# AVG Resident Shield paralysing my PC



## Nokios

Since I started using AVG Free anti-virus v.8, my PC started to slow CONSIDERABLY....especially when I put my mouse cursor on the "Start" button...After a few hours of PC use,it would take minutes for the program list to populate !! This is most marked in branching menus...I have this empty gray rectangle totally paralyzing the PC till it fills..!!

I tried defrag,added RAM,stopped Win Defender,stopped my Mc Afee Firewall...no effect..

The Task manager always shows the criminal process: AVGrsx.exe consuming 98% of CPU for ages !!!

Whenever I deactivate this cursed process,my PC becomes "Superfast"...

Is there a solution without compromising protection??

Please help


----------



## tomdkat

What speed CPU do you have, how much total RAM do you have, and how much free RAM do you have after a fresh system boot?

Peace...


----------



## Nokios

tomdkat said:


> What speed CPU do you have, how much total RAM do you have, and how much free RAM do you have after a fresh system boot?
> 
> Peace...


Sorry I recorded all this in my profile and assumed it would show..

Pentium4,Intel MotherBoard,2GHz Intel processor with 1GB RAM...showing on a fresh system (My video card has its own memory)..


----------



## Cookiegal

It's likely updating on boot up as many programs do by default. You can go Tools - Advanced - Scheduler and set it to update later.


----------



## Nokios

It is not only on boot up...yes update does take a few minutes...but all the time...even 10 or 20 hours after booting...It occurs whenever I click "Start" and point to "All programs" !! but it is much worse after I work with my PC for some time.

Now I am running with it deactivated...Another example: tried to copy a 124MB folder to desktop..it took over 7 min with the shield on!!!

Even with the Resident sh.. deactivated,avgrsx.exe is still here in the processes on task manager ...I also noticed an AVG trojan warning after I downloaded a file from the internet with the shield off !!


----------



## Cookiegal

Sorry, I misunderstood. There may be a conflict with some other program you're running. Did you disable all security programs when installing AVG?

*Click here* to download *HJTsetup.exe*.

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This. 
Continue to click *Next* in the setup dialogue boxes until you get to the *Select Addition Tasks* dialogue.
Put a check by *Create a desktop icon* then click *Next* again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click *Finish* and it will launch Hijack This.
Click on the *Do a system scan and save a log file* button. It will scan and then ask you to save the log.
Click *Save* to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.	
*DO NOT* have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


----------



## Cookiegal

Also, I've edited your post. Please be mindful of your language, even if the words are not totally spelled out.


----------



## Nokios

Hyjack this report:
Logfile of HijackThis v1.99.1
Scan saved at 12:17:40 AM, on 7/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\astsrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\Cfos Speed\spd.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
T:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
d:\Program Files\ProShowGold\ScsiAccess.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Alcohol\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\WebcamMax\CAMTHINS.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
D:\Program Files\Cfos Speed\cFosSpeed.exe
D:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Program Files\PC Auto Shutdown\AutoShutdown.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Windows Defender\MSASCui.exe
T:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\Program Files\ClipCache\clipc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\taskmgr.exe
D:\PROGRAM FILES\MOZILLA\FIREFOX.EXE
D:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
F3 - REG:win.ini: run= 
O1 - Hosts: AmsServer
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Translator - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Dictionaries\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - d:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AtiPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WheelMouse] "C:\Program Files\A4Tech\Mouse\Amoumain.exe"
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] "C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe"
O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\CAMTHINS.exe" /m
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [cFosSpeed] "D:\Program Files\Cfos Speed\cFosSpeed.exe"
O4 - HKLM\..\Run: [Babylon Client] "d:\Program Files\Babylon\Babylon-Pro\Babylon.exe" -AutoStart
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [PDF4 Registry Controller] "D:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [PC Auto Shutdown] D:\Program Files\PC Auto Shutdown\AutoShutdown.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Norton Ghost 12.0] "T:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SRS Audio Sandbox] "D:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: ClipCache Pro.lnk = D:\Program Files\ClipCache\clipc.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Dictionaries\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Translate - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Dictionaries\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Dictionaries\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Customize translation options - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Dictionaries\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - D:\Program Files\Who is\swmsie.exe
O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - D:\Program Files\Who is\swmsie.exe
O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - D:\Program Files\Who is\swmsie.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} (VaxSIPUserAgentCAB Control) - http://www.earthcaller.com/VaxSIPUserAgentCAB.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203026755156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203026725562
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F06FAEB3-5DEC-4500-A85C-9DBC666A3B5B}: NameServer = xxxxxxxxxxx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: prio.dll,C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - D:\Program Files\Cfos Speed\spd.exe" -service (file missing)
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - T:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScsiAccess - Unknown owner - d:\Program Files\ProShowGold\ScsiAccess.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol\Alcohol 120\StarWind\StarWindServiceAE.exe


----------



## Cookiegal

Do you recognize this?

*AmsServer*

Open HijackThis and click on "Config" and then on the "Misc Tools" button. If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section". Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here please.


