 Worm, dont know how to remove |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 May 20 2008, 08:54 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 1 Joined: 20-May 08 Member No.: 210,147  |
i found a bunch of virus's and worms and dont know how to get rid of them KASPERSKY ONLINE SCANNER REPORT Tuesday, May 20, 2008 6:32:58 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 20/05/2008 Kaspersky Anti-Virus database records: 788663 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ E:\ F:\ Scan Statistics Total number of scanned objects 85526 Number of viruses found 23 Number of infected objects 42 Number of suspicious objects 0 Duration of the scan process 01:48:47 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\jason\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\yezzewve.default\cert8.db Object is locked skipped C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\yezzewve.default\formhistory.dat Object is locked skipped C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\yezzewve.default\history.dat Object is locked skipped C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\yezzewve.default\key3.db Object is locked skipped C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\yezzewve.default\parent.lock Object is locked skipped C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\yezzewve.default\search.sqlite Object is locked skipped C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\yezzewve.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\jason\Cookies\index.dat Object is locked skipped C:\Documents and Settings\jason\Desktop\Games\Warcraft III Reign of Chaos, The Frozen Throne + Update Patch War3TFT_121b_English +CD Key\CDKey\Warcraft III Reign Of Chaos Keygen.exe/data0000 Infected: Backdoor.Win32.Hupigon.bmoq skipped C:\Documents and Settings\jason\Desktop\Games\Warcraft III Reign of Chaos, The Frozen Throne + Update Patch War3TFT_121b_English +CD Key\CDKey\Warcraft III Reign Of Chaos Keygen.exe EmbeddedEXE: infected - 1 skipped C:\Documents and Settings\jason\Desktop\Games\Warcraft III Reign of Chaos, The Frozen Throne + Update Patch War3TFT_121b_English +CD Key\CDKey\Warcraft III Reign Of Chaos Keygen.exe ASPack: infected - 1 skipped C:\Documents and Settings\jason\Desktop\stuff\setups\Nero-8.3.2.1_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped C:\Documents and Settings\jason\Desktop\stuff\setups\Nero-8.3.2.1_eng_trial.exe 7-Zip: infected - 1 skipped C:\Documents and Settings\jason\Local Settings\Application Data\Microsoft\Messenger\crispyfriedpunk@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\jason\Local Settings\Application Data\Microsoft\Messenger\crispyfriedpunk@hotmail.com\SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\jason\Local Settings\Application Data\Microsoft\Messenger\crispyfriedpunk@hotmail.com\SharingMetadata\Working\database_F428_1946_2819_96E\dfsr.db Object is locked skipped C:\Documents and Settings\jason\Local Settings\Application Data\Microsoft\Messenger\crispyfriedpunk@hotmail.com\SharingMetadata\Working\database_F428_1946_2819_96E\fsr.log Object is locked skipped C:\Documents and Settings\jason\Local Settings\Application Data\Microsoft\Messenger\crispyfriedpunk@hotmail.com\SharingMetadata\Working\database_F428_1946_2819_96E\fsrtmp.log Object is locked skipped C:\Documents and Settings\jason\Local Settings\Application Data\Microsoft\Messenger\crispyfriedpunk@hotmail.com\SharingMetadata\Working\database_F428_1946_2819_96E\tmp.edb Object is locked skipped C:\Documents and Settings\jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\jason\Local Settings\Application Data\Microsoft\Windows Live Contacts\crispyfriedpunk@hotmail.com\real\members.stg Object is locked skipped C:\Documents and Settings\jason\Local Settings\Application Data\Microsoft\Windows Live Contacts\crispyfriedpunk@hotmail.com\shadow\members.stg Object is locked skipped C:\Documents and Settings\jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\yezzewve.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\yezzewve.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\yezzewve.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\yezzewve.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\yezzewve.default\XUL.mfl Object is locked skipped C:\Documents and Settings\jason\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\jason\Local Settings\Temp\jar_cache6887.tmp Infected: Trojan-Downloader.Win32.FraudLoad.lp skipped C:\Documents and Settings\jason\Local Settings\Temp\~DFB7D6.tmp Object is locked skipped C:\Documents and Settings\jason\Local Settings\Temp\~DFB7E8.tmp Object is locked skipped C:\Documents and Settings\jason\Local Settings\Temp\~DFC03D.tmp Object is locked skipped C:\Documents and Settings\jason\Local Settings\Temp\~DFC04F.tmp Object is locked skipped C:\Documents and Settings\jason\Local Settings\Temp\~DFE52B.tmp Object is locked skipped C:\Documents and Settings\jason\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\jason\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\jason\Local Settings\Temporary Internet Files\Content.IE5\S1C56I7M\Installer2[1].exe Infected: not-a-virus:FraudTool.Win32.Reanimator.a skipped C:\Documents and Settings\jason\My Documents\My Music\iTunes\iPod Games\dont mind us sweatshop union.