|
|
|
AntiVirus help
|
|
Member
|
14. June 2007 @ 14:01 |
Link to this message
|
|
Umm... what?
Geeks to Go - Trusted Helper
Please do not PM for help - please post on the forums.
|
|
Advertisement
|
|
|
|
|
EMROY
Junior Member
|
14. June 2007 @ 20:04 |
Link to this message
|
|
i booted in safe mode and hijack this still won't run.
|
AfterDawn Addict
1 product review
|
14. June 2007 @ 20:24 |
Link to this message
|
|
Did you rename it to something benign like "Cat" or "ABC"??
"Some people have no damn sense." - Nephilim, March 27 2007 @ 18:08 |
|
EMROY
Junior Member
|
14. June 2007 @ 20:46 |
Link to this message
|
i renamed it to "cant ho" and it still dosent work but i was just renameing it im not sure if that was what i was supposed to do or not.
but i did manage to get this. it runs for about half a seconed and i got a log file saved by opening it and hitting enter as fast as i can. i got HijackThis.log and here it is... i hope this is right
Logfile of HijackThis v1.98.2
Scan saved at 11:34:44 PM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\vadqtofc.exe
C:\WINDOWS\system32\scchk32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\mspaint.exe
C:\DOCUME~1\OWNER~1.HER\LOCALS~1\Temp\Rar$EX25.391\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - XB��J - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14B2D544-61FC-1D0B-A74E-6FE339E5F3EF} - C:\WINDOWS\system32\vhspnop.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - ¨���¨���2-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - ¨A��8DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
O2 - BHO: (no name) - èB��78D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - ������2-2623-438e-9CA2-C9043AB28508} - (no file)
O2 - BHO: (no name) - ØA��B4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vadqtofc.exe] C:\WINDOWS\system32\vadqtofc.exe
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Pbso] "C:\PROGRA~1\WNSXS~1\tracert.exe" -vt yazr
O4 - HKCU\..\Run: [Rnxybgf] "C:\Program Files\?ymantec\m?dtc.exe" 99001275
O4 - HKCU\..\Run: [Eati] "C:\WINDOWS\system32\YSTEM3~1\csrss.exe" -vt yazr
O4 - HKCU\..\Run: [Uuympxz] C:\Program Files\s?curity\n?tepad.exe
O4 - HKCU\..\Run: [PaSystem] "C:\Program Files\pasystem\pasystem.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?9fc4b03debec49969a0dc8a6bd159ef5
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?9fc4b03debec49969a0dc8a6bd159ef5
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1171861015074
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
|
Member
|
15. June 2007 @ 06:37 |
Link to this message
|
|
Yes, thank you for the log. I will take a look at it as soon as I get home from school, or possibly sooner, because I have nothing to do for the next 15 mins until I go home.
Good work on getting the logfile :)
Did you run Deckard's System Scanner?
Geeks to Go - Trusted Helper
Please do not PM for help - please post on the forums.
|
Member
|
15. June 2007 @ 06:49 |
Link to this message
|
I can't seem to find anything of great importance, so it's even more imperative that you get a log from Deckard's System Scanner.
Please download F-Secure BlackLight. It is a free trial and offers a stand-alone executable file (meaning it does not have to be installed). Please disconnect from the Internet, physically if possible before you do this step. Double-click on fsbl.exe to open the program. Accept the license agreement and other things that pop up. Do a scan; if hidden objects are found DO NOT rename them; just save the log for me to look at. If they are not, then, well, that's ruled out. When the scan is done and the logfile saved, you can reconnect your Internet.
Next, pay a visit to http://www.virustotal.com and submit a file. At the top of the page, there will be a "Browse" button. Click that button, and paste this text exactly as it appears into the window that appears:
C:\WINDOWS\system32\vadqtofc.exe
Click "Open", and then click the brownish-yellow "Send" button. You may have to wait a while because VirusTotal is a high-demand service for many users. Once the scan is finished, it will produce two tables. The table on top will show all the scans performed on it; the table on the bottom will show other information. Copy the entire table on top and paste it in your reply. Don't bother with the table formatting, it's just important that the text gets through.
Do all the above, including Deckard's System Scanner, and post all the logs that you get.
Geeks to Go - Trusted Helper
Please do not PM for help - please post on the forums.
|
|
EMROY
Junior Member
|
15. June 2007 @ 13:44 |
Link to this message
|
|
i did not run Deckard's System Scanner i used cant be hijacked
no hiddden files were found with "blacklight"
i did the virustotal scan and here are the results
Antivirus
Version
Update
Result
AhnLab-V3
2007.5.9.0
05.09.2007
no virus found
AntiVir
7.4.0.32
06.15.2007
HEUR/Malware
Authentium
4.93.8
06.15.2007
is a security risk or a "backdoor" program
Avast
4.7.997.0
06.15.2007
no virus found
Aditional Information
File size: 10752 bytes
MD5: 7109d0ea743a850fa91aef85efd7fcdc
SHA1: 1c6c7eb21dcc3df7e9bad4b98651af8be6ecb8dd
thank you for all the help
|
Member
|
15. June 2007 @ 13:48 |
Link to this message
|
|
You did not finish the VirusTotal scan. Leave it running for at least five minutes after it has started scanning as it will use 32 different antivirus programs.