----------



## Nokios

@promt Professional 7 EFFE Try-Buy
+++ ÇáßÊÇÈ ÇáãÞÏÓ ÈÇááÛÉ ÇáÚÑÈíÉ ÇáÇÕÏÇÑ ÇáËÇäì æÇáÓäßÓÇÑ +++
1998 Grolier Multimedia Encyclopedia
1999 World Book (International)
3D SexVilla
3DVIA Player 4.1
abrViewer.NET v2
Ad-Aware
Adobe Acrobat 7.0.9 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe PDF IFilter 4.1
Adobe Photoshop CS2
Adobe Shockwave Player
Adobe Stock Photos 1.0
Air Guard Full
AirStrike II Gulf Thunder
Alien Skin Exposure 2
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Nature Demo
Alien Skin Eye Candy 5 Textures
Alien Skin Image Doctor 2
Alien Skin Snap Art
Alien Skin Splat! 1.0 Demo
Alien Skin Xenofex 2.0
Altostorm Rectilinear Panorama v1.2.1 Pro
Antidote RX v7
Apple Software Update
Around the World: London 1.0
ArtIcons Pro
Artistic Effects by Lokas Software
ArtMasterPro
Ashampoo ClipFinder 1.19
Ashampoo UnInstaller Platinum 2
Aspi Installer
Atani 4.3
ATI - Software Uninstall Utility
ATI AVIVO Transcoder v1.12
ATI Control Panel
ATI Display Driver
ATI MCE Transcode
ATI Multimedia Center 9.03
Atlas of Dermatology
AudioBurst FX Engine
Aurora MPEG To DVD Burner 4.9.15
AutoMask 4_68
AV Bros. Page Curl Pro 2.1 (Remove Only)
AVG Free 8.0
AVI/MPEG/RM/WMV Joiner 4.51
AviInfo 3.1.0
Azureus
Babylon
Beach Head 2002
BiblePro Software
BibleWorks 6
Bixorama
buZZ.Pro 3.0
Call Soft Pro 3.1
CDRoller version 7.51
cFosSpeed v3.11
ChordWizard Gold 2.0
ChordWizard Songtrix Gold 3.0
Christ the Saviour Cathedral 3D 1.0
ChristmasTheme
ClipCache Pro 3.1.0
CloneCD
CloneDVD Full 3.0.2.5
CLUE Classic
Color Efex Pro 3.0 Complete
ColorImpact 3.0
ColorWasher 2.02b
Comfort Lang Switcher 2.1.0.0
Compatibility Pack for the 2007 Office system
CoreAVC Professional Edition (remove only)
COWON Media Center - jetAudio Plus VX
CUE Splitter
Cut-It-Out
CyberLink MPEG-2 video decoder v5.0
Deep Shredder 11 UCI
DFE-520TX
DFX for Winamp
DFX for Windows Media Player
Digital Element Aurora
Directmedia
Discovery 3D Screensaver 1.1
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DivXMuxGUI
D-Link PCI Fast Ethernet Adapter
Dorling Kindersley Application Database v1.4
Drawing Hand Screen Saver
Dream Aquarium
Driver Genius Professional Edition 2007
DSS Electronic Reference Library
DVB Dream version 1.4i
DVDInfoPro
DVDInfoPro
Easy Video Splitter 1.28
easyWebSave 1.7.0
Egyptoid
Elecard AVC PlugIn for XMuxer Pro
Elecard XMuxer Pro
Encyclopaedia Britannica 2007 Ultimate Reference Suite
Encyclopédie Hachette Multimédia (désinstallation)
eXeScope
Extensis Intellihance Pro 4.0
ExtractNow
Eyewitness Encyclopedia of Science 2.0
EZ Extract Resource
EZ Mask v1 for Adobe Photoshop & Photoshop Elements
FaceFilter Studio 2
Fast Video Indexer 1.08
FastFolders v4.0.0
ffdshow [rev 1751] [2007-01-05]
FileRescue for NTFS 2.5
Flash Decompiler Trillix
FlashGet 1.9.6.1073
FLV Player
Focus Magic 3.02
Font Fitting Room Deluxe
Foreign Characters
Foxit Reader
Game Speed Changer 6.3
Gertrudis Pro 3.4.0.0166
GetDataBack for NTFS
GlowingWorld 3.1
Google Desktop
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Hard Disk Sentinel PRO
HD Pack 1.4
HentaII-024.006
Hide IP Platinum 3.4
Hijackthis 1.99.1
HijackThis 1.99.1
Holiday Lights 5.4
Hotfix for MSXML 2 (KB887606)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
HP Photo and Imaging 2.2 - Scanjet 3970 Series
HyperTyle 1.02
INFOPEDIA
Instant Photo Effects 2.0
Intel Application Accelerator
Intel(R) Active Monitor
iolo technologies' Search and Recover 4
iSilo
iWheelWorks 7.72
J2SE Runtime Environment 5.0 Update 11
Jardinains 2!
Jardinains!
Jasc Virtual Painter 4
Java 2 Runtime Environment Standard Edition v1.3.1
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Judaic Classics Library
jv16 PowerTools 2008
Kaleido Flash 2.3
Karaoke CD+G Creator Pro
Karaoke Sound Tools
Kodak DIGITAL GEM Airbrush Professional Plug-In
Kodak DIGITAL GEM Professional Plug-In
Kodak DIGITAL ROC Professional Plug-In
Kodak DIGITAL SHO Professional Plug-In
L&H TTS3000 British English
L&H TTS3000 Français
Learning Essentials for Microsoft Office
Lernout & Hauspie TruVoice American English TTS Engine
LifeGlobe Goldfish Aquarium 2.0
Light Artist 1.3
LiveUpdate 2.6 (Symantec Corporation)
Lizardtech DjVu Control
LogoManager for Nokia Phones
luxor 3
MagicScore
Mask Pro 4.1
Mazaika 3.1
McAfee Desktop Firewall 8.5
Medieval CUE Splitter
Merriam-Webster
Micro Application - 36 Dictionnaires et Recueils de Correspondance - version d'évaluation
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2003 Proofing Tools
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Reader
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Script 5.7
MidiIllustrator v2.01
Monkey's Audio
Mov Recorder
MozBackup 1.4.5
Mozilla Firefox (3.0)
MP3 Rocket
MP3 Splitter & Joiner 3.27
Mp3tag v2.39a
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Music MasterWorks v3.87
Mysteries of Horus
namesuppressed Autochromatic 2.02
Nature Illusion Studio
Noiseware Professional Plug-in
Norton Ghost
n-Track Studio 5
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
oRipa Yahoo Webcam Recorder1.2.2
Oxford Interactive Encyclopedia
PC Auto Shutdown 2.2
PCI SoftV92 Modem
PDF Password Cracker Pro v2.0
PDF Password Remover v3.0
PDR Electronic Library
Pegasus Imaging Corp. "The JPEG Wizard2"
PerfectDisk 2008 Professional
Petit Larousse 2008
Photo! 3D Album 1.0 Beta
Photo! 3D ScreenSaver 1.0 Beta
Photodex Presenter
PhotoFiltre Studio
PhotoKit Color 2 Plug-In Module
PhotoTune 2
piano
Pinnacle Hollywood FX 5

Portraiture Plug-in
Power Stroke v1.0 for Adobe Photoshop & Photoshop Elements
PowerDVD Ultra
Prio v1.9.3
ProShow Gold
QMAX II
Quasar 1.0
Quick Batch File Compiler 3.16
QuickTime
R.C. Cars
Rack Em Up Roadtrip
RAR Password Recovery v1.1 RC16 (remove only)
Real Alternative 1.7.5 Lite
Recover My Files
RightClick RegEx 2.1
Save Flash 4.1
save2pc Pro 3.37
ScanSoft OmniPage 16
ScanSoft PDF Professional 4
Scarabs Of Pharaoh
Screen OCR 6.1
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
SereneScreen Marine Aquarium 2.6
Shape Shifter
Shockwave
Siglos Karaoke Player/Recorder
Skype™ 3.6
SmartWhois
SnagIt 9
Snap for Adobe Photoshop & Photoshop Elements
Snap v2 for Adobe Photoshop & Photoshop Elements
Sobotta 13 - Atlas of Human Anatomy
SoftCamEditor 7.0.4.1364
SolveigMM Video Splitter
SoundMAX
Spectaculator 7.00
SRS Audio Sandbox
Studio 8
Super Collapse! from GameHouse
Surgical Anatomy
Taj Mahal 3D 1.0
Text Copy Helper
The Lost Watch 3D Screensaver 1.0
The Mathematical Explorer
The Rosetta Stone
thriXXX VirtuallyJenna-029.002
Tiffen Dfx v1.0 for Photoshop
TimeToPhoto 2.3.4345
TMPGEnc 4.0 XPress
TMPGEnc MPEG Editor
TMPGEnc Sound Player
Treasure Pyramid
Treasures of Ra 1.2
Trésor de la Langue Française informatisé
Tumblebugs 2
Tweak-XP Pro 4
TwistingPixels
Ulead GIF Animator 5 Trial
Ulead GIF-X.Plugin 2.0
UltraISO Premium V9.2
Undelete NOW! Trial
Uninstall AutoEye
Unlocker 1.8.7
USB Safely Remove 4.0 beta 3
User Profile Hive Cleanup Service
vanBasco's Karaoke Player
Variations 1.0
Venta Fax & Voice 5.3 (remove/restore)
Veo Connect
Vertus Fluid Mask 3 3.0.2
VirtuallyJenna-2.017.002
Water Illusion Professional
Water Illusion Screensaver
WD Diagnostics
Web Dumper 2.3.6
WebcamMax
Winamp
Windows Defender
Windows Defender Signatures
Windows Imaging Component
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinPcap 3.1 beta3
WinRAR archiver
WordWeb Pro
World of Satellites II
xplorer² professional
Yahoo! Messenger
Zoom ADSL USB Modem