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped C:\Documents and Settings\jason\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped C:\Documents and Settings\jason\NTUSER.DAT Object is locked skipped C:\Documents and Settings\jason\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\jason\Shared\rollercoaster rush.zip/setup.exe Infected: not-a-virus:AdWare.Win32.Sahat.cd skipped C:\Documents and Settings\jason\Shared\rollercoaster rush.zip ZIP: infected - 1 skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\jgkpt.exe Infected: Trojan-Downloader.Win32.Small.iwz skipped C:\mxuxc.exe Infected: Trojan-Clicker.Win32.Costrat.fj skipped C:\Program Files\3wPlayer\minime.exe Infected: Trojan.Win32.Obfuscated.aez skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\moved\winivstr.exe Infected: not-a-virus:FraudTool.Win32.Reanimator.a skipped C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped C:\Program Files\NinjaVideo\NinjaVideo Helper\output.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP380\A0050693.exe Infected: not-a-virus:FraudTool.Win32.WinZix.c skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP380\A0050740.dll Infected: not-a-virus:AdTool.Win32.Zango.u skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP380\A0050742.dll Infected: not-a-virus:AdWare.Win32.HotBar.ch skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP380\A0050745.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP380\A0050749.exe Infected: not-a-virus:AdWare.Win32.180Solutions.bp skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP393\A0051277.exe Infected: not-a-virus:AdTool.Win32.Zango.e skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP401\A0052582.dll Infected: not-a-virus:AdTool.Win32.Zango.u skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP401\A0052585.dll Infected: not-a-virus:AdWare.Win32.HotBar.ch skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP401\A0052590.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP401\A0052594.exe Infected: not-a-virus:AdWare.Win32.180Solutions.bp skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP401\A0052597.dll Infected: not-a-virus:AdTool.Win32.Zango.u skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP401\A0052608.dll Infected: not-a-virus:AdTool.Win32.Zango.e skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP407\A0053690.exe Infected: not-a-virus:AdTool.Win32.Zango.e skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP464\A0057092.exe/crack.exe Infected: Trojan.Win32.Monder.gen skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP464\A0057092.exe/keygen.exe Infected: Trojan-Downloader.Win32.Small.ury skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP464\A0057092.exe RAR: infected - 2 skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP464\A0057095.exe Infected: Trojan.Win32.Monder.gen skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP464\A0057947.exe Infected: not-a-virus:FraudTool.Win32.XPAntivirus.ci skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP490\A0063395.exe/file10 Infected: Trojan.Win32.Obfuscated.aez skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP490\A0063395.exe Inno: infected - 1 skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP497\A0064594.dll Infected: Trojan.Win32.BHO.ckq skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP497\A0064597.dll Infected: not-a-virus:AdWare.Win32.Agent.byw skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP497\A0064599.dll Infected: Trojan.Win32.BHO.chp skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP502\A0066558.exe Infected: not-a-virus:FraudTool.Win32.Reanimator.a skipped C:\System Volume Information\_restore{9D31B795-06E5-4AFD-9D56-AD6C081DE5CB}\RP505\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\braviax.exe Infected: not-virus:Hoax.Win32.Renos.bvl skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\iifdabXO.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mcg skipped C:\WINDOWS\system32\tuvWQijH.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mcg skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\yayATMGx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mcg skipped C:\WINDOWS\Temp\hsperfdata_SYSTEM\500 Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_770.dat Object is locked skipped C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Deckard's System Scanner v20071014.68 Run by jason on 2008-05-20 18:33:34 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 128: 2008-05-21 01:33:51 UTC - RP506 - Deckard's System Scanner Restore Point 127: 2008-05-19 23:20:24 UTC - RP505 - Restore Operation 126: 2008-05-18 17:32:23 UTC - RP504 - System Checkpoint 125: 2008-05-17 11:32:16 UTC - RP503 - System Checkpoint 124: 2008-05-16 10:00:19 UTC - RP502 - Software Distribution Service 3.0 -- First Restore Point -- 1: 2008-04-06 06:06:51 UTC - RP379 - System Checkpoint Backed up registry hives. Performed disk cleanup. Total Physical Memory: 511 MiB (512 MiB recommended). -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-05-20 18:41:39 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Program Files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\explorer.