Please do a Deckard's System Scanner scan.
Geeks to Go - Trusted Helper
Please do not PM for help - please post on the forums.
|
|
EMROY
Junior Member
|
15. June 2007 @ 16:56 |
Link to this message
|
|
The two tables came up i thought it was finished.
Where is a good site to download Deckerds?
|
Member
|
15. June 2007 @ 16:59 |
Link to this message
|
Originally posted by Fredil:
Using an older version of HijackThis is not a very good idea because it will "miss" things.
Please reboot into Safe Mode:
* Reboot your computer.
* When you hear your computer "beep" and display its information, keep tapping the F8 key. Some systems display an error if this is done too soon; if this happens then try again.
* The Advanced Options menu will display; select Safe Mode (not Safe Mode with Networking) withe the arrow keys and press Enter.
* Log in as you normally would.
* Try to run HijackThis v1.99.1 in Safe Mode and save a logfile. It will not be as detailed as the scan run in Normal Mode, but it will do.
* Reboot into Normal mode and post that logfile. It will be in wherever you saved HijackThis (for example, if HijackThis was in C:\HJT, the logfile would be at C:\HJT\hijackthis.log).
Next, please go here and download Deckard's System Scanner. Note: This program is meant for Windows 2000 and higher (including Vista) only! Save the file to your desktop, and double-click it to run it. Press "OK" and let the scanner do its work. It may appear to freeze or hang your computer; this is normal, so let the scanner do its work. It usually will not take too long. When the scan is finished, it shall make two logs for you - one will be called "main" and the other, "extra". "main" will be maximized and "extra" will be minimized. Post both logfiles (as in copy and paste) in a reply.
Finally, please download Combofix: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
and save to the desktop.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new HijackThis log.
Note:
Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
In your next reply:
* HijackThis v1.99.1 log in Safe Mode
* main.txt from Deckard's System Scanner
* extra.txt from Deckard's System Scanner
* Combofix logfile
Read all the first page! lol
Geeks to Go - Trusted Helper
Please do not PM for help - please post on the forums.
|
|
EMROY
Junior Member
|
16. June 2007 @ 11:40 |
Link to this message
|
|
sorry for missing that, i will do it when i get home
and thank you again
|
Member
|
16. June 2007 @ 12:43 |
Link to this message
|
|
No problem. I'll be waiting :)
Geeks to Go - Trusted Helper
Please do not PM for help - please post on the forums.
|
|
Thisman
Junior Member
|
16. June 2007 @ 22:50 |
Link to this message
|
|
jst a question Fredil. How old are u, and how do you know all this stuff?
Ur a big help around these forums, jst curious :]
|
Member
|
17. June 2007 @ 06:55 |
Link to this message
|
Hehehe. I'm thirteen, and I know this stuff mostly by Internet study. I'm also a freshman at the Geeks to Go University, but I must say, nothing is better than experience, and practice logs don't give you the satisfaction of helping real people :)
Geeks to Go - Trusted Helper
Please do not PM for help - please post on the forums.
|
|
EMROY
Junior Member
|
17. June 2007 @ 17:31 |
Link to this message
|
|
combofix will not run there was a error when I tried to run it.
**nevermind it worked after i restarted the computer
This message has been edited since posting. Last time this message was edited on 17. June 2007 @ 17:37
|
Member
|
17. June 2007 @ 17:40 |
Link to this message
|
|
So can I have the logs? Are you waiting for a cookie? :)
Geeks to Go - Trusted Helper
Please do not PM for help - please post on the forums.