----------



## Nokios

I do not remember anything about this "server" in my Hosts file...


On google seems to be either related to Norton antivirus(Symmantec)...I used to have it a long long time ago..but now I still have both: Norton Ghost and Norton Win Doctor...or to the American meteorological society (!!) or....!!

Norton ghost recovery CD offers an antivirus scan...(??..maybe it is related to it?)


----------



## Cookiegal

I should have asked for a list of what you DON'T have installed. 

I would go through that list and remove any programs you no longer use or need via the Control Panel - Add or Remove Programs.

Regarding the following, if you downloaded them intentionally then leave them but malware sometimes installs these types of programs so if not, remove them via the Control Panel.

*3D SexVilla
thriXXX VirtuallyJenna-029.002
VirtuallyJenna-2.017.002*

Remove AVG 8 via the Control Panel as well.

*Click here* to download ATF Cleaner by Atribune and save it to your desktop.
Double-click *ATF-Cleaner.exe* to run the program. (Vista users right-click and slect "Run As Administrator").
Under *Main* choose: *Select All*
Click the *Empty Selected* button.
*If you use Firefox:*
Click *Firefox* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.


*If you use Opera:*
Click *Opera* at the top and choose: *Select All*
Click the *Empty Selected* button.
*
[*]NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.


Click *Exit* on the Main menu to close the program.

Now redownload the AVG8 installer then disconnect from the Internet and disable all of your security programs, i.e. McAfee Firewall, Windows Defender and disable Norton Ghost as well.

Now run the AVG installer.

Don't forget to re-enable your security programs before going back on-line.

Let me know how it goes please.


----------



## Nokios

A big THANK YOU _*Cookiegal*_,

I followed literally all your directives exept for these:
1) I kept the XXX softwares because I had installed them
2) On using the ATF cleaner,"Firefox" was greyed so it could not be clicked
3) I could not deactivate Norton Ghost..

After reinstallation of AVG,setting back Firewall and Win Defender then connecting here I am.....................alas with the same situation..!!no improvement

During reinstalling AVG I got these *2 warnings* (errors?) :

Local machine: installed successfully
Installation:
Warning: Action failed for registry key HKCU\Software\Avg (Administrator): creating registry key....
Error 0x80070005
Warning: Action failed for registry key HKCU\Software\Avg\Avg8 (Administrator): creating registry key....
Internal error. Registry handle has not been opened.

*But* here is a copy of my registry now:

[HKEY_CURRENT_USER\Software\Avg]
[HKEY_CURRENT_USER\Software\Avg\Avg8]
[HKEY_CURRENT_USER\Software\Avg\Avg8\Dialogs]

[HKEY_CURRENT_USER\Software\Avg\Avg8\Dialogs\Layout]
"FrwWizard"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,e9,00,00,00,aa,00,00,00,17,03,00,00,39,02,00,00

[HKEY_CURRENT_USER\Software\Avg\Avg8\MainWnd]
"WndPos"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\

These keys look fine to me !!

I think seriously of keeping the things as they are with a DEactivated Resident shield...I think that the stuff downloaded by firefox are automatically sent for scrutiny by the AVG...same for mail..Besides,Win Defender is supposed to prevent or stop abnormal activity...

*Please advise*...can I do it this way or is it preferable to try another antivirus? (Avira,Avast??)


----------



## Cookiegal

Something must still be interfering.

The same goes for ATF Cleaner if Firefox was greyed out then some components of the program probably didn't get installed.

You can't run AVG without it's resident shield as that's its main component and you wouldn't be protected.

I'd like to check the Event Viewer to see what type of errors are being generated by these failed installs.

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## Nokios

First here are "Application Warnings" not errors...and as you can see they are 2 d old

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 7/8/2008
Time: 11:29:37 PM
User: COMPUTER\*****
Computer: COMPUTER
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 7/8/2008
Time: 11:31:27 PM
User: NT AUTHORITY\SYSTEM
Computer: COMPUTER
Description:
Windows saved user COMPUTER\***** registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 7/9/2008
Time: 12:11:56 AM
User: COMPUTER\*****
Computer: COMPUTER
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 7/9/2008
Time: 12:13:27 AM
User: NT AUTHORITY\SYSTEM
Computer: COMPUTER
Description:
Windows saved user COMPUTER\***** registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 7/9/2008
Time: 2:52:06 AM
User: COMPUTER\*****
Computer: COMPUTER
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 7/9/2008
Time: 2:53:29 AM
User: NT AUTHORITY\SYSTEM
Computer: COMPUTER
Description:
Windows saved user COMPUTER\***** registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 7/9/2008
Time: 12:30:02 PM
User: COMPUTER\*****
Computer: COMPUTER
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 7/9/2008
Time: 12:31:59 PM
User: NT AUTHORITY\SYSTEM
Computer: COMPUTER
Description:
Windows saved user COMPUTER\***** registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

After I installed and run microsoft UPHClean, the P.C. only takes less than 1 min to shut-down...and *no more application* errors in the event viewer


----------



## Nokios

And here are the *System errors* in red

Event Type: Error
Event Source: LDMS
Event Category: None
Event ID: 3023
Date: 7/10/2008
Time: 9:40:20 PM
User: N/A
Computer: COMPUTER
Description:
The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\ide#cdromhl-dt-st_dvdram_gsa-4163b_______________a106____#5&2838d0f2&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 2.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: LDMS
Event Category: None
Event ID: 3023
Date: 7/11/2008
Time: 10:33:58 AM
User: N/A
Computer: COMPUTER
Description:
The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\ide#cdromhl-dt-st_dvdram_gsa-4163b_______________a106____#5&2838d0f2&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 2.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Dhcp
Event Category: None
Event ID: 1002
Date: 7/11/2008
Time: 10:34:09 AM
User: N/A
Computer: COMPUTER
Description:
The IP address lease xxxxxx for the Network Card with network address 00D0E85052D2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: LDMS
Event Category: None
Event ID: 3023
Date: 7/11/2008
Time: 5:52:40 PM
User: N/A
Computer: COMPUTER
Description:
The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\ide#cdromhl-dt-st_dvdram_gsa-4163b_______________a106____#5&2838d0f2&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 2.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

And these *Warnings* in yellow :

Event Type: Warning
Event Source: Server
Event Category: None
Event ID: 2504
Date: 7/11/2008
Time: 6:03:27 PM
User: N/A
Computer: COMPUTER
Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{1A9C94FB-FD95-496F-A75E-13348CB91DE3}.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: aa 05 00 00 ª...

