AVG Anti-Virus 7.5 Professional For Free

numbnuts

AVG Anti-Virus 7.5 Professional For Free..
http://www.computeractive.co.uk/avg/index

We’re giving away the commercial version of AVG Anti-Virus 7.5 Professional, a full security utility.

Happy New Year Everyone..:)

Paddy...:cool:

Screaming Monkey

offer over, the ftp link doesn't work anymore, need to use
http://www.vnudownloads.com/avg7_503a1171_vnu.exe

more info on the bargin alerts forum http://www.boards.ie/vbulletin/showthread.php?t=2055206217

EdgarAllenPoo

If you put something in the AVG virus vault, I presume your computer is safe as long as it stays there. Correct? I have a virus which can't be healed, if I wipe it what are the ramifications likely to be?

Only have the new computer about a week and even with AVG,Ad-Aware and Spybot I still got a virus(JS Downloader Agent, whatever that is) when I clicked a link to a website.

ActorSeeksJob

Do this GDM

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

EdgarAllenPoo

extra.txt

System Information

---

Microsoft® Windows Vista™ Home Basic (build 6000)
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) D CPU 3.46GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 445.88 MiB / 129.75 MiB
Pagefile Memory (total/avail): 1441.94 MiB / 722.58 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.68 MiB

C: is Fixed (NTFS) - 212.87 GiB total, 189.55 GiB free.
is Fixed (FAT32) - 20 GiB total, 16.14 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500JS-22NCB1 ATA Device - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 212.87 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 20.01 GiB -

\\.\PHYSICALDRIVE1 - Generic Flash HS-CF USB Device

\\.\PHYSICALDRIVE2 - Generic Flash HS-MS/SD USB Device

\\.\PHYSICALDRIVE3 - Generic Flash HS-SM USB Device

\\.\PHYSICALDRIVE4 - Lexmark USB Mass Storage USB Device



-- Security Center

---

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.516 v7.5.516 (Grisoft)
AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables

---

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Dave\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MARIA
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Dave
LOCALAPPDATA=C:\Users\Dave\AppData\Local
LOGONSERVER=\\MARIA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0605
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Dave\AppData\Local\Temp
TMP=C:\Users\Dave\AppData\Local\Temp
USERDOMAIN=Maria
USERNAME=Dave
USERPROFILE=C:\Users\Dave
windir=C:\Windows


-- User Profiles

---

Dave


-- Add/Remove Programs

---

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BullGuard Install 1.0 --> C:\Program Files\BullGuard Install\Remove BullGuard Install.exe
EA SPORTS™ Rugby 08 --> MsiExec.exe /X{18D00C9F-B259-4838-871A-C61FCFF34C59}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Lexmark 3400 Series --> C:\Program Files\Lexmark 3400 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Lexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 7 Essentials --> MsiExec.exe /X{81AB1374-098A-43CB-BE57-31CEB5EB1033}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Office System 2007 Setup (KB929722) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
VIA Display Vista Driver 7.14.10.0055 --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u -log UChromeP.uns


-- Application Event Log

---

Event Record #/Type1106 / Success
Event Submitted/Written: 01/06/2008 06:43:45 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type1102 / Success
Event Submitted/Written: 01/06/2008 06:43:41 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type1099 / Success
Event Submitted/Written: 01/06/2008 06:43:28 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type1089 / Warning
Event Submitted/Written: 01/06/2008 02:37:40 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1333149193-1370995486-3774191047-1000_Classes:
Process 876 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1333149193-1370995486-3774191047-1000_CLASSES

Event Record #/Type1088 / Warning
Event Submitted/Written: 01/06/2008 02:37:39 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1333149193-1370995486-3774191047-1000:
Process 876 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1333149193-1370995486-3774191047-1000



-- Security Event Log

---

No Errors/Warnings found.


-- System Event Log

---

Event Record #/Type5583 / Warning
Event Submitted/Written: 01/06/2008 07:40:50 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Maria27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Maria27 can't undo changes that you allow.

For more information please see the following:
%Maria275

Scan ID: {B013AC03-082A-435D-9447-6DF5D27AC389}

User: Maria\Dave

Name: %Maria271

ID: %Maria272

Severity ID: %Maria273

Category ID: %Maria274

Path Found: %Maria276

Alert Type: %Maria278

Detection Type: 1.1.1505.02

Event Record #/Type5582 / Warning
Event Submitted/Written: 01/06/2008 07:40:50 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Maria27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Maria27 can't undo changes that you allow.

For more information please see the following:
%Maria275

Scan ID: {0F82DA84-8D13-4A4F-9774-0F6992C231A8}

User: Maria\Dave

Name: %Maria271

ID: %Maria272

Severity ID: %Maria273

Category ID: %Maria274

Path Found: %Maria276

Alert Type: %Maria278

Detection Type: 1.1.1505.02

Event Record #/Type5576 / Warning
Event Submitted/Written: 01/06/2008 07:36:02 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0019DB5C7D18. The following error occurred:
%%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type5575 / Warning
Event Submitted/Written: 01/06/2008 07:35:18 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0019DB5C7D18. The following error occurred:
%%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type5574 / Warning
Event Submitted/Written: 01/06/2008 07:33:50 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0019DB5C7D18. The following error occurred:
%%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-01-06 19:41:28

---

main.txt

Deckard's System Scanner v20071014.68
Run by Dave on 2008-01-06 19:38:40
Computer is in Normal Mode.