|
|
EMROY
Junior Member
|
17. June 2007 @ 17:54 |
Link to this message
|
my combofix scan
ComboFix 07-06-13.3 - C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Desktop\ComboFix.exe
"Owner" - 2007-06-17 20:35:39 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon
C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon\domains.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon\log.txt
C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\crosof~1.net
C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\curity~1
C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\dobe~1
C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\macromedia\Flash Player\#SharedObjects\C6NYSG3M\www.broadcaster.com
C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\mbols~1
C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\mcroso~1.net
C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\racle~1
C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\scurit~1
C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\tsks~1
C:\DOCUME~1\OWNER~1.HER\APPLIC~1.\wnsxs~1
C:\DOCUME~1\OWNER~1.HER\MYDOCU~1.\dobe~1
C:\DOCUME~1\OWNER~1.HER\MYDOCU~1.\mcroso~1.net
C:\DOCUME~1\OWNER~1.HER\MYDOCU~1.\pppatc~1
C:\DOCUME~1\OWNER~1.HER\MYDOCU~1.\wnsxs~1
C:\DOCUME~1\OWNER~1.HER\MYDOCU~1.\ystem~1
C:\Program Files\asks~1
C:\Program Files\Common Files\{3C61E~1
C:\Program Files\Common Files\{FC61E~1
C:\Program Files\Common Files\{FC61E~2
C:\Program Files\Common Files\{FC61E~3
C:\Program Files\Common Files\asembl~1
C:\Program Files\Common Files\crosof~1
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\dobe~2
C:\Program Files\Common Files\ecurit~1
C:\Program Files\Common Files\icroso~1
C:\Program Files\Common Files\icroso~1.net
C:\Program Files\Common Files\mantec~1
C:\Program Files\Common Files\mcroso~1
C:\Program Files\Common Files\ppatch~1
C:\Program Files\Common Files\racle~1
C:\Program Files\Common Files\stem~1
C:\Program Files\Common Files\stem32~1
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\cowabanga
C:\Program Files\crosof~1.net
C:\Program Files\fnts~1
C:\Program Files\icroso~1.net
C:\Program Files\network monitor
C:\Program Files\outerinfo
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\outerinfo\Thumbs.db
C:\Program Files\pasystem
C:\Program Files\pasystem\support.dat
C:\Program Files\pasystem\Uninstall.exe
C:\Program Files\ppatch~1
C:\Program Files\racle~1
C:\Program Files\racle~2
C:\Program Files\scurit~1
C:\Program Files\smbols~1
C:\Program Files\stem~1
C:\Program Files\wnsxs~1
C:\Program Files\ymante~1
C:\Program Files\ystem~1
C:\Program Files\ystem3~1
C:\WINDOWS\appatc~1
C:\WINDOWS\cfg32.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\crosof~1.net
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\dls0523pmw.exe
C:\WINDOWS\mcroso~1.net
C:\WINDOWS\ppatch~1
C:\WINDOWS\pppatc~1
C:\WINDOWS\racle~1
C:\WINDOWS\racle~2
C:\WINDOWS\rau001978.exe
C:\WINDOWS\sembly~1
C:\WINDOWS\ssembl~1
C:\WINDOWS\sstem~1
C:\WINDOWS\stem~1
C:\WINDOWS\system32\asks~1
C:\WINDOWS\system32\crosof~1.net
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\efwpxsyvctqj.dll
C:\WINDOWS\system32\fcbjupqvvkvt.dll
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\icroso~1
C:\WINDOWS\system32\mbols~1
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\scurit~1
C:\WINDOWS\system32\tsks~1
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\ystem3~1
C:\WINDOWS\wnsxs~1
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CMDSERVICE
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NET_AGENT
-------\COM+ Messages
-------\core
-------\Net Agent
((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))
2007-06-17 20:23 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-17 20:11 <DIR> d-------- C:\Deckard
2007-06-15 16:09 <DIR> d-------- C:\DOCUME~1\OWNER~1.HER\APPLIC~1\U3
2007-06-12 11:25 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-06-10 22:09 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-09 22:26 <DIR> d-------- C:\Program Files\Lionhead Studios
2007-06-07 22:53 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-07 22:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-07 22:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-07 21:49 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-07 21:49 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-07 21:49 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-07 21:49 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-07 21:49 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-07 21:49 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-07 21:49 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-07 16:56 <DIR> d-------- C:\DOCUME~1\OWNER~1.HER\APPLIC~1\Ultimate Fixer
