1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AntiVirus help

Discussion in 'Windows - Virus and spyware problems' started by EMROY, Jun 10, 2007.

Page 3 of 3
  1. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    So can I have the logs? Are you waiting for a cookie? :)
     
    Fredil, Jun 17, 2007
    #41
  2. EMROY

    EMROY Member

    Joined:
    Jun 10, 2007
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    11
    my combofix scan

    ComboFix 07-06-13.3 - C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Desktop\ComboFix.exe
    "Owner" - 2007-06-17 20:35:39 - Service Pack 2 NTFS


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon
    C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon\domains.txt
    C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon\log.txt
    C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\crosof~1.net
    C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\curity~1
    C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\dobe~1
    C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\macromedia\Flash Player\#SharedObjects\C6NYSG3M\www.broadcaster.com
    C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\mbols~1
    C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\mcroso~1.net
    C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\racle~1
    C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\scurit~1
    C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\tsks~1
    C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\wnsxs~1
    C:\DOCUME~1\OWNER~1.HER\MYDOCU~1.\dobe~1
    C:\DOCUME~1\OWNER~1.HER\MYDOCU~1.\mcroso~1.net
    C:\DOCUME~1\OWNER~1.HER\MYDOCU~1.\pppatc~1
    C:\DOCUME~1\OWNER~1.HER\MYDOCU~1.\wnsxs~1
    C:\DOCUME~1\OWNER~1.HER\MYDOCU~1.\ystem~1
    C:\Program Files\asks~1
    C:\Program Files\Common Files\{3C61E~1
    C:\Program Files\Common Files\{FC61E~1
    C:\Program Files\Common Files\{FC61E~2
    C:\Program Files\Common Files\{FC61E~3
    C:\Program Files\Common Files\asembl~1
    C:\Program Files\Common Files\crosof~1
    C:\Program Files\Common Files\dobe~1
    C:\Program Files\Common Files\dobe~2
    C:\Program Files\Common Files\ecurit~1
    C:\Program Files\Common Files\icroso~1
    C:\Program Files\Common Files\icroso~1.net
    C:\Program Files\Common Files\mantec~1
    C:\Program Files\Common Files\mcroso~1
    C:\Program Files\Common Files\ppatch~1
    C:\Program Files\Common Files\racle~1
    C:\Program Files\Common Files\stem~1
    C:\Program Files\Common Files\stem32~1
    C:\Program Files\Common Files\wnsxs~1
    C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
    C:\Program Files\cowabanga
    C:\Program Files\crosof~1.net
    C:\Program Files\fnts~1
    C:\Program Files\icroso~1.net
    C:\Program Files\network monitor
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\outerinfo.ico
    C:\Program Files\outerinfo\Terms.rtf
    C:\Program Files\outerinfo\Thumbs.db
    C:\Program Files\pasystem
    C:\Program Files\pasystem\support.dat
    C:\Program Files\pasystem\Uninstall.exe
    C:\Program Files\ppatch~1
    C:\Program Files\racle~1
    C:\Program Files\racle~2
    C:\Program Files\scurit~1
    C:\Program Files\smbols~1
    C:\Program Files\stem~1
    C:\Program Files\wnsxs~1
    C:\Program Files\ymante~1
    C:\Program Files\ystem~1
    C:\Program Files\ystem3~1
    C:\WINDOWS\appatc~1
    C:\WINDOWS\cfg32.exe
    C:\WINDOWS\cfg32a.exe
    C:\WINDOWS\crosof~1.net
    C:\WINDOWS\cs_cache.ini
    C:\WINDOWS\dls0523pmw.exe
    C:\WINDOWS\mcroso~1.net
    C:\WINDOWS\ppatch~1
    C:\WINDOWS\pppatc~1
    C:\WINDOWS\racle~1
    C:\WINDOWS\racle~2
    C:\WINDOWS\rau001978.exe
    C:\WINDOWS\sembly~1
    C:\WINDOWS\ssembl~1
    C:\WINDOWS\sstem~1
    C:\WINDOWS\stem~1
    C:\WINDOWS\system32\asks~1
    C:\WINDOWS\system32\crosof~1.net
    C:\WINDOWS\system32\dobe~1
    C:\WINDOWS\system32\drivers\core.cache.dsk
    C:\WINDOWS\system32\drivers\core.sys
    C:\WINDOWS\system32\efwpxsyvctqj.dll
    C:\WINDOWS\system32\fcbjupqvvkvt.dll
    C:\WINDOWS\system32\fnts~1
    C:\WINDOWS\system32\icroso~1
    C:\WINDOWS\system32\mbols~1
    C:\WINDOWS\system32\pppatc~1
    C:\WINDOWS\system32\scurit~1
    C:\WINDOWS\system32\tsks~1
    C:\WINDOWS\system32\unsvchosts.lzma
    C:\WINDOWS\system32\ystem3~1
    C:\WINDOWS\wnsxs~1