---

-- Last 5 Restore Point(s) --
13: 2008-01-06 13:29:09 UTC - RP26 - Ad-Aware Restore Point 2008-01-06 13:29:01
12: 2008-01-06 13:01:45 UTC - RP24 - Installed Ad-Aware 2007
11: 2008-01-05 12:15:25 UTC - RP23 - Installed Java(TM) 6 Update 3
10: 2008-01-04 12:00:28 UTC - RP22 - Windows Update
9: 2007-12-31 11:32:28 UTC - RP21 - Scheduled Checkpoint


-- First Restore Point --
1: 2007-12-26 13:26:42 UTC - RP13 - Windows Update


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 446 MiB (1024 MiB recommended).


-- HijackThis Clone

---

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-06 19:40:18
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\s3trayp.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\System32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Dave\Documents\dss.exe
C:\Windows\System32\conime.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [BullGuard Install] "C:\Program Files\BullGuard Install\Install BullGuard.exe" en Medion
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Quest%202/Images/stg_drm.ocx
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Quest%202/Images/armhelper.ocx
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\system32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcy_device - Unknown owner - C:\Windows\System32\lxcycoms.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


--
End of file - 7946 bytes

-- File Associations

---

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>


-- Device Manager: Disabled

---

No disabled devices found.


-- Files created between 2007-12-06 and 2008-01-06

---

2008-01-06 13:40:05 0 d

---

C:\Users\All Users\Spybot - Search & Destroy
2008-01-06 13:02:28 0 d

---

C:\Users\All Users\Lavasoft
2008-01-06 13:02:28 0 d

---

C:\Program Files\Lavasoft
2008-01-06 12:59:57 0 d

---

C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 11:12:53 0 d-a

---

C:\Users\All Users\TEMP
2008-01-05 00:03:46 0 d

---

C:\Users\Dave\LimeWire Store Purchased <LIMEWI~3>
2008-01-05 00:03:46 0 d

---

C:\Users\Dave\LimeWire Shared <LIMEWI~2>
2008-01-05 00:03:46 0 d

---

C:\Users\Dave\LimeWire Saved <LIMEWI~1>
2008-01-05 00:03:20 0 d

---

C:\Users\Dave\Incomplete <INCOMP~1>
2008-01-05 00:01:41 0 d

---

C:\Program Files\Java
2008-01-05 00:00:45 0 d

---

C:\Program Files\Common Files\Java
2008-01-05 00:00:26 0 d

---

C:\Program Files\LimeWire
2008-01-03 13:53:43 0 d

---

C:\Program Files\Mah Jong Quest II
2008-01-03 13:53:10 0 d

---

C:\Program Files\ReflexiveArcade
2008-01-03 13:18:44 0 d

---

C:\Program Files\Common Files\xing shared
2008-01-03 13:18:15 0 d

---

C:\Program Files\Real
2008-01-03 13:18:10 0 d

---

C:\Program Files\Common Files\Real
2008-01-03 13:16:49 0 d

---

C:\Users\All Users\Google
2008-01-03 13:16:43 0 d

---

C:\Program Files\Google
2007-12-30 23:07:37 0 dr-h

---

C:\$VAULT$.AVG
2007-12-30 19:09:32 0 d

---

C:\Program Files\EA SPORTS
2007-12-26 14:31:33 0 d

---

C:\Program Files\lx_cats
2007-12-26 14:24:28 40960 --a

---

C:\Windows\system32\LXPRMON.DLL <Not Verified; ; Lexmark Fax Solutions Software>
2007-12-26 14:24:28 32768 --a

---

C:\Windows\system32\LXPMONUI.DLL <Not Verified; ; Lexmark Fax Solutions Software>
2007-12-26 14:24:08 12288 --a

---

C:\Windows\system32\LXPMONRC.DLL <Not Verified; Lexmark International, Inc.; Lexmark Fax Solutions Software Print Monitor>
2007-12-26 14:24:08 98345 --a

---

C:\Windows\system32\IMHOST32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2007-12-26 14:24:07 339968 --a

---

C:\Windows\system32\IMGMAN32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2007-12-26 14:24:06 0 d

---

C:\Users\All Users\FaxCtr
2007-12-26 14:23:33 0 d

---

C:\Program Files\Lexmark Fax Solutions
2007-12-26 14:22:54 0 d

---

C:\Program Files\Lexmark Toolbar
2007-12-26 14:22:52 0 d

---

C:\Program Files\Lexmark 3400 Series
2007-12-26 14:22:18 0 d

---

C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-12-26 14:22:03 233472 --a

---

C:\Windows\system32\lxcyinst.dll
2007-12-26 14:00:23 0 d

---

C:\Program Files\MSXML 4.0
2007-12-26 13:50:23 0 d

---

C:\Users\All Users\Grisoft
2007-12-26 13:50:23 0 d

---

C:\Users\All Users\avg7
2007-12-26 13:33:10 0 d--hs---- C:\$RECYCLE.BIN
2007-12-26 13:33:04 0 dr