2007-06-07 16:52 <DIR> d-------- C:\WINDOWS\system32\bmgenkji
2007-06-07 16:33 95,808 --a------ C:\bmgenkji3.exe
2007-06-07 16:29 99,880 --a------ C:\bmgenkji1.exe
2007-06-07 16:29 193,536 --a------ C:\WINDOWS\system32\scchk32.exe
2007-06-07 16:29 122,372 --a------ C:\WINDOWS\system32\tmp421af.exe
2007-06-07 16:29 100,952 --a------ C:\bmgenkji2.exe
2007-06-07 16:29 10,752 --a------ C:\WINDOWS\system32\vadqtofc.exe
2007-06-07 16:29 10,752 --a------ C:\iiwulumt.exe
2007-06-06 22:23 <DIR> d-------- C:\DOCUME~1\OWNER~1.HER\APPLIC~1\EA
2007-06-06 22:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EA
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 13:23 <DIR> d-------- C:\Program Files\Alltel Jump Music
2007-06-03 12:49 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-06-03 12:49 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-06-03 12:49 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-06-03 12:49 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-06-03 12:49 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-06-03 12:49 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-06-03 12:49 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-06-03 12:49 <DIR> d-------- C:\Program Files\Free Audio Pack
2007-06-03 12:36 <DIR> d-------- C:\Program Files\CD-DA X-Tractor
2007-06-03 12:25 <DIR> d-------- C:\DOCUME~1\FELICI~1\APPLIC~1\AccurateRip
2007-06-03 12:16 4,112,760 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-06-03 11:07 <DIR> d-------- C:\DOCUME~1\FELICI~1\APPLIC~1\U3
2007-05-29 23:58 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-05-28 00:21 <DIR> d-------- C:\DOCUME~1\OWNER~1.HER\APPLIC~1\Angkor
2007-05-26 00:26 <DIR> d-------- C:\DOCUME~1\OWNER~1.HER\APPLIC~1\FlowPlay
2007-05-25 20:09 <DIR> d-------- C:\DOCUME~1\LITTLE~1\Contacts
2007-05-17 17:07 <DIR> d-------- C:\DOCUME~1\OWNER~1.HER\APPLIC~1\Broderbund
2007-05-17 10:57 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-05-17 10:57 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-05-17 10:57 <DIR> d-------- C:\Program Files\Alwil Software
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-15 21:37:00 -------- d-----w C:\DOCUME~1\OWNER~1.HER\APPLIC~1\OpenOffice.org2
2007-06-10 03:49:09 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-10 03:26:28 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-08 02:30:35 -------- d-----w C:\Program Files\Yahoo! Games
2007-06-05 05:24:49 -------- d-----w C:\DOCUME~1\OWNER~1.HER\APPLIC~1\iWin
2007-05-25 20:26:02 -------- d-----w C:\Program Files\Web Publish
2007-05-24 21:44:59 -------- d-----w C:\Program Files\GIMP-2.0
2007-05-17 17:28:53 -------- d-----w C:\Program Files\Common Files\krwf
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 22:23:14 -------- d-----w C:\Program Files\psdriver
2007-05-15 22:23:12 -------- d-----w C:\Program Files\psquery
2007-05-15 05:18:02 -------- d-----w C:\DOCUME~1\OWNER~1.HER\APPLIC~1\7Wonders
2007-05-13 15:29:59 -------- d-----w C:\Program Files\Common Files\Broderbund
2007-05-13 15:06:11 -------- d-----w C:\Program Files\Broderbund
2007-05-12 03:14:57 -------- d-----w C:\Program Files\?icrosoft.NET
2007-05-09 03:35:16 -------- d-----w C:\DOCUME~1\OWNER~1.HER\APPLIC~1\PlayFirst
2007-05-06 04:26:40 -------- d-----w C:\DOCUME~1\OWNER~1.HER\APPLIC~1\Runes of Avalon
2007-05-03 07:28:32 -------- d-----w C:\DOCUME~1\OWNER~1.HER\APPLIC~1\Big Fish Games
2007-05-01 21:17:38 -------- d-----w C:\Program Files\Hasbro Interactive
2007-04-29 07:49:03 38 ----a-w C:\WINDOWS\popcinfot.dat
2007-04-28 07:32:41 56 ---ha-w C:\WINDOWS\popcinfo.dat
2007-04-28 03:48:44 0 ----a-w C:\WINDOWS\popcreg.dat
2007-04-26 21:08:53 -------- d-----w C:\Program Files\Hewlett-Packard
2007-04-26 20:08:25 -------- d-----w C:\Program Files\ArcSoft
2007-04-26 20:05:47 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 02:08:14 -------- d-----w C:\DOCUME~1\OWNER~1.HER\APPLIC~1\gtk-2.0
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 03:18:16 -------- d-----w C:\DOCUME~1\OWNER~1.HER\APPLIC~1\Magic Academy
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 20:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-03-27 01:39:14 20,480 ----a-w C:\WINDOWS\system32\ac3config.exe
2007-03-20 21:24:37 267 ----a-w C:\WINDOWS\PowerReg.dat
2005-07-29 22:24:26 472 --sha-r C:\WINDOWS\bW9tcw\vq6QwT.vbs