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_CMDSERVICE
    -------\LEGACY_COM+_MESSAGES
    -------\LEGACY_CORE
    -------\LEGACY_NETWORK_MONITOR
    -------\LEGACY_NET_AGENT
    -------\COM+ Messages
    -------\core
    -------\Net Agent


    ((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))


    2007-06-17 20:23 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-17 20:11 <DIR> d-------- C:\Deckard
    2007-06-15 16:09 <DIR> d-------- C:\DOCUME~1\OWNER~1.HER\APPLIC~1\U3
    2007-06-12 11:25 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2007-06-10 22:09 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
    2007-06-09 22:26 <DIR> d-------- C:\Program Files\Lionhead Studios
    2007-06-07 22:53 <DIR> d-------- C:\Program Files\Lavasoft
    2007-06-07 22:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-06-07 22:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-06-07 21:49 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-06-07 21:49 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-06-07 21:49 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-06-07 21:49 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-06-07 21:49 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-06-07 21:49 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-06-07 21:49 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-06-07 16:56 <DIR> d-------- C:\DOCUME~1\OWNER~1.HER\APPLIC~1\Ultimate Fixer
    2007-06-07 16:52 <DIR> d-------- C:\WINDOWS\system32\bmgenkji
    2007-06-07 16:33 95,808 --a------ C:\bmgenkji3.exe
    2007-06-07 16:29 99,880 --a------ C:\bmgenkji1.exe
    2007-06-07 16:29 193,536 --a------ C:\WINDOWS\system32\scchk32.exe
    2007-06-07 16:29 122,372 --a------ C:\WINDOWS\system32\tmp421af.exe
    2007-06-07 16:29 100,952 --a------ C:\bmgenkji2.exe
    2007-06-07 16:29 10,752 --a------ C:\WINDOWS\system32\vadqtofc.exe
    2007-06-07 16:29 10,752 --a------ C:\iiwulumt.exe
    2007-06-06 22:23 <DIR> d-------- C:\DOCUME~1\OWNER~1.HER\APPLIC~1\EA
    2007-06-06 22:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EA
    2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
    2007-06-03 13:23 <DIR> d-------- C:\Program Files\Alltel Jump Music
    2007-06-03 12:49 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
    2007-06-03 12:49 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
    2007-06-03 12:49 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
    2007-06-03 12:49 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
    2007-06-03 12:49 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
    2007-06-03 12:49 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
    2007-06-03 12:49 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
    2007-06-03 12:49 <DIR> d-------- C:\Program Files\Free Audio Pack
    2007-06-03 12:36 <DIR> d-------- C:\Program Files\CD-DA X-Tractor
    2007-06-03 12:25 <DIR> d-------- C:\DOCUME~1\FELICI~1\APPLIC~1\AccurateRip
    2007-06-03 12:16 4,112,760 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
    2007-06-03 11:07 <DIR> d-------- C:\DOCUME~1\FELICI~1\APPLIC~1\U3
    2007-05-29 23:58 4,096 --a------ C:\WINDOWS\d3dx.dat
    2007-05-28 00:21 <DIR> d-------- C:\DOCUME~1\OWNER~1.HER\APPLIC~1\Angkor
    2007-05-26 00:26 <DIR> d-------- C:\DOCUME~1\OWNER~1.HER\APPLIC~1\FlowPlay
    2007-05-25 20:09 <DIR> d-------- C:\DOCUME~1\LITTLE~1\Contacts
    2007-05-17 17:07 <DIR> d-------- C:\DOCUME~1\OWNER~1.HER\APPLIC~1\Broderbund
    2007-05-17 10:57 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
    2007-05-17 10:57 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2007-05-17 10:57 <DIR> d-------- C:\Program Files\Alwil Software