Event Type: Warning
Event Source: Server
Event Category: None
Event ID: 2504
Date: 7/11/2008
Time: 6:03:40 PM
User: N/A
Computer: COMPUTER
Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{1A9C94FB-FD95-496F-A75E-13348CB91DE3}.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: aa 05 00 00 ª...

Event Type: Warning
Event Source: dnscache
Event Category: None
Event ID: 11050
Date: 7/11/2008
Time: 6:03:59 PM
User: N/A
Computer: COMPUTER
Description:
The DNS Client service could not contact any DNS servers for a repeated number of attempts. For the next 30 seconds the DNS Client service will not use the network to avoid further network performance problems. It will resume its normal behavior after that. If this problem persists, verify your TCP/IP configuration, specifically check that you have a preferred (and possibly an alternate) DNS server configured. If the problem continues, verify network conditions to these DNS servers or contact your network administrator.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 51 27 00 00 Q'..

I am always keeping some (badly burned) CDs in my 2 readers to prevent the cd rack from non opening on pressing eject..

The last error might be because I physically disconnected my internet modem (during avg uninstall then reinstall) before booting

Maybe you should know..I use a 160Gb WD HDD on EIDE as primary(main)...and I have,connected,another WD 160Gb HDD.

It is SATA and connected trough USB ..


----------



## Nokios

False hope

I had written:

_I uninstalled an Alcohol virtual DVD Drive and it looks like this was at the base of the problem...To confirm,I need some time...._

It was a false hope..now everything is back with same problem!


----------



## Nokios

Cookiegal said:


> The same goes for ATF Cleaner if Firefox was greyed out then some components of the program probably didn't get installed.


That may be because my Firefox is on the D: while the system is on C:..??


----------



## Metaphorik

How about not using AVG? Try other security freeware, maybe that would help.

Metaphorik


----------



## Metaphorik

I that is what we are still talking about


----------



## Metaphorik

If**


----------



## Cookiegal

Nokios said:


> That may be because my Firefox is on the D: while the system is on C:..??


That is possible.


----------



## Cookiegal

Can you please confirm to me that you are located in Egypt?


----------



## Nokios

About AVG, I have uninstalled it and I am now trying Avira Free...


----------



## Cookiegal

No, I was just making sure the O17 entry in the HijackThis log was valid as it belongs to an Internet Provider in xxxxxx so everything is fine there.

Let me know how the AntiVir install goes please.

In the meantime, please also do this:

Please download Malwarebytes Anti-Malware form *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply along with a new HijackThis log please.

Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*


----------



## Nokios

Avira AntiVir Personal
Report file date: Friday, July 11, 2008 22:36

Scanning for 1419754 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: COMPUTER

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 08:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 07:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 07:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 07:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 09:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 18:35:56
ANTIVIR2.VDF : 7.0.5.86 547840 Bytes 7/9/2008 18:36:07
ANTIVIR3.VDF : 7.0.5.103 247296 Bytes 7/11/2008 18:36:12
Engineversion : 8.1.0.64 
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 08:58:21
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 7/11/2008 18:36:48
AESCN.DLL : 8.1.0.22 119157 Bytes 7/11/2008 18:36:46
AERDL.DLL : 8.1.0.20 418165 Bytes 7/11/2008 18:36:43
AEPACK.DLL : 8.1.1.6 364918 Bytes 7/11/2008 18:36:39
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 7/11/2008 18:36:35
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 7/11/2008 18:36:33
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/11/2008 18:36:22
AEGEN.DLL : 8.1.0.29 307573 Bytes 7/11/2008 18:36:20
AEEMU.DLL : 8.1.0.6 430451 Bytes 7/11/2008 18:36:17
AECORE.DLL : 8.1.0.32 168311 Bytes 7/11/2008 18:36:14
AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/23/2008 16:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 09:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 12:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 1/23/2008 16:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 07:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 07:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 16:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/23/2008 16:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 11:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 13:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 11:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, S:, T:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Friday, July 11, 2008 22:36