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{14B2D544-61FC-1D0B-A74E-6FE339E5F3EF}=C:\WINDOWS\system32\vhspnop.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-09-19 11:18]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 04:09 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 10:42]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-01-19 13:49]
"Pbso"="C:\PROGRA~1\WNSXS~1\tracert.exe" []
"Rnxybgf"="C:\Program Files\?ymantec\m?dtc.exe" []
"Eati"="C:\WINDOWS\system32\YSTEM3~1\csrss.exe" []
"Uuympxz"="C:\Program Files\s?curity\n?tepad.exe" []
"PaSystem"="C:\Program Files\pasystem\pasystem.exe" []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\arun.exe
Contents of the 'Scheduled Tasks' folder
2007-06-13 15:00:00 C:\WINDOWS\tasks\Disk Cleanup.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-17 20:47:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-17 20:48:27 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-17 20:48
--- E O F ---
deckerds______________________
Deckard's System Scanner v20070611.50
Run by Owner on 2007-06-17 at 20:12:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Failed to create restore point; unknown error code 0x000005AA
-- Last 5 Restore Point(s) --
44: 2007-06-18 01:12:10 UTC - RP134 - Deckard's System Scanner Restore Point
43: 2007-06-17 08:52:58 UTC - RP133 - System Checkpoint
42: 2007-06-16 08:00:18 UTC - RP132 - Software Distribution Service 3.0
41: 2007-06-15 16:47:28 UTC - RP131 - Software Distribution Service 3.0
40: 2007-06-15 04:49:01 UTC - RP130 - Software Distribution Service 3.0
-- First Restore Point --
1: 2007-05-12 10:37:51 UTC - RP91 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-06-17 20:14:21
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.0.2900.2180)
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\vadqtofc.exe
C:\WINDOWS\system32\scchk32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hphipm09.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - XB��J - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14B2D544-61FC-1D0B-A74E-6FE339E5F3EF} - C:\WINDOWS\system32\vhspnop.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - ¨���¨���2-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - ¨A��8DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
O2 - BHO: (no name) - èB��78D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - ������2-2623-438e-9CA2-C9043AB28508} - (no file)
O2 - BHO: (no name) - ØA��B4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vadqtofc.exe] C:\WINDOWS\system32\vadqtofc.exe
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Pbso] "C:\PROGRA~1\WNSXS~1\tracert.exe" -vt yazr
O4 - HKCU\..\Run: [Rnxybgf] "C:\Program Files\?ymantec\m?dtc.exe" 99001275
O4 - HKCU\..\Run: [Eati] "C:\WINDOWS\system32\YSTEM3~1\csrss.exe" -vt yazr
O4 - HKCU\..\Run: [Uuympxz] C:\Program Files\s?curity\n?tepad.exe
O4 - HKCU\..\Run: [PaSystem] "C:\Program Files\pasystem\pasystem.exe"
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?9fc4b03debec49969a0dc8a6bd159ef5
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?9fc4b03debec49969a0dc8a6bd159ef5
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F...922/wmv9VCM.CAB
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/D...D0C/wmv9dmo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1171861015074
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: efwpxsyvctqj - C:\WINDOWS\system32\efwpxsyvctqj.dll
O20 - Winlogon Notify: fcbjupqvvkvt - C:\WINDOWS\system32\fcbjupqvvkvt.dll
O22 - SharedTaskScheduler: fcbjupqvvkvt - {42248C91-2117-477B-AC0E-C280556B1001} - C:\WINDOWS\system32\fcbjupqvvkvt.dll
O22 - SharedTaskScheduler: efwpxsyvctqj - {3578CC4F-0E1F-445E-8072-E78435C71001} - C:\WINDOWS\system32\efwpxsyvctqj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
O23 - Service: COM+ Messages - Unknown owner - "C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000213
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - c:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R1 core - c:\windows\system32\drivers\core.sys
S3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\rtl8139.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
S2 COM+ Messages - "c:\windows\system32\svchosts.exe" -e te-110-12-0000213 (file missing)
S2 Net Agent - c:\windows\dls0523pmw.exe
-- Scheduled Tasks -------------------------------------------------------------
2007-06-13 10:00:00 260 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job
-- Files created between 2007-05-17 and 2007-06-17 -----------------------------
2007-06-16 03:08:37 0 d-------- C:\WINDOWS\LastGood
2007-06-15 16:09:20 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\U3