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-15 21:37:00 -------- d-----w C:\DOCUME~1\OWNER~1.HER\APPLIC~1\OpenOffice.org2
    2007-06-10 03:49:09 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-06-10 03:26:28 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-08 02:30:35 -------- d-----w C:\Program Files\Yahoo! Games
    2007-06-05 05:24:49 -------- d-----w C:\DOCUME~1\OWNER~1.HER\APPLIC~1\iWin
    2007-05-25 20:26:02 -------- d-----w C:\Program Files\Web Publish
    2007-05-24 21:44:59 -------- d-----w C:\Program Files\GIMP-2.0
    2007-05-17 17:28:53 -------- d-----w C:\Program Files\Common Files\krwf
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-15 22:23:14 -------- d-----w C:\Program Files\psdriver
    2007-05-15 22:23:12 -------- d-----w C:\Program Files\psquery
    2007-05-15 05:18:02 -------- d-----w C:\DOCUME~1\OWNER~1.HER\APPLIC~1\7Wonders
    2007-05-13 15:29:59 -------- d-----w C:\Program Files\Common Files\Broderbund
    2007-05-13 15:06:11 -------- d-----w C:\Program Files\Broderbund
    2007-05-12 03:14:57 -------- d-----w C:\Program Files\?icrosoft.NET
    2007-05-09 03:35:16 -------- d-----w C:\DOCUME~1\OWNER~1.HER\APPLIC~1\PlayFirst
    2007-05-06 04:26:40 -------- d-----w C:\DOCUME~1\OWNER~1.HER\APPLIC~1\Runes of Avalon
    2007-05-03 07:28:32 -------- d-----w C:\DOCUME~1\OWNER~1.HER\APPLIC~1\Big Fish Games
    2007-05-01 21:17:38 -------- d-----w C:\Program Files\Hasbro Interactive
    2007-04-29 07:49:03 38 ----a-w C:\WINDOWS\popcinfot.dat
    2007-04-28 07:32:41 56 ---ha-w C:\WINDOWS\popcinfo.dat
    2007-04-28 03:48:44 0 ----a-w C:\WINDOWS\popcreg.dat
    2007-04-26 21:08:53 -------- d-----w C:\Program Files\Hewlett-Packard
    2007-04-26 20:08:25 -------- d-----w C:\Program Files\ArcSoft
    2007-04-26 20:05:47 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-23 02:08:14 -------- d-----w C:\DOCUME~1\OWNER~1.HER\APPLIC~1\gtk-2.0
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-18 03:18:16 -------- d-----w C:\DOCUME~1\OWNER~1.HER\APPLIC~1\Magic Academy
    2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-13 20:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-03-27 01:39:14 20,480 ----a-w C:\WINDOWS\system32\ac3config.exe
    2007-03-20 21:24:37 267 ----a-w C:\WINDOWS\PowerReg.dat
    2005-07-29 22:24:26 472 --sha-r C:\WINDOWS\bW9tcw\vq6QwT.vbs


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {14B2D544-61FC-1D0B-A74E-6FE339E5F3EF}=C:\WINDOWS\system32\vhspnop.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio"="cmicnfg.cpl" []
    "CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-09-19 11:18]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "SoundMan"="SOUNDMAN.EXE" [2004-12-22 04:09 C:\WINDOWS\SOUNDMAN.EXE]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 10:42]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-01-19 13:49]
    "Pbso"="C:\PROGRA~1\WNSXS~1\tracert.exe" []
    "Rnxybgf"="C:\Program Files\?ymantec\m?dtc.exe" []
    "Eati"="C:\WINDOWS\system32\YSTEM3~1\csrss.exe" []
    "Uuympxz"="C:\Program Files\s?curity\n?tepad.exe" []
    "PaSystem"="C:\Program Files\pasystem\pasystem.exe" []