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'YAHOOM~1.EXE' - '1' Module(s) have been scanned
Scan process 'clipc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'SRSSSC.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'VProTray.exe' - '1' Module(s) have been scanned
Scan process 'imontray.exe' - '1' Module(s) have been scanned
Scan process 'AutoShutdown.exe' - '1' Module(s) have been scanned
Scan process 'imonNT.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'uphclean.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'cfosspeed.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'CAMTHINS.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'FireTray.exe' - '1' Module(s) have been scanned
Scan process 'TBMon.exe' - '1' Module(s) have been scanned
Scan process 'Amoumain.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'scsiaccess.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'PSIService.exe' - '1' Module(s) have been scanned
Scan process 'VProSvc.exe' - '1' Module(s) have been scanned
Scan process 'naPrdMgr.exe' - '1' Module(s) have been scanned
Scan process 'FrameworkService.exe' - '1' Module(s) have been scanned
Scan process 'FireSvc.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'spd.exe' - '1' Module(s) have been scanned
Scan process 'ASTSRV.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
56 processes with 56 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'S:\'
[INFO] No virus was found!
Boot sector 'T:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '30' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Yahoo!\Messenger\Yahoo! Messenger AD-Remover New 2 Patch.exe
[DETECTION] Is the Trojan horse TR/Patch.F.7
[NOTE] The file was moved to '48dfc257.qua'!
C:\Program Files\Yahoo!\Webcam Recorder\files\ejoystudio_oripa.yahoo.webcam.recorder_v1.2.3.x_patch-GEAR.exe
[DETECTION] Is the Trojan horse TR/Keygen.Q.19
[NOTE] The file was moved to '48e6c289.qua'!
C:\System Volume Information\_restore{F10A0B92-147F-40FD-8736-24D4478A0E5C}\RP1413\A0963604.exe
[DETECTION] Is the Trojan horse TR/Sinowal.DX
[NOTE] The file was moved to '48b0c2e7.qua'!
C:\System Volume Information\_restore{F10A0B92-147F-40FD-8736-24D4478A0E5C}\RP1413\A0963615.exe
[DETECTION] Is the Trojan horse TR/Agent.667728
[NOTE] The file was moved to '48b0c2ea.qua'!
C:\System Volume Information\_restore{F10A0B92-147F-40FD-8736-24D4478A0E5C}\RP1413\A0963637.exe
[DETECTION] Is the Trojan horse TR/Patch.F.7
[NOTE] The file was moved to '48b0c2ee.qua'!
C:\System Volume Information\_restore{F10A0B92-147F-40FD-8736-24D4478A0E5C}\RP1413\A0963638.exe
[DETECTION] Is the Trojan horse TR/Keygen.Q.19
[NOTE] The file was moved to '48b0c2f1.qua'!
C:\WINDOWS\system32\Taj Mahal 3D.scr
[DETECTION] Is the Trojan horse TR/Agent.92244
[NOTE] The file was moved to '48e1c69e.qua'!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Extra>
D:\My Documents\Unzipped\Adobe Acrobat 9.0.0.332 Pro Extended\keygen.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[WARNING] The file was ignored!
D:\Program Files\Coolcolor.exe
[0] Archive type: RAR SFX (self extracting)
--> patch.exe
[DETECTION] Is the Trojan horse TR/Agent.64000.Y
[NOTE] The file was moved to '48e6ca0f.qua'!
D:\Program Files\ShredderChess\Deep Shredder 11 UCI\keygen.exe
[DETECTION] Is the Trojan horse TR/Krunchy.50688.C
[NOTE] The file was moved to '48f0cc1f.qua'!
D:\System Volume Information\_restore{F10A0B92-147F-40FD-8736-24D4478A0E5C}\RP1413\A0963614.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48b0cc94.qua'!
D:\System Volume Information\_restore{F10A0B92-147F-40FD-8736-24D4478A0E5C}\RP1413\A0963641.exe
[0] Archive type: RAR SFX (self extracting)
--> patch.exe
[DETECTION] Is the Trojan horse TR/Agent.64000.Y
[NOTE] The file was moved to '48b0cc95.qua'!
D:\System Volume Information\_restore{F10A0B92-147F-40FD-8736-24D4478A0E5C}\RP1413\A0963642.exe
[DETECTION] Is the Trojan horse TR/Krunchy.50688.C
[NOTE] The file was moved to '48b0cc96.qua'!
Begin scan in 'E:\' <Store>
E:\Setup\Adobe Acrobat\Adobe CS3 Keys Collection.rar
[0] Archive type: RAR
--> CS3 Keygen Collection\Audition 2.0.exe
[DETECTION] Is the Trojan horse TR/PSWeric5.AFKC
--> CS3 Keygen Collection\DreamWeaver CS3 Keygen + Activation.exe
[DETECTION] Is the Trojan horse TR/Proxy.Horst.aae.11
--> CS3 Keygen Collection\Dreamweaver CS3.exe
[DETECTION] Is the Trojan horse TR/Proxy.Horst.aae.8
--> CS3 Keygen Collection\FireWorks CS3 Keygen + Activation.exe
[DETECTION] Is the Trojan horse TR/Proxy.Horst.aae.13
--> CS3 Keygen Collection\Flash CS3 Keygen + Activation.exe
[DETECTION] Is the Trojan horse TR/Proxy.Horst.aae.10
--> CS3 Keygen Collection\Flash CS3 Keygen.exe
[DETECTION] Is the Trojan horse TR/Proxy.Horst.aae.14
--> CS3 Keygen Collection\GoLive CS3 Keygen.exe
[DETECTION] Is the Trojan horse TR/Packed.7703
--> CS3 Keygen Collection\PhotoShop CS3 Extended Keygen + Activation.exe
[DETECTION] Is the Trojan horse TR/Proxy.Horst.aae.3
--> CS3 Keygen Collection\Photoshop CS3 Keygen.exe
[DETECTION] Is the Trojan horse TR/Proxy.Horst.aae.12
[NOTE] The file was moved to '48e6cfb9.qua'!
E:\Setup\Adobe Acrobat\PDFReaderPro2.2.2129.rar
[0] Archive type: RAR
--> Foxit Reader v2.2 Build 2129_Patch.exe
[DETECTION] Is the Trojan horse TR/Agent.AHOE.7
[NOTE] The file was moved to '48bdcf9c.qua'!
E:\Setup\AntiSpy & Malware\NetPeeker283_2.rar
[0] Archive type: RAR
--> patch.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.541186
[NOTE] The file was moved to '48ebcff1.qua'!
E:\Setup\AntiSpy & Malware\SmitfraudFix.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.7
[NOTE] The file was moved to '48e0d002.qua'!
E:\Setup\AntiSpy & Malware\Spyware Doctor v5.5.1.322 Multilingual patch-tRUE.rar
[0] Archive type: RAR
--> Spyware Doctor v5.5.1.322 Multilingual patch-tRUE.exe
[DETECTION] Is the Trojan horse TR/Packed.10447
[NOTE] The file was moved to '48f0d009.qua'!
E:\Setup\Chemistry\Crocodile Chemistry 605.rar
[0] Archive type: RAR
--> keygen.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48e6d133.qua'!
E:\Setup\Coding & decoding\Resource Extractors\Restorator 3.7.1709.rar
[0] Archive type: RAR
--> patch.exe
[DETECTION] Is the Trojan horse TR/Agent.98304.I
[NOTE] The file was moved to '48ead12f.qua'!
E:\Setup\Cracks & Keygens\Crack Clock & Trial Doctor\RegTrashKeyFinder 3.7.1.zip
[0] Archive type: ZIP
--> registry.trash.keys.finder.v3.7.1_sr2-unlocker.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.GV.355 Backdoor server programs
[NOTE] The file was moved to '48ded13f.qua'!
E:\Setup\Cracks & Keygens\Crack Clock & Trial Doctor\Trial removal tools.rar