2007-06-12 11:25:30 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-06-10 22:09:54 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-06-09 22:26:30 0 d-------- C:\Program Files\Lionhead Studios
2007-06-07 22:53:55 0 d-------- C:\Program Files\Lavasoft
2007-06-07 22:53:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-06-07 22:53:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-07 16:56:07 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\Ultimate Fixer
2007-06-07 16:52:41 0 d-------- C:\WINDOWS\system32\bmgenkji
2007-06-07 16:29:52 71168 --a------ C:\WINDOWS\system32\fcbjupqvvkvt.dll
2007-06-07 16:29:52 71168 -rah----- C:\WINDOWS\system32\efwpxsyvctqj.dll
2007-06-07 16:29:51 122372 --a------ C:\WINDOWS\system32\tmp421af.exe
2007-06-07 16:29:49 193536 --a------ C:\WINDOWS\system32\scchk32.exe
2007-06-07 16:29:49 2 --a------ C:\-60692086
2007-06-07 16:29:44 10752 --a------ C:\WINDOWS\system32\vadqtofc.exe
2007-06-07 16:29:44 10752 --a------ C:\iiwulumt.exe
2007-06-06 22:23:02 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\EA
2007-06-06 22:22:28 0 d-------- C:\Documents and Settings\All Users\Application Data\EA
2007-06-04 15:18:48 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
2007-06-04 15:17:02 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
2007-06-04 15:14:56 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
2007-06-03 13:23:40 0 d-------- C:\Program Files\Alltel Jump Music
2007-06-03 12:49:17 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>
2007-06-03 12:49:17 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2007-06-03 12:49:17 15360 --a------ C:\WINDOWS\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer>
2007-06-03 12:49:16 21504 --a------ C:\WINDOWS\system32\TABCTFR.DLL <Not Verified; Microsoft Corporation; Bibliothèque d'objets TabCtl32>
2007-06-03 12:49:16 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2007-06-03 12:49:16 59904 --a------ C:\WINDOWS\system32\Mscc2fr.dll <Not Verified; Microsoft Corporation; Bibliothèque d'objets de Microsoft Common Controls 2>
2007-06-03 12:49:16 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2007-06-03 12:49:16 0 d-------- C:\Program Files\Free Audio Pack
2007-06-03 12:36:24 0 d-------- C:\Program Files\CD-DA X-Tractor
2007-06-03 12:25:46 0 d-------- C:\Documents and Settings\Felicia and Nathan\Application Data\AccurateRip
2007-06-03 11:07:01 0 d-------- C:\Documents and Settings\Felicia and Nathan\Application Data\U3
2007-05-29 23:58:40 4096 --a------ C:\WINDOWS\d3dx.dat
2007-05-28 00:21:56 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\Angkor
2007-05-26 00:26:33 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\FlowPlay
2007-05-25 20:09:48 0 d-------- C:\Documents and Settings\Little_Lulu18\Contacts
2007-05-19 20:40:18 0 d-------- C:\Documents and Settings\Felicia and Nathan\Application Data\Sun
2007-05-17 17:07:00 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\Broderbund
2007-05-17 10:57:21 0 d-------- C:\Program Files\Alwil Software
-- Find3M Report ---------------------------------------------------------------
2007-06-15 16:37:00 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\OpenOffice.org2
2007-06-14 23:18:19 0 d-------- C:\Program Files\Common Files\Adobe
2007-06-14 23:18:19 0 d-------- C:\Program Files\Common Files\?dobe
2007-06-14 23:18:19 0 d-------- C:\Program Files\Common Files\?dobe
2007-06-14 22:25:34 0 d-------- C:\Program Files\Common Files\??stem
2007-06-09 22:26:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-07 22:13:45 0 d-------- C:\Program Files\pasystem
2007-06-07 22:13:36 0 d-------- C:\Program Files\Outerinfo
2007-06-07 21:30:35 0 d-------- C:\Program Files\Yahoo! Games
2007-06-05 00:24:49 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\iWin
2007-05-25 15:26:02 0 d-------- C:\Program Files\Web Publish
2007-05-24 16:44:59 0 d-------- C:\Program Files\GIMP-2.0
2007-05-23 20:04:18 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\Macromedia
2007-05-17 12:35:36 0 d-------- C:\Program Files\W?nSxS
2007-05-17 12:29:17 0 d-------- C:\Program Files\Common Files\{FC61E98A-072A-1033-0422-050311130001}
2007-05-17 12:29:15 0 d-------- C:\Program Files\Common Files\{FC61E98A-0729-1033-0422-050311130001}
2007-05-17 12:29:12 0 d-------- C:\Program Files\Common Files\{FC61E98A-0728-1033-0422-050311130001}
2007-05-17 12:29:05 0 d-------- C:\Program Files\Common Files\{3C61E98A-0729-1033-0422-050311130001}
2007-05-17 12:28:53 0 d-------- C:\Program Files\Common Files\krwf
2007-05-16 15:03:29 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\M?crosoft.NET
2007-05-16 15:03:29 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\??crosoft.NET