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    AutoRun\command- F:\arun.exe


    Contents of the 'Scheduled Tasks' folder
    2007-06-13 15:00:00 C:\WINDOWS\tasks\Disk Cleanup.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-17 20:47:48
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-17 20:48:27 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-06-17 20:48

    --- E O F ---



    deckerds______________________
    Deckard's System Scanner v20070611.50
    Run by Owner on 2007-06-17 at 20:12:09
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Failed to create restore point; unknown error code 0x000005AA


    -- Last 5 Restore Point(s) --
    44: 2007-06-18 01:12:10 UTC - RP134 - Deckard's System Scanner Restore Point
    43: 2007-06-17 08:52:58 UTC - RP133 - System Checkpoint
    42: 2007-06-16 08:00:18 UTC - RP132 - Software Distribution Service 3.0
    41: 2007-06-15 16:47:28 UTC - RP131 - Software Distribution Service 3.0
    40: 2007-06-15 04:49:01 UTC - RP130 - Software Distribution Service 3.0


    -- First Restore Point --
    1: 2007-05-12 10:37:51 UTC - RP91 - System Checkpoint


    Backed up registry hives.

    Performed disk cleanup.


    -- HijackThis Clone ------------------------------------------------------------

    Emulating logfile of HijackThis v1.99.1
    Scan saved at 2007-06-17 20:14:21
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (6.0.2900.2180)

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\hphmon03.exe
    C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\vadqtofc.exe
    C:\WINDOWS\system32\scchk32.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\hphipm09.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Desktop\dss.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: (no name) - rsion - (no file)
    O2 - BHO: (no name) - XBJ - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {14B2D544-61FC-1D0B-A74E-6FE339E5F3EF} - C:\WINDOWS\system32\vhspnop.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - ¨¨2-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - ¨A8DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
    O2 - BHO: (no name) - èB78D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - ØØ2-2623-438e-9CA2-C9043AB28508} - (no file)
    O2 - BHO: (no name) - ØAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
    O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
    O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [vadqtofc.exe] C:\WINDOWS\system32\vadqtofc.exe
    O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Pbso] "C:\PROGRA~1\WNSXS~1\tracert.exe" -vt yazr
    O4 - HKCU\..\Run: [Rnxybgf] "C:\Program Files\?ymantec\m?dtc.exe" 99001275
    O4 - HKCU\..\Run: [Eati] "C:\WINDOWS\system32\YSTEM3~1\csrss.exe" -vt yazr
    O4 - HKCU\..\Run: [Uuympxz] C:\Program Files\s?curity\n?tepad.exe
    O4 - HKCU\..\Run: [PaSystem] "C:\Program Files\pasystem\pasystem.exe"
    O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?9fc4b03debec49969a0dc8a6bd159ef5
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?9fc4b03debec49969a0dc8a6bd159ef5
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171861015074
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O20 - Winlogon Notify: efwpxsyvctqj - C:\WINDOWS\system32\efwpxsyvctqj.dll
    O20 - Winlogon Notify: fcbjupqvvkvt - C:\WINDOWS\system32\fcbjupqvvkvt.dll
    O22 - SharedTaskScheduler: fcbjupqvvkvt - {42248C91-2117-477B-AC0E-C280556B1001} - C:\WINDOWS\system32\fcbjupqvvkvt.dll
    O22 - SharedTaskScheduler: efwpxsyvctqj - {3578CC4F-0E1F-445E-8072-E78435C71001} - C:\WINDOWS\system32\efwpxsyvctqj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
    O23 - Service: COM+ Messages - Unknown owner - "C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000213
    O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe


    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
    R0 sisperf (Add Performance Filter Driver) - c:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
    R1 core - c:\windows\system32\drivers\core.sys

    S3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\rtl8139.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>

    S2 COM+ Messages - "c:\windows\system32\svchosts.exe" -e te-110-12-0000213 (file missing)
    S2 Net Agent - c:\windows\dls0523pmw.exe


