l0x9 -removeonly

Samsung SCX-4x21 Series --> C:\Program Files\Samsung\Samsung SCX-4x21 Series\Install\Setup.exe /R

Security Update for Step By Step Interactive Training (KB898458) -->

Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

SmarThru 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{90F1943D-EA4A-4460-B59F-30023F3BA69A}\Setup.exe" -l0x9 uninstall -l0009

SmarThru PC Fax --> C:\WINDOWS\prinst.exe /m"Samsung" /u"SmarThru PC Fax"

Spyware Doctor 5.0 --> C:\Program Files\Spyware Doctor\unins000.exe

Striata Reader --> rundll32.exe C:\WINDOWS\keymail.dll,UninstallDll

Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

USB2.0 1.3M WebCam --> C:\WINDOWS\StkUnist.exe

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinFlash --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9

Wireless Console 2 --> C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\SETUP.exe -runfromtemp -l0x0009 -removeonly

Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type1951 / Error

Event Submitted/Written: 07/26/2008 09:16:06 AM

Event ID/Source: 1000 / Application Error

Event Description:

Faulting application iexplore.exe, version 7.0.6000.16674, faulting module advancedtool-2.dll, version 1.0.0.1, fault address 0x0004a49c.

Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type1928 / Error

Event Submitted/Written: 07/23/2008 05:25:55 PM

Event ID/Source: 1002 / Application Hang

Event Description:

Hanging application PLAY_MP3.exe, version 1.0.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1901 / Warning

Event Submitted/Written: 07/21/2008 06:00:29 PM

Event ID/Source: 5603 / WinMgmt

Event Description:

A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Event Record #/Type1900 / Warning

Event Submitted/Written: 07/21/2008 06:00:29 PM

Event ID/Source: 5603 / WinMgmt

Event Description:

A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Event Record #/Type1896 / Warning

Event Submitted/Written: 07/21/2008 05:51:47 PM

Event ID/Source: 63 / WinMgmt

Event Description:

A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type15996 / Error

Event Submitted/Written: 08/08/2008 08:18:28 AM

Event ID/Source: 7000 / Service Control Manager

Event Description:

The DgiVecp service failed to start due to the following error:

%%20

Event Record #/Type15991 / Error

Event Submitted/Written: 08/08/2008 08:18:28 AM

Event ID/Source: 7000 / Service Control Manager

Event Description:

The SSPORT service failed to start due to the following error:

%%2

Event Record #/Type15990 / Error

Event Submitted/Written: 08/08/2008 08:18:28 AM

Event ID/Source: 7000 / Service Control Manager

Event Description:

The DgiVecp service failed to start due to the following error:

%%20

Event Record #/Type15971 / Error

Event Submitted/Written: 08/07/2008 09:29:31 PM

Event ID/Source: 7000 / Service Control Manager

Event Description:

The DgiVecp service failed to start due to the following error:

%%20

Event Record #/Type15967 / Error

Event Submitted/Written: 08/07/2008 09:29:31 PM

Event ID/Source: 7000 / Service Control Manager

Event Description:

The SSPORT service failed to start due to the following error:

%%2

-- End of Deckard's System Scanner: finished at 2008-08-08 08:33:25 ------------

Thanks

Francis

[sarahw]

1.

Updating Java and Clearing Cache

1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
   
2. It will say "Java Plug-in" under the icon.
   Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
   
3. If you are unable to update you can manually update by going here:http://www.java.com/en/download/manual.jsp
   

[*]After the reboot, go back into the Control Panel and double-click the Java Icon.

[*]Under Temporary Internet Files, click the Delete Files button.

[*]There are three options in the window to clear the cache - Leave ALL 3 Checked

• Downloaded Applets
  Downloaded Applications
  Other Files
  

[*]Click OK on Delete Temporary Files Window

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

[*]Click OK to leave the Java Control Panel.

2.

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

3.

Click Start, then Control Panel. Open Add/Remove Programs. Uninstall the following:

Uniblue RegistryBooster 2

Tell me how the computer is running.