2007-05-16 15:00:54 5632 --ahs---- C:\Program Files\Thumbs.db
2007-05-16 05:21:25 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\W?nSxS
2007-05-15 17:23:14 0 d-------- C:\Program Files\psdriver
2007-05-15 17:23:12 0 d-------- C:\Program Files\psquery
2007-05-15 00:18:02 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\7Wonders
2007-05-13 10:29:59 0 d-------- C:\Program Files\Common Files\Broderbund
2007-05-13 10:06:11 0 d-------- C:\Program Files\Broderbund
2007-05-11 22:14:57 0 d-------- C:\Program Files\?icrosoft.NET
2007-05-11 22:14:57 0 d-------- C:\Program Files\?icrosoft.NET
2007-05-11 22:14:57 0 d-------- C:\Program Files\??crosoft.NET
2007-05-10 22:11:46 0 d-------- C:\Program Files\Common Files\?racle
2007-05-08 22:35:16 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\PlayFirst
2007-05-06 20:05:29 0 d-------- C:\Program Files\Common Files\a?sembly
2007-05-05 23:26:40 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\Runes of Avalon
2007-05-05 20:28:44 0 d-------- C:\Program Files\Common Files\W?nSxS
2007-05-03 02:28:32 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\Big Fish Games
2007-05-01 18:29:36 0 d-------- C:\Program Files\Common Files\?icrosoft.NET
2007-05-01 17:08:16 0 d-------- C:\Program Files\Network Monitor
2007-05-01 17:07:11 0 d-------- C:\Program Files\Cowabanga
2007-05-01 16:53:52 0 d-------- C:\Program Files\Java
2007-05-01 16:17:38 0 d-------- C:\Program Files\Hasbro Interactive
2007-04-29 02:49:03 38 --a------ C:\WINDOWS\popcinfot.dat
2007-04-28 02:32:41 56 --ah----- C:\WINDOWS\popcinfo.dat
2007-04-27 22:48:44 0 --a------ C:\WINDOWS\popcreg.dat
2007-04-26 21:17:44 696320 --a------ C:\WINDOWS\cfg32a.exe <Not Verified; ; SCA Application>
2007-04-26 21:17:38 1044480 --a------ C:\WINDOWS\cfg32.exe <Not Verified; ; SCA Application>
2007-04-26 21:17:34 65536 --a------ C:\WINDOWS\dls0523pmw.exe
2007-04-26 21:17:30 34816 --a------ C:\WINDOWS\rau001978.exe
2007-04-26 16:08:53 0 d-------- C:\Program Files\Hewlett-Packard
2007-04-26 15:08:25 0 d-------- C:\Program Files\ArcSoft
2007-04-26 15:05:47 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-04-22 21:08:14 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\gtk-2.0
2007-04-21 07:02:39 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\?racle
2007-04-17 22:18:16 0 d-------- C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data\Magic Academy
2007-04-17 20:56:40 0 d-------- C:\Program Files\?ystem32
2007-04-17 18:24:45 0 d-------- C:\Program Files\Ares
2007-04-13 15:19:52 7680 --a------ C:\WINDOWS\system32\lsdelete.exe
2007-03-26 20:39:14 20480 --a------ C:\WINDOWS\system32\ac3config.exe
2007-03-20 16:24:37 267 --a------ C:\WINDOWS\PowerReg.dat
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{14B2D544-61FC-1D0B-A74E-6FE339E5F3EF} C:\WINDOWS\system32\vhspnop.dll [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"USRpdA"="C:\\WINDOWS\\SYSTEM32\\USRmlnkA.exe RunServices \\Device\\3cpipe-USRpdA"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"HPHmon03"="C:\\WINDOWS\\System32\\hphmon03.exe"
"CXMon"="\"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_Monitor.exe\""
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"vadqtofc.exe"="C:\\WINDOWS\\system32\\vadqtofc.exe"
"SC2"="C:\\WINDOWS\\system32\\scchk32.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"Pbso"="\"C:\\PROGRA~1\\WNSXS~1\\tracert.exe\" -vt yazr"
"Rnxybgf"="\"C:\\Program Files\\?ymantec\\m?dtc.exe\" 99001275"
"Eati"="\"C:\\WINDOWS\\system32\\YSTEM3~1\\csrss.exe\" -vt yazr"
"Uuympxz"="C:\\Program Files\\s?curity\\n?tepad.exe"
"PaSystem"="\"C:\\Program Files\\pasystem\\pasystem.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SWHelper"="\"C:\\WINDOWS\\system32\\Macromed\\Shockwave 10\\PostUpdate.exe\" 1014020"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{42248C91-2117-477B-AC0E-C280556B1001}"="fcbjupqvvkvt"
"{3578CC4F-0E1F-445E-8072-E78435C71001}"="efwpxsyvctqj"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efwpxsyvctqj
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcbjupqvvkvt
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\arun.exe
-- End of Deckard's System Scanner: finished at 2007-06-17 at 20:15:17 ---------
this one is extra i do not know if its needed or not here it is______
Deckard's System Scanner v20070611.50
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) XP 2500+
Percentage of Memory in Use: 82%
Physical Memory (total/avail): 1023.48 MiB / 179.14 MiB
Pagefile Memory (total/avail): 2462.24 MiB / 1722.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1966.93 MiB
C: is Fixed (NTFS) - 19.53 GiB total, 2.7 GiB free.