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\Documents and Settings\jason\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 132.239.17.226:3124 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [meal htm] C:\DOCUME~1\jason\APPLIC~1\ONLINE~1\Find Mfcd.exe O4 - HKUS\S-1-5-18\..\RunOnce: [POSTRBT] C:\Program Files\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [POSTRBT] C:\Program Files\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/mi...pGameLoader.dll O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{3919426F-6CA1-4988-897A-B69F1A522717}: NameServer = 4.2.2.2,4.2.2.3 O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll O20 - Winlogon Notify: yayWomKb - C:\WINDOWS\system32\yayWomKb.dll (file missing) O22 - SharedTaskScheduler: NetWrap for Windows - {C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} - (no file) O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! mail scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! web scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (livesrv) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NinjaVideo Helper (NinjaVideo Helper.exe) - NinjaVideo - C:\Program Files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: BitDefender Communicator (xcomm) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe O24 - Desktop Component 0: Untitled Document - http://www.infotecbusinesssystems.com/wildlife/default.asp -- End of file - 10287 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver> R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> S3 {fbe1d620-5418-4aae-a0f0-316d590663a1} - c:\windows\system32\{fbe1d620-5418-4aae-a0f0-316d590663a1} (file missing) S3 profos - c:\program files\common files\bitdefender\bitdefender threat scanner\profos.sys (file missing) S3 trufos - c:\program files\common files\bitdefender\bitdefender threat scanner\trufos.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R4 NinjaVideo Helper.exe (NinjaVideo Helper) - "c:\program files\ninjavideo\ninjavideo helper\ninjavideo helper.exe" <Not Verified; NinjaVideo; NinjaVideo Helper> S4 livesrv (BitDefender Desktop Update Service) - "c:\program files\common files\bitdefender\bitdefender update service\livesrv.exe" /service (file missing) S4 xcomm (BitDefender Communicator) - "c:\program files\common files\bitdefender\bitdefender communicator\xcommsvr.exe" /service (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Multimedia Video Controller Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_13EB0070&REV_11\4&1C660DD6&0&00F0 Manufacturer: Name: Multimedia Video Controller PNP Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_13EB0070&REV_11\4&1C660DD6&0&00F0 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Multimedia Controller Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_13EB0070&REV_11\4&1C660DD6&0&01F0 Manufacturer: Name: Multimedia Controller PNP Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_13EB0070&REV_11\4&1C660DD6&0&01F0 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: PCI Modem Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0 Manufacturer: Name: PCI Modem PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0 Service: -- Scheduled Tasks ------------------------------------------------------------- 2008-05-20 18:16:01 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job 2008-05-20 18:00:02 262 --ah----- C:\WINDOWS\Tasks\AB97A93591785CF5.job 2008-05-14 23:38:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-04-20 and 2008-05-20 ----------------------------- 2008-05-20 15:37:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-05-20 15:37:50 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-05-20 15:37:48 0 d-------- C:\WINDOWS\LastGood 2008-05-11 00:35:42 197120 --a------ C:\WINDOWS\patchw32.dll 2008-05-11 00:35:40 0 d-------- C:\Program Files\Common Files\PocketSoft 2008-05-10 17:59:28 19456 --a------ C:\WINDOWS\system32\braviax.exe 2008-05-10 17:48:26 0 d-------- C:\Documents and Settings\jason\Application Data\Atari 2008-05-10 17:48:16 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-05-10 17:42:35 0 d-------- C:\Program Files\Atari 2008-05-10 16:03:16 0 d-------- C:\Documents and Settings\jason\Application Data\.wyzo 2008-05-07 23:39:12 0 d-------- C:\WINDOWS\pss 2008-05-06 22:47:27 0 d-------- C:\Program Files\NinjaVideo 2008-05-06 22:28:59 0 d-------- C:\Program Files\Online Frag Audio 2008-05-06 22:28:34 0 d-------- C:\Program Files\3wPlayer 2008-04-27 15:13:07 0 d-------- C:\Program Files\iPod -- Find3M Report --------------------------------------------------------------- 2008-05-19 15:29:34 0 d-------- C:\Documents and Settings\jason\Application Data\Azureus 2008-05-18 20:31:55 0 d-------- C:\Program Files\Warcraft III 2008-05-15 00:19:31 0 d-------- C:\Program Files\Soulseek 2008-05-12 23:01:31 0 d-------- C:\Documents and Settings\jason\Application Data\Adobe 2008-05-11 00:35:40 0 d-------- C:\Program Files\Common Files 2008-05-11 00:28:11 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-07 21:24:47 0 d-------- C:\Program Files\DesktopEarth 