[0] Archive type: RAR
--> T4R.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.BV.390 Backdoor server programs
[NOTE] The file was moved to '48e0d14d.qua'!
E:\Setup\Cracks & Keygens\Crack Clock & Trial Doctor\TrialReset_3.3__Public__Final.rar
[0] Archive type: RAR
--> Plugins\Empty Key.dll
[DETECTION] Is the Trojan horse TR/Generic.330475
[NOTE] The file was moved to '48e0d14e.qua'!
E:\Setup\Cryptography\Belltech InfoProtect v1.3 in Pictures.rar
[0] Archive type: RAR
--> Belltech.InfoProtect.v1.3\keygen.exe
[DETECTION] Is the Trojan horse TR/Agent.377743
[NOTE] The file was moved to '48e3d144.qua'!
E:\Setup\DVD\Cyberlink Power DVD Ultra Deluxe 7.3.3319f.rar
[0] Archive type: RAR
--> Keygen.exe
[DETECTION] Is the Trojan horse TR/Dialer.2866E41B
[NOTE] The file was moved to '48d9d193.qua'!
E:\Setup\Games\Chess\Deep Shredder 11.Trojan in Keygen.rar
[0] Archive type: RAR
--> keygen.exe
[DETECTION] Is the Trojan horse TR/Krunchy.50688.C
[NOTE] The file was moved to '48dcd30e.qua'!
E:\Setup\Internet\Smart Who is 215.rar
[0] Archive type: RAR
--> [email protected]\crack.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Gendal.1500736 Backdoor server programs
[NOTE] The file was moved to '48d8d3d4.qua'!
E:\Setup\Internet\Sothink Web Video Downloader for Firefox v3.3.70720.rar
[0] Archive type: RAR
--> Keygen.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ial.10
[NOTE] The file was moved to '48ebd3d7.qua'!
E:\Setup\Internet\Yahoo Webcam Recorder.oRipa v1.2.rar
[0] Archive type: RAR
--> Patch.exe
[DETECTION] Is the Trojan horse TR/Keygen.Q.19
[NOTE] The file was moved to '48dfd3cb.qua'!
E:\Setup\Internet\Yahoo__Messenger_v8.1.0.209 & Patch.rar
[0] Archive type: RAR
--> Yahoo! Messenger v8.1.0.209\Yahoo! Messenger AD-Remover New 2 Patch.exe
[DETECTION] Is the Trojan horse TR/Patch.F.7
[NOTE] The file was moved to '48dfd3cd.qua'!
E:\Setup\Internet\Downloaders\GetRight & Serial\GETRT45D.EXE
[DETECTION] Contains detection pattern of the dropper DR/Gator.1050.1
[NOTE] The file was moved to '48cbd3b6.qua'!
E:\Setup\Internet\Sniffers\ACE Password Sniffer 1.2 & Reg.rar
[0] Archive type: RAR
--> ApsSetup.exe
[DETECTION] Contains detection pattern of the dropper DR/PSW.APS.12
[NOTE] The file was moved to '48bcd3e2.qua'!
E:\Setup\Internet\Sniffers\a_msn_monitor.rar
[0] Archive type: RAR
--> a_msn_monitor.exe
[DETECTION] Contains detection pattern of the dropper DR/MsnChatMonitor.33.3
[NOTE] The file was moved to '48e4d3ff.qua'!
E:\Setup\Internet\Sniffers\Mesenger detect.rar
[0] Archive type: RAR
--> mdetect.exe
[DETECTION] Contains detection pattern of the dropper DR/MSNDetect.205.6
[NOTE] The file was moved to '48ead406.qua'!
E:\Setup\Internet\Sniffers\msn.messenger.monitor.sniffer.3.0-NoPE.rar
[0] Archive type: RAR
--> msnmonitor.exe
[DETECTION] Contains detection pattern of the dropper DR/MonitorSniffer.D
[NOTE] The file was moved to '48e5d415.qua'!
E:\Setup\Music Scores & Instruments\EarMaster.Pro.v5.608S.rar
[0] Archive type: RAR
--> EarMaster.Pro.v5.608S\earmaster.pro.5.608p-patch.exe
[DETECTION] Is the Trojan horse TR/Agent.87552.C
[NOTE] The file was moved to '48e9d42b.qua'!
E:\Setup\Music Scores & Instruments\EarMaster.School.v5.608S.rar
[0] Archive type: RAR
--> EarMaster.School.v5.608S\earmaster.school.5.608s-patch.exe
[DETECTION] Is the Trojan horse TR/Agent.87552.B
[NOTE] The file was moved to '48e9d42d.qua'!
E:\Setup\Music Scores & Instruments\MagicScore Maestro 5.26 & Serial.rar
[0] Archive type: RAR
--> MagicScoreSetup.exe
[DETECTION] Is the Trojan horse TR/Agent.4625291
[NOTE] The file was moved to '48ded465.qua'!
E:\Setup\Performance\Folder Size,Fast Folders,Clip Boards\Global.Clipboard.v2.16.rar
[0] Archive type: RAR
--> Patch.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48e6d5f8.qua'!
E:\Setup\Phone\Phone.rar
[0] Archive type: RAR
--> Oxygen_Phone_Manager_2.8.5.2 & Launcher\Crack\launch.exe
[DETECTION] Is the Trojan horse TR/Keygen.L
[NOTE] The file was moved to '48e6d611.qua'!
E:\Setup\Photos\CrazyTalk.4.5.rar
[0] Archive type: RAR
--> CrazyTalk.4.5\CrazyTalk.4.5\CrazyTalk.4.5\Crack\dp-crta45.exe
[DETECTION] Is the Trojan horse TR/Spy.V
[NOTE] The file was moved to '48d8d67c.qua'!
E:\Setup\Photos\Photoshop_CS2.zip
[0] Archive type: ZIP
--> KeyGen.rar
[1] Archive type: RAR
--> keygen.exe
[DETECTION] Contains detection pattern of the worm WORM/Autorun.cxl
[NOTE] The file was moved to '48e6d703.qua'!
E:\Setup\Photos\GIF\Easy GIF Animator 4.zip
[0] Archive type: ZIP
--> Patch.exe
[DETECTION] Is the Trojan horse TR/Agent.29872
[NOTE] The file was moved to '48ead762.qua'!
E:\Setup\Photos\Photoshop CS3\CS3 Keygen Collection.rar
[0] Archive type: RAR
--> PhotoShop CS3 Extended Keygen + Activation.exe
[DETECTION] Is the Trojan horse TR/Proxy.Horst.aae.3
--> Photoshop CS3 Keygen.exe
[DETECTION] Is the Trojan horse TR/Proxy.Horst.aae.12
[NOTE] The file was moved to '48aad7a6.qua'!
E:\Setup\Photos\Photoshop CS3\Photoshop_CS3Ext.rar
[0] Archive type: RAR
--> Serial + Crack\Keygen.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.cwr
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26001
[WARNING] 
E:\Setup\Photos\Plug-ins\Akvis_Coloriage_4.1.282.1068-r.rar
[0] Archive type: RAR
--> AKVIS Coloriage 4.1.282.1068-r\Coloriage.8bf
[DETECTION] Is the Trojan horse TR/Agent.1830585
[NOTE] The file was moved to '48edd883.qua'!
E:\Setup\References\Dictionaries & Languages\Babylon.v7.0.0.13.Pro.rar
[0] Archive type: RAR
--> babylon.7.0.0.13.pro-patch.exe
[DETECTION] Is the Trojan horse TR/Gendal.134656
[NOTE] The file was moved to '48d9d971.qua'!
E:\Setup\References\Dictionaries & Languages\Babylon6 & Patch.rar
[0] Archive type: RAR
--> Patch.exe
[DETECTION] Is the Trojan horse TR/Virtl.7537
[NOTE] The file was moved to '48d9d978.qua'!
E:\Setup\References\Dictionaries & Languages\Busines Translator.rar
[0] Archive type: RAR
--> Crack\business_translator.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[NOTE] The file was moved to '48ead992.qua'!
E:\Setup\Sat Card\My Theatre\MyTheatre.v3.33.5 & Crack.rar
[0] Archive type: RAR
--> crack\MyTheatre.exe
[DETECTION] Is the Trojan horse TR/DU.A.5
[NOTE] The file was moved to '48cbdc61.qua'!
E:\Setup\Sat Card\My Theatre\MyTheatre.v3.33.8 & Crack.rar
[0] Archive type: RAR
--> crack\MyTheatre.exe
[DETECTION] Is the Trojan horse TR/DU.A.5
[NOTE] The file was moved to '48cbdc65.qua'!
E:\Setup\Screen Savers\Taj Mahal 3D Screensaver 1.0..Maybe Trojan.rar
[0] Archive type: RAR
--> Taj Mahal 3D Screensaver 1.0\Cracked\Taj Mahal 3D.scr
[DETECTION] Is the Trojan horse TR/Agent.92244