    -- Scheduled Tasks -------------------------------------------------------------

    2007-06-13 10:00:00 260 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job


    -- Files created between 2007-05-17 and 2007-06-17 -----------------------------

    2007-06-16 03:08:37 0 d-------- C:\WINDOWS\LastGood
    2007-06-15 16:09:20 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\U3
    2007-06-12 11:25:30 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2007-06-10 22:09:54 0 d-------- C:\WINDOWS\system32\ActiveScan
    2007-06-09 22:26:30 0 d-------- C:\Program Files\Lionhead Studios
    2007-06-07 22:53:55 0 d-------- C:\Program Files\Lavasoft
    2007-06-07 22:53:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-06-07 22:53:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-06-07 16:56:07 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\Ultimate Fixer
    2007-06-07 16:52:41 0 d-------- C:\WINDOWS\system32\bmgenkji
    2007-06-07 16:29:52 71168 --a------ C:\WINDOWS\system32\fcbjupqvvkvt.dll
    2007-06-07 16:29:52 71168 -rah----- C:\WINDOWS\system32\efwpxsyvctqj.dll
    2007-06-07 16:29:51 122372 --a------ C:\WINDOWS\system32\tmp421af.exe
    2007-06-07 16:29:49 193536 --a------ C:\WINDOWS\system32\scchk32.exe
    2007-06-07 16:29:49 2 --a------ C:\-60692086
    2007-06-07 16:29:44 10752 --a------ C:\WINDOWS\system32\vadqtofc.exe
    2007-06-07 16:29:44 10752 --a------ C:\iiwulumt.exe
    2007-06-06 22:23:02 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\EA
    2007-06-06 22:22:28 0 d-------- C:\Documents and Settings\All Users\Application Data\EA
    2007-06-04 15:18:48 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
    2007-06-04 15:17:02 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
    2007-06-04 15:14:56 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
    2007-06-03 13:23:40 0 d-------- C:\Program Files\Alltel Jump Music
    2007-06-03 12:49:17 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>
    2007-06-03 12:49:17 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
    2007-06-03 12:49:17 15360 --a------ C:\WINDOWS\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer>
    2007-06-03 12:49:16 21504 --a------ C:\WINDOWS\system32\TABCTFR.DLL <Not Verified; Microsoft Corporation; Bibliothèque d'objets TabCtl32>
    2007-06-03 12:49:16 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
    2007-06-03 12:49:16 59904 --a------ C:\WINDOWS\system32\Mscc2fr.dll <Not Verified; Microsoft Corporation; Bibliothèque d'objets de Microsoft Common Controls 2>
    2007-06-03 12:49:16 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
    2007-06-03 12:49:16 0 d-------- C:\Program Files\Free Audio Pack
    2007-06-03 12:36:24 0 d-------- C:\Program Files\CD-DA X-Tractor
    2007-06-03 12:25:46 0 d-------- C:\Documents and Settings\Felicia and Nathan\Application Data\AccurateRip
    2007-06-03 11:07:01 0 d-------- C:\Documents and Settings\Felicia and Nathan\Application Data\U3
    2007-05-29 23:58:40 4096 --a------ C:\WINDOWS\d3dx.dat
    2007-05-28 00:21:56 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\Angkor
    2007-05-26 00:26:33 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\FlowPlay
    2007-05-25 20:09:48 0 d-------- C:\Documents and Settings\Little_Lulu18\Contacts
    2007-05-19 20:40:18 0 d-------- C:\Documents and Settings\Felicia and Nathan\Application Data\Sun
    2007-05-17 17:07:00 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\Broderbund
    2007-05-17 10:57:21 0 d-------- C:\Program Files\Alwil Software