---

C:\Users\Dave\Searches
2007-12-26 13:32:52 0 dr

---

C:\Users\Dave\Contacts
2007-12-26 13:32:42 0 d--hs---- C:\Users\Dave\Templates <TEMPLA~1>
2007-12-26 13:32:42 0 d--hs---- C:\Users\Dave\Start Menu <STARTM~1>
2007-12-26 13:32:42 0 d--hs---- C:\Users\Dave\SendTo
2007-12-26 13:32:42 0 d--hs---- C:\Users\Dave\Recent
2007-12-26 13:32:42 0 d--hs---- C:\Users\Dave\PrintHood <PRINTH~1>
2007-12-26 13:32:42 0 d--hs---- C:\Users\Dave\NetHood
2007-12-26 13:32:42 0 d--hs---- C:\Users\Dave\My Documents <MYDOCU~1>
2007-12-26 13:32:42 0 d--hs---- C:\Users\Dave\Local Settings <LOCALS~1>
2007-12-26 13:32:42 0 d--hs---- C:\Users\Dave\Cookies
2007-12-26 13:32:42 0 d--hs---- C:\Users\Dave\Application Data <APPLIC~1>
2007-12-26 13:32:41 0 dr

---

C:\Users\Dave\Videos
2007-12-26 13:32:41 0 dr

---

C:\Users\Dave\Saved Games <SAVEDG~1>
2007-12-26 13:32:41 0 dr

---

C:\Users\Dave\Pictures
2007-12-26 13:32:41 2883584 --ahs---- C:\Users\Dave\NTUSER.DAT
2007-12-26 13:32:41 0 dr

---

C:\Users\Dave\Music
2007-12-26 13:32:41 0 dr

---

C:\Users\Dave\Links
2007-12-26 13:32:41 0 dr

---

C:\Users\Dave\Favorites <FAVORI~1>
2007-12-26 13:32:41 0 dr

---

C:\Users\Dave\Downloads <DOWNLO~1>
2007-12-26 13:32:41 0 dr

---

C:\Users\Dave\Documents <DOCUME~1>
2007-12-26 13:32:41 0 dr

---

C:\Users\Dave\Desktop
2007-12-26 13:32:41 0 d--h

---

C:\Users\Dave\AppData
2007-12-26 13:17:17 0 d

---

C:\Windows\SoftwareDistribution
2007-12-26 13:13:25 0 d--hs---- C:\System Volume Information


-- Find3M Report

---

2008-01-06 12:59:57 0 d

---

C:\Program Files\Common Files
2008-01-06 12:46:30 0 d

---

C:\Users\Dave\AppData\Roaming\AVG7
2008-01-05 00:12:22 0 d

---

C:\Users\Dave\AppData\Roaming\LimeWire
2008-01-04 20:40:14 0 d

---

C:\Users\Dave\AppData\Roaming\SpinTop
2008-01-04 20:02:38 0 d

---

C:\Users\Dave\AppData\Roaming\iWin
2008-01-03 19:52:00 0 d

---

C:\Users\Dave\AppData\Roaming\Adobe
2008-01-03 13:23:31 0 d

---

C:\Users\Dave\AppData\Roaming\Google
2008-01-03 13:19:59 0 d

---

C:\Users\Dave\AppData\Roaming\Macromedia
2008-01-03 13:19:54 0 d

---

C:\Users\Dave\AppData\Roaming\Real
2007-12-30 13:36:44 0 d

---

C:\Users\Dave\AppData\Roaming\Template
2007-12-30 13:36:24 0 --a

---

C:\Users\Dave\AppData\Roaming\wklnhst.dat
2007-12-27 10:28:33 0 d

---

C:\Users\Dave\AppData\Roaming\FaxCtr
2007-12-26 14:10:22 0 d

---

C:\Program Files\Windows Mail
2007-12-26 13:32:55 0 d

---

C:\Users\Dave\AppData\Roaming\Identities


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [02/11/2006 12:33]
"RtHDVCpl"="RtHDVCpl.exe" [01/12/2006 13:37 C:\Windows\RtHDVCpl.exe]
"S3Trayp"="S3trayp.exe" [15/12/2006 14:04 C:\Windows\System32\s3trayp.exe]
"BullGuard Install"="C:\Program Files\BullGuard Install\Install BullGuard.exe" [08/01/2007 10:40]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 15:40]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [26/12/2007 13:50]
"lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [25/01/2006 16:02]
"EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [07/02/2006 05:10]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [02/02/2006 08:11]
"LXCYCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [01/12/2005 18:38]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/01/2008 13:18]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 12:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [03/01/2008 13:16]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 16:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 26/12/2007 13:50 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@=&quot;Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@=&quot;Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=&quot;Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@=&quot;IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@=&quot;SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@=&quot;SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts

---

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7822 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-01-06 19:41:28

---