--> Taj Mahal 3D Screensaver 1.0\Cracked\Taj Mahal 3D.exe
[DETECTION] Is the Trojan horse TR/Agent.667728
[NOTE] The file was moved to '48e1dc84.qua'!
E:\Setup\Sex Games\HentaII 3D v17.rar
[0] Archive type: RAR
--> HentaII\HentaII-3D-017-004-AMD_FIX_nmteam.net.exe
[1] Archive type: RAR SFX (self extracting)
--> Binaries\HentaII3D-017.004-start.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48e5dcc7.qua'!
E:\Setup\Sinclair Spectrum\Spectaculator.6.30.0567 Serial & Patch.zip
[0] Archive type: ZIP
--> Spectaculator_6.30.0567 Patch.exe
[DETECTION] Is the Trojan horse TR/Agent.24390
[NOTE] The file was moved to '48dcdd1a.qua'!
E:\Setup\Small Not v imp progr\Coolcolor.exe
[0] Archive type: RAR SFX (self extracting)
--> patch.exe
[DETECTION] Is the Trojan horse TR/Agent.64000.Y
[NOTE] The file was moved to '48e6dd1b.qua'!
E:\Setup\Spy & Cie\AdvInvKey17.rar
[0] Archive type: RAR
--> Setup.exe
[DETECTION] Contains detection pattern of the dropper DR/ActiveKeyLogger.24.16
[NOTE] The file was moved to '48eddd4c.qua'!
E:\Setup\Spy & Cie\USBThief.rar
[0] Archive type: RAR
--> batexe\mspass.exe
[DETECTION] Is the Trojan horse TR/Drop.Ag.283039.A
[NOTE] The file was moved to '48b9dd3c.qua'!
E:\Setup\SYSTEM..SP1.. etc\Windows_Keygen_Pack 8.2006.rar
[0] Archive type: RAR
--> KeyGen Windows Keygen Pack APMKPR\[KeyGen] Windows Keygen Pack (APMKPR2)\Microsoft Windows Media Center Edition 2005 -Activator-\cRaCk\cRaCk.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
--> KeyGen Windows Keygen Pack APMKPR\[KeyGen] Windows Keygen Pack (APMKPR2)\Windows Multi kEyGeN\kEyGeN.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[NOTE] The file was moved to '48e5dd82.qua'!
E:\Setup\SYSTEM..SP1.. etc\Microsoft ToolKit\Activate Win XP Sp2 Part 1.rar
[0] Archive type: RAR
--> Activate Win XP Sp2 Part 1\Activate Win XP Sp2 Part 1\WPA_Kill.exe
[DETECTION] Is the Trojan horse TR/Virtl.Wpakill.G
[NOTE] The file was moved to '48ebdd7e.qua'!
E:\Setup\SYSTEM..SP1.. etc\Microsoft ToolKit\Activate Win XP Sp2 Part 2.rar
[0] Archive type: RAR
--> Activate Win XP Sp2 Part 2\Activate Win XP Sp2 Part 2\WPA_Kill.exe
[DETECTION] Is the Trojan horse TR/Virtl.Wpakill.G
[NOTE] The file was moved to '48ebdd7f.qua'!
E:\Setup\SYSTEM..SP1.. etc\Microsoft ToolKit\Activator & Product Activation Crack 1.6.rar
[0] Archive type: RAR
--> Activator & Product Activation Crack 1.6\Activator & Product Activation Crack 1.6\AntiProductActivationCrack_1_6\WPA_Kill.exe
[DETECTION] Is the Trojan horse TR/Virtl.Wpakill.G
[NOTE] The file was moved to '48ebdd80.qua'!
E:\Setup\SYSTEM..SP1.. etc\Microsoft ToolKit\Anti Product Activation Crack 1.6.rar
[0] Archive type: RAR
--> Anti Product Activation Crack 1.6\Anti Product Activation Crack 1.6\AntiProductActivationCrack_1_6\WPA_Kill.exe
[DETECTION] Is the Trojan horse TR/Virtl.Wpakill.G
[NOTE] The file was moved to '48ebdd8b.qua'!
E:\Setup\SYSTEM..SP1.. etc\Microsoft ToolKit\Cracks-Activators.rar
[0] Archive type: RAR
--> Cracks-Activators\Cracks-Activators\Windows_2003_and_Windows_XP_SP_2_Anti_Product_Activation_Crack_v1.2.rar
[1] Archive type: RAR
--> WPA_Kill.exe
[DETECTION] Is the Trojan horse TR/Tool.Wpakill.A
[NOTE] The file was moved to '48d8dd90.qua'!
E:\Setup\SYSTEM..SP1.. etc\Microsoft ToolKit\KeyGens.rar
[0] Archive type: RAR
--> KeyGens\KeyGens\AllWindows_Tipa_KeyGen.rar
[1] Archive type: RAR
--> Win9x.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
--> KeyGens\KeyGens\Win9x.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[NOTE] The file was moved to '48f0dd84.qua'!
E:\Setup\SYSTEM..SP1.. etc\Microsoft ToolKit\RockXP 3.0.rar
[0] Archive type: RAR
--> RockXP 3.0\RockXP 3.0\RockXP 3.0.exe
[DETECTION] Contains detection pattern of the dropper DR/PSW.RAS.A.6
[NOTE] The file was moved to '48dadd90.qua'!
E:\Setup\SYSTEM..SP1.. etc\Microsoft ToolKit\toolkit.rar
[0] Archive type: RAR
--> toolkit\ToolKit Part 5\XXX5\WinXP-2K3-Anti-Product Activation-Patch 1.2.zip
[1] Archive type: ZIP
--> WPA_Kill.exe
[DETECTION] Is the Trojan horse TR/Tool.Wpakill.A
--> toolkit\ToolKit Part 1\XXX1\MSKey4in1.rar
[1] Archive type: RAR
--> MSKey4in1.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Tagent.E Backdoor server programs
--> toolkit\ToolKit Part 1\XXX1\winxp_2003.rar
[1] Archive type: RAR
--> cr-Windows_2003_and_Windows_XP_SP_2_Anti_Product_Activation_Crack_v1.2.rar
[2] Archive type: RAR
--> cr-Windows_2003_and_Windows_XP_SP_2_Anti_Product_Activation_Crack_v1.2\WPA_Kill.exe
[DETECTION] Is the Trojan horse TR/Tool.Wpakill.A
--> toolkit\ToolKit Part 1\XXX1\wxpo2k3_mskey.rar
[1] Archive type: RAR
--> wxpo2k3_mskey.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Tagent.E Backdoor server programs
--> toolkit\ToolKit Part 2\XXX2\Microsoft_Windows_Universal_CD-Key_Generator.zip
[1] Archive type: ZIP
--> MS-CDKeyGen.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
--> toolkit\ToolKit Part 2\XXX2\Windows_2003_and_Windows_XP_SP_2_Anti_Product_Activation_Crack_v1[1].2.zip
[1] Archive type: ZIP
--> WPA_Kill.exe
[DETECTION] Is the Trojan horse TR/Tool.Wpakill.A
--> toolkit\ToolKit Part 2\XXX2\winxp_SP2.rar
[1] Archive type: RAR
--> cr-Windows_2003_and_Windows_XP_SP_2_Anti_Product_Activation_Crack_v1.2.rar
[2] Archive type: RAR
--> cr-Windows_2003_and_Windows_XP_SP_2_Anti_Product_Activation_Crack_v1.2\WPA_Kill.exe
[DETECTION] Is the Trojan horse TR/Tool.Wpakill.A
[NOTE] The file was moved to '48e6dd91.qua'!
E:\Setup\SYSTEM..SP1.. etc\Microsoft ToolKit\vista_automatic1clickcrck.rar
[0] Archive type: RAR
--> vista_automatic1clickcrck\VRTMC V2.2 Final By SpOtTy DoGg & MaD ShEeP\Images\Slides\Check Crack.exe
[DETECTION] Is the Trojan horse TR/ActivCrk.D
--> vista_automatic1clickcrck\VRTMC V2.2 Final By SpOtTy DoGg & MaD ShEeP\Images\Slides\Setting Bios.exe
[DETECTION] Is the Trojan horse TR/ActivCrk.A
--> vista_automatic1clickcrck\VRTMC V2.2 Final By SpOtTy DoGg & MaD ShEeP\RTM\Crack\Vista RTM Crack.exe
[DETECTION] Is the Trojan horse TR/ActivCrk.C
--> vista_automatic1clickcrck\VRTMC V2.2 Final By SpOtTy DoGg & MaD ShEeP\RTM\Crack\timerstop.sys
[DETECTION] Is the Trojan horse TR/ActivCrk.B
[NOTE] The file was moved to '48eadd8d.qua'!
E:\Setup\SYSTEM..SP1.. etc\Microsoft ToolKit\Win XP SP2 - Activation Crack.rar
[0] Archive type: RAR
--> Win XP SP2 - Activation Crack\Win XP SP2 - Activation Crack\cr-Windows_2003_and_Windows_XP_SP_2_Anti_Product_Activation_Crack_v1.2.rar
[1] Archive type: RAR
--> cr-Windows_2003_and_Windows_XP_SP_2_Anti_Product_Activation_Crack_v1.2\WPA_Kill.exe
[DETECTION] Is the Trojan horse TR/Tool.Wpakill.A
[NOTE] The file was moved to '48e5dd8d.qua'!