    -- Find3M Report ---------------------------------------------------------------

    2007-06-15 16:37:00 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\OpenOffice.org2
    2007-06-14 23:18:19 0 d-------- C:\Program Files\Common Files\Adobe
    2007-06-14 23:18:19 0 d-------- C:\Program Files\Common Files\?dobe
    2007-06-14 23:18:19 0 d-------- C:\Program Files\Common Files\?dobe
    2007-06-14 22:25:34 0 d-------- C:\Program Files\Common Files\??stem
    2007-06-09 22:26:28 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-06-07 22:13:45 0 d-------- C:\Program Files\pasystem
    2007-06-07 22:13:36 0 d-------- C:\Program Files\Outerinfo
    2007-06-07 21:30:35 0 d-------- C:\Program Files\Yahoo! Games
    2007-06-05 00:24:49 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\iWin
    2007-05-25 15:26:02 0 d-------- C:\Program Files\Web Publish
    2007-05-24 16:44:59 0 d-------- C:\Program Files\GIMP-2.0
    2007-05-23 20:04:18 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\Macromedia
    2007-05-17 12:35:36 0 d-------- C:\Program Files\W?nSxS
    2007-05-17 12:29:17 0 d-------- C:\Program Files\Common Files\{FC61E98A-072A-1033-0422-050311130001}
    2007-05-17 12:29:15 0 d-------- C:\Program Files\Common Files\{FC61E98A-0729-1033-0422-050311130001}
    2007-05-17 12:29:12 0 d-------- C:\Program Files\Common Files\{FC61E98A-0728-1033-0422-050311130001}
    2007-05-17 12:29:05 0 d-------- C:\Program Files\Common Files\{3C61E98A-0729-1033-0422-050311130001}
    2007-05-17 12:28:53 0 d-------- C:\Program Files\Common Files\krwf
    2007-05-16 15:03:29 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\M?crosoft.NET
    2007-05-16 15:03:29 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\??crosoft.NET
    2007-05-16 15:00:54 5632 --ahs---- C:\Program Files\Thumbs.db
    2007-05-16 05:21:25 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\W?nSxS
    2007-05-15 17:23:14 0 d-------- C:\Program Files\psdriver
    2007-05-15 17:23:12 0 d-------- C:\Program Files\psquery
    2007-05-15 00:18:02 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\7Wonders
    2007-05-13 10:29:59 0 d-------- C:\Program Files\Common Files\Broderbund
    2007-05-13 10:06:11 0 d-------- C:\Program Files\Broderbund
    2007-05-11 22:14:57 0 d-------- C:\Program Files\?icrosoft.NET
    2007-05-11 22:14:57 0 d-------- C:\Program Files\?icrosoft.NET
    2007-05-11 22:14:57 0 d-------- C:\Program Files\??crosoft.NET
    2007-05-10 22:11:46 0 d-------- C:\Program Files\Common Files\?racle
    2007-05-08 22:35:16 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\PlayFirst
    2007-05-06 20:05:29 0 d-------- C:\Program Files\Common Files\a?sembly
    2007-05-05 23:26:40 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\Runes of Avalon
    2007-05-05 20:28:44 0 d-------- C:\Program Files\Common Files\W?nSxS
    2007-05-03 02:28:32 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\Big Fish Games
    2007-05-01 18:29:36 0 d-------- C:\Program Files\Common Files\?icrosoft.NET
    2007-05-01 17:08:16 0 d-------- C:\Program Files\Network Monitor
    2007-05-01 17:07:11 0 d-------- C:\Program Files\Cowabanga
    2007-05-01 16:53:52 0 d-------- C:\Program Files\Java
    2007-05-01 16:17:38 0 d-------- C:\Program Files\Hasbro Interactive
    2007-04-29 02:49:03 38 --a------ C:\WINDOWS\popcinfot.dat
    2007-04-28 02:32:41 56 --ah----- C:\WINDOWS\popcinfo.dat
    2007-04-27 22:48:44 0 --a------ C:\WINDOWS\popcreg.dat
    2007-04-26 21:17:44 696320 --a------ C:\WINDOWS\cfg32a.exe <Not Verified; ; SCA Application>
    2007-04-26 21:17:38 1044480 --a------ C:\WINDOWS\cfg32.exe <Not Verified; ; SCA Application>
    2007-04-26 21:17:34 65536 --a------ C:\WINDOWS\dls0523pmw.exe
    2007-04-26 21:17:30 34816 --a------ C:\WINDOWS\rau001978.exe
    2007-04-26 16:08:53 0 d-------- C:\Program Files\Hewlett-Packard
    2007-04-26 15:08:25 0 d-------- C:\Program Files\ArcSoft
    2007-04-26 15:05:47 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
    2007-04-22 21:08:14 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\gtk-2.0
    2007-04-21 07:02:39 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\?racle
    2007-04-17 22:18:16 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\Magic Academy
    2007-04-17 20:56:40 0 d-------- C:\Program Files\?ystem32
    2007-04-17 18:24:45 0 d-------- C:\Program Files\Ares
    2007-04-13 15:19:52 7680 --a------ C:\WINDOWS\system32\lsdelete.exe
    2007-03-26 20:39:14 20480 --a------ C:\WINDOWS\system32\ac3config.exe
    2007-03-20 16:24:37 267 --a------ C:\WINDOWS\PowerReg.dat