D: is Fixed (NTFS) - 54.99 GiB total, 53.94 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is Fixed (NTFS) - 29.29 GiB total, 29.21 GiB free.
H: is Fixed (NTFS) - 82.49 GiB total, 44.07 GiB free.
I: is Removable (No Media)
J: is Removable (No Media)
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal firewall is enabled.
FirstRunDisabled is set.
AV: avast! antivirus 4.7.1001 [VPS 000749-2] v4.7.1001 (ALWIL Software)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GREEN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner.HERS-OWICU4TAEI
LANG=C
LOGONSERVER=\\GREEN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\OWNER~1.HER\LOCALS~1\Temp
TMP=C:\DOCUME~1\OWNER~1.HER\LOCALS~1\Temp
USERDOMAIN=GREEN
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner.HERS-OWICU4TAEI
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Owner.HERS-OWICU4TAEI (admin)
Felicia and Nathan (admin)
Little_Lulu18 (admin)
-- Add/Remove Programs ---------------------------------------------------------
-->
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Alltel Jump Music 1.0.0 --> C:\Program Files\Alltel Jump Music\uninstall.exe
ArcSoft PhotoFantasy --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\ArcSoft Software\PhotoFantasy\Uninst.isu"
Ares 2.0.8 --> "C:\Program Files\Ares\uninstall.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Black & White® 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x9 -removeonly
Broderbund Media Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26346FB6-4F69-453D-95CE-B6BA3A5382F8}\setup.exe" -l0x9 AddRem
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
e-Sword --> MsiExec.exe /I{70222D61-ED5E-485A-8EBA-DDCFA2EE06FD}
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}
Free Mp3 Wma Converter V 1.6.0 --> "C:\Program Files\Free Audio Pack\unins000.exe"
GTK+ 2.10.6-1 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
HijackThis 1.99.1 --> C:\Documents and Settings\Owner.HERS-OWICU4TAEI\Desktop\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Photo Imaging Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll
HP Photo Printing Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
hp photosmart 1115 series --> rundll32 hpzcon04.dll,VendorJettison hp photosmart 1115 series
hp photosmart printer series (Remove only) --> C:\Program Files\hp photosmart\printer\hphuni03.exe
HP Precisionscan Pro 3.1 --> MsiExec.exe /I{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}
HP Share-to-Web --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l9
Intel(R) 536EP Modem --> rundll32 IntelSdi.dll,iSMUninstallation "Intel(R) 536EP Modem"
IpWins --> C:\Program Files\Ipwindows\UnInstall.exe
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Monopoly --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Monopoly\Uninst.isu"
MovieShop --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F695596-85E6-4224-BC70-538F9036797A}\Setup.exe" -l0x9 /removeme/removeme
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.4) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{DF821FC5-C198-452B-A0D4-82433EFEAE9B}
OpenOffice.org 2.1 --> MsiExec.exe /I{43983EB4-43DC-4C3D-9712-1EF592A31CA8}
Operation --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Hasbro Interactive\Operation\DeIsL1.isu"
Outerinfo --> "C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe"
Outerinfo --> C:\Program Files\Outerinfo\OiUninstaller.exe
Palm Desktop --> MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{117CD9C0-0F15-4633-93D7-F957B50535A5}
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
SiSAGP driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{1707BF02-0F5C-4A6C-8F17-053BB73E443F}
The GIMP 2.2.14 --> "C:\Program Files\GIMP-2.0\unins000.exe"
The Print Shop --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB26EA24-AE01-4C86-BEBC-424D5B81E66E}\setup.exe" -l0x9 anything
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar --> MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XP codec Pack --> C:\Program Files\XP codec Pack\Uninstall.exe
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\Program Files\Yahoo!\Common\unyt.exe
-- End of Deckard's System Scanner: finished at 2007-06-17 at 20:15:17 ---------
This message has been edited since posting. Last time this message was edited on 17. June 2007 @ 18:46
|
|
EMROY
Junior Member
|
17. June 2007 @ 17:54 |
Link to this message
|
|
This message has been edited since posting. Last time this message was edited on 19. June 2007 @ 19:35
|
Member
|
17. June 2007 @ 17:56 |
Link to this message
|
Please don't double-post.
Thank you. I'll look at it later. What about Deckard's System Scanner and HijackThis logs?
Geeks to Go - Trusted Helper
Please do not PM for help - please post on the forums.
|
|
EMROY
Junior Member
|
19. June 2007 @ 19:37 |
Link to this message
|
|
How does it look? any problems
|
|
Advertisement
|
|
|
|
EMROY
Junior Member
|
21. June 2007 @ 14:36 |
Link to this message
|
|
Please.............
|
|