Continued in next message..


----------



## Nokios

E:\Setup\SYSTEM..SP1.. etc\Microsoft ToolKit\WGA\Anti-WPA SP3_May 2008.rar
[0] Archive type: RAR
--> IA64\antiwpa.dll
[DETECTION] Is the Trojan horse TR/Wpakill
[NOTE] The file was moved to '48ebdd94.qua'!
E:\Setup\Video Utilities\Codecs\SONICCINEMASTERMPEG_2DECODE.zip
[0] Archive type: ZIP
--> SONICCINEMASTERMPEG_2DECODE.EXE
[DETECTION] Is the Trojan horse TR/Agent.454144
[NOTE] The file was moved to '48c5ddd0.qua'!
E:\Setup\Video Utilities\Codecs\264\CoreAVC Pro v1.7.0.0.rar
[0] Archive type: RAR
--> keygen.exe
[DETECTION] Is the Trojan horse TR/Krunchy.35328
[NOTE] The file was moved to '48e9ddf1.qua'!
E:\Setup\Video Utilities\Video Capture of Computer Screen\Portable EZ Screen Recorder.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Turkojan.AV.1 Backdoor server programs
[NOTE] The file was moved to '48e9de27.qua'!
E:\System Volume Information\_restore{F10A0B92-147F-40FD-8736-24D4478A0E5C}\RP1405\A0963159.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.7
[NOTE] The file was moved to '48b0de02.qua'!
E:\System Volume Information\_restore{F10A0B92-147F-40FD-8736-24D4478A0E5C}\RP1413\A0963643.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.7
[NOTE] The file was moved to '48b0de10.qua'!
E:\System Volume Information\_restore{F10A0B92-147F-40FD-8736-24D4478A0E5C}\RP1413\A0963645.EXE
[DETECTION] Contains detection pattern of the dropper DR/Gator.1050.1
[NOTE] The file was moved to '4922eeb9.qua'!
E:\System Volume Information\_restore{F10A0B92-147F-40FD-8736-24D4478A0E5C}\RP1413\A0963646.exe
[0] Archive type: RAR SFX (self extracting)
--> patch.exe
[DETECTION] Is the Trojan horse TR/Agent.64000.Y
[NOTE] The file was moved to '48b0de11.qua'!
E:\System Volume Information\_restore{F10A0B92-147F-40FD-8736-24D4478A0E5C}\RP1413\A0963647.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Turkojan.AV.1 Backdoor server programs
[NOTE] The file was moved to '4922eeba.qua'!
Begin scan in 'S:\' <SATA>
Begin scan in 'T:\'

End of the scan: Saturday, July 12, 2008 02:00
Used time: 3:24:36 min

The scan has been done completely.

16943 Scanning directories
836675 Files were scanned
97 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
75 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
836578 Files not concerned
9690 Archives were scanned
5 Warnings
75 Notes


----------



## Cookiegal

You've cracked just about every program you have, including the operating system, and then you have the nerve to come here and ask for help installing a free program. 

I'm closing this thread.

My best advice to you is wipe the drive and reformat with a legal operating system and legal software.


----------