    -- Registry Dump ---------------------------------------------------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {14B2D544-61FC-1D0B-A74E-6FE339E5F3EF} C:\WINDOWS\system32\vhspnop.dll [x]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "USRpdA"="C:\\WINDOWS\\SYSTEM32\\USRmlnkA.exe RunServices \\Device\\3cpipe-USRpdA"
    "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
    "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
    "HPHmon03"="C:\\WINDOWS\\System32\\hphmon03.exe"
    "CXMon"="\"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_Monitor.exe\""
    "SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
    "SoundMan"="SOUNDMAN.EXE"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "vadqtofc.exe"="C:\\WINDOWS\\system32\\vadqtofc.exe"
    "SC2"="C:\\WINDOWS\\system32\\scchk32.exe"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
    "Pbso"="\"C:\\PROGRA~1\\WNSXS~1\\tracert.exe\" -vt yazr"
    "Rnxybgf"="\"C:\\Program Files\\?ymantec\\m?dtc.exe\" 99001275"
    "Eati"="\"C:\\WINDOWS\\system32\\YSTEM3~1\\csrss.exe\" -vt yazr"
    "Uuympxz"="C:\\Program Files\\s?curity\\n?tepad.exe"
    "PaSystem"="\"C:\\Program Files\\pasystem\\pasystem.exe\""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
    "SWHelper"="\"C:\\WINDOWS\\system32\\Macromed\\Shockwave 10\\PostUpdate.exe\" 1014020"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{42248C91-2117-477B-AC0E-C280556B1001}"="fcbjupqvvkvt"
    "{3578CC4F-0E1F-445E-8072-E78435C71001}"="efwpxsyvctqj"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efwpxsyvctqj
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcbjupqvvkvt

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
    Shell\AutoRun\command F:\arun.exe


    -- End of Deckard's System Scanner: finished at 2007-06-17 at 20:15:17 ---------

    this one is extra i do not know if its needed or not here it is______
    Deckard's System Scanner v20070611.50
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Home Edition (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: AMD Athlon(tm) XP 2500+
    Percentage of Memory in Use: 82%
    Physical Memory (total/avail): 1023.48 MiB / 179.14 MiB
    Pagefile Memory (total/avail): 2462.24 MiB / 1722.52 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1966.93 MiB

    C: is Fixed (NTFS) - 19.53 GiB total, 2.7 GiB free.
    D: is Fixed (NTFS) - 54.99 GiB total, 53.94 GiB free.
    E: is CDROM (No Media)
    F: is CDROM (CDFS)
    G: is Fixed (NTFS) - 29.29 GiB total, 29.21 GiB free.
    H: is Fixed (NTFS) - 82.49 GiB total, 44.07 GiB free.
    I: is Removable (No Media)
    J: is Removable (No Media)


    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    FirstRunDisabled is set.

    AV: avast! antivirus 4.7.1001 [VPS 000749-2] v4.7.1001 (ALWIL Software)

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data
    CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=GREEN
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Owner.HERS-OWICU4TAEI
    LANG=C
    LOGONSERVER=\\GREEN
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0a00
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\OWNER~1.HER\LOCALS~1\Temp
    TMP=C:\DOCUME~1\OWNER~1.HER\LOCALS~1\Temp
    USERDOMAIN=GREEN
    USERNAME=Owner
    USERPROFILE=C:\Documents and Settings\Owner.HERS-OWICU4TAEI
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    Owner.HERS-OWICU4TAEI (admin)
    Felicia and Nathan (admin)
    Little_Lulu18 (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    -->
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Ad-Aware 2007 --> MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
    Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Alltel Jump Music 1.0.0 --> C:\Program Files\Alltel Jump Music\uninstall.exe
    ArcSoft PhotoFantasy --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\ArcSoft Software\PhotoFantasy\Uninst.isu"
    Ares 2.0.8 --> "C:\Program Files\Ares\uninstall.exe"
    ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
    Black & White® 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x9 -removeonly
    Broderbund Media Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26346FB6-4F69-453D-95CE-B6BA3A5382F8}\setup.exe" -l0x9 AddRem
    C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
    e-Sword --> MsiExec.exe /I{70222D61-ED5E-485A-8EBA-DDCFA2EE06FD}
    Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}
    Free Mp3 Wma Converter V 1.6.0 --> "C:\Program Files\Free Audio Pack\unins000.exe"
    GTK+ 2.10.6-1 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
    HijackThis 1.99.1 --> C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Desktop\HijackThis.exe /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    HP Photo Imaging Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll
    HP Photo Printing Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
    hp photosmart 1115 series --> rundll32 hpzcon04.dll,VendorJettison hp photosmart 1115 series
    hp photosmart printer series (Remove only) --> C:\Program Files\hp photosmart\printer\hphuni03.exe
    HP Precisionscan Pro 3.1 --> MsiExec.exe /I{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}
    HP Share-to-Web --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l9
    Intel(R) 536EP Modem --> rundll32 IntelSdi.dll,iSMUninstallation "Intel(R) 536EP Modem"
    IpWins --> C:\Program Files\Ipwindows\UnInstall.exe
    J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    Map Button (Windows Live Toolbar) --> MsiExec.exe /X{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
    Monopoly --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Monopoly\Uninst.isu"
    MovieShop --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F695596-85E6-4224-BC70-538F9036797A}\Setup.exe" -l0x9 /removeme/removeme
    Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mozilla Firefox (2.0.0.4) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
    MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
    OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{DF821FC5-C198-452B-A0D4-82433EFEAE9B}
    OpenOffice.org 2.1 --> MsiExec.exe /I{43983EB4-43DC-4C3D-9712-1EF592A31CA8}
    Operation --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Hasbro Interactive\Operation\DeIsL1.isu"
    Outerinfo --> "C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe"
    Outerinfo --> C:\Program Files\Outerinfo\OiUninstaller.exe
    Palm Desktop --> MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
    Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{117CD9C0-0F15-4633-93D7-F957B50535A5}
    Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
    QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
    Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
    Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
    Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
    SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
    SiSAGP driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9
    Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
    Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{1707BF02-0F5C-4A6C-8F17-053BB73E443F}
    The GIMP 2.2.14 --> "C:\Program Files\GIMP-2.0\unins000.exe"
    The Print Shop --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB26EA24-AE01-4C86-BEBC-424D5B81E66E}\setup.exe" -l0x9 anything
    Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
    Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
    Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
    Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
    Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
    Windows Live Toolbar --> MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
    Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
    Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe
    Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
    Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
    Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
    Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
    Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    Yahoo! Toolbar --> C:\Program Files\Yahoo!\Common\unyt.exe


    -- End of Deckard's System Scanner: finished at 2007-06-17 at 20:15:17 ---------



     
    Last edited: Jun 17, 2007
    EMROY, Jun 17, 2007
    #42
  3. EMROY

    EMROY Member

    Joined:
    Jun 10, 2007
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    11


     
    Last edited: Jun 19, 2007
    EMROY, Jun 17, 2007
    #43
  4. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    Please don't double-post.

    Thank you. I'll look at it later. What about Deckard's System Scanner and HijackThis logs?
     
    Fredil, Jun 17, 2007
    #44
  5. EMROY

    EMROY Member

    Joined:
    Jun 10, 2007
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    11
    How does it look? any problems
     
    EMROY, Jun 19, 2007
    #45
  6. EMROY

    EMROY Member

    Joined:
    Jun 10, 2007
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    11
    Please.............
     
    EMROY, Jun 21, 2007
    #46
Page 3 of 3

Share This Page