2008-05-07 16:46:14 0 d-------- C:\Program Files\Windows Live Safety Center 2008-05-06 22:38:12 0 d-------- C:\Program Files\DivX 2008-05-06 22:30:22 0 d-------- C:\Documents and Settings\jason\Application Data\Online Frag Audio 2008-05-02 16:23:26 0 d-------- C:\Program Files\Apple Software Update 2008-04-27 22:56:37 0 d-------- C:\Documents and Settings\jason\Application Data\dvdcss 2008-04-27 15:13:28 0 d-------- C:\Program Files\iTunes 2008-04-27 15:11:04 0 d-------- C:\Program Files\QuickTime 2008-04-18 21:22:19 75971 --a------ C:\WINDOWS\War3Unin.dat 2008-04-18 21:21:01 2829 --a------ C:\WINDOWS\War3Unin.pif 2008-04-18 21:21:01 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller> 2008-04-06 23:24:31 0 d-------- C:\Documents and Settings\jason\Application Data\BitDefender 2008-04-06 21:47:01 0 --a------ C:\WINDOWS\system32\(null)id 2008-04-06 20:48:05 48456 --a------ C:\WINDOWS\system32\UninstallElectricSheep.exe 2008-04-06 19:28:09 0 d-------- C:\Program Files\FrostWire 2008-04-06 18:51:43 0 d-------- C:\Program Files\InterActual 2008-04-06 18:49:00 0 d-------- C:\Program Files\BitDefender 2008-04-06 18:47:23 0 d-------- C:\Program Files\DivoCodec 2008-04-06 17:18:09 0 d-------- C:\Program Files\Alwil Software 2008-04-06 17:17:20 8946 --ahs---- C:\WINDOWS\system32\feKmmnnn.ini2 2008-04-06 17:09:29 0 d-------- C:\Program Files\a-squared Free 2008-04-05 23:23:59 81984 --a------ C:\WINDOWS\system32\bdod.bin 2008-04-05 23:03:45 2 --a------ C:\672729454 2008-04-05 23:03:22 0 --------- C:\WINDOWS\system32\tuvWQijH.dll 2008-04-05 23:03:21 0 --------- C:\WINDOWS\system32\yayATMGx.dll 2008-04-05 23:03:21 6656 --a------ C:\jgkpt.exe 2008-04-05 23:02:55 58880 --a------ C:\mxuxc.exe 2008-04-05 23:01:51 0 --------- C:\WINDOWS\system32\iifdabXO.dll 2008-03-24 22:15:58 0 d-------- C:\Program Files\Java 2008-03-23 10:37:15 0 d-------- C:\Documents and Settings\jason\Application Data\FrostWire 2008-03-22 22:23:18 0 d-------- C:\Documents and Settings\jason\Application Data\Real 2008-03-08 18:51:55 4421 --a------ C:\WINDOWS\mozver.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 10:43 AM] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM] "AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [08/08/2007 03:53 PM] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 11:37 AM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 12:56 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM] "meal htm"="C:\DOCUME~1\jason\APPLIC~1\ONLINE~1\Find Mfcd.exe" [05/06/2008 10:28 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "POSTRBT"=C:\Program Files\Norton AntiVirus\Navw32.exe /REMEDIATE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFolderOptions"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{C5AF49A2-94F3-42BD-F434-2604812C897D}"= C:\WINDOWS\system32\jfiehayd.dll [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}"= C:\WINDOWS\system32\yayWomKb.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayWomKb] yayWomKb.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnmmKef [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jason^Start Menu^Programs^Startup^DesktopEarth AutoStart.lnk] path=C:\Documents and Settings\jason\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk backup=C:\WINDOWS\pss\DesktopEarth AutoStart.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax] C:\WINDOWS\system32\braviax.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e©ùýùüûïÊóÎéøøíøôÇÊýáñûÍÞó] C:\Program Files\XP Antivirus\xpa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05] C:\WINDOWS\system32\hphmon05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jdgf894jrghoiiskd] C:\DOCUME~1\jason\LOCALS~1\Temp\winlogan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jnskdfmf9eldfd] C:\DOCUME~1\jason\LOCALS~1\Temp\csrssc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Love default global mess] C:\Documents and Settings\All Users\Application Data\great coal love default\Meow exit.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\meal htm] C:\DOCUME~1\jason\APPLIC~1\ONLINE~1\Find Mfcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper] Rundll32 P17.dll,P17Helper [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize2 Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WintelUpdate] C:\flciijjq.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "xcomm"=2 (0x2) "scan"=3 (0x3) "NinjaVideo Helper.exe"=2 (0x2) "livesrv"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx scan [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] AutoRun\command- G:\autoplay.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] AutoRun\command- H:\AutoRunLauncher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b374f62-c959-11dc-9534-0011112a3fdf}] AutoRun\command- H:\AUTORUN.EXE -- Hosts ----------------------------------------------------------------------- 127.0.0.1 bin.errorprotector.com ## added by CiD 127.0.0.1 br.errorsafe.com ## added by CiD 127.0.0.1 br.winantivirus.com ## added by CiD 127.0.0.1 br.winfixer.com ## added by CiD 127.0.0.1 cdn.drivecleaner.com ## added by CiD 127.0.0.1 cdn.errorsafe.com ## added by CiD 127.0.0.1 cdn.winsoftware.com ## added by CiD 127.0.0.1 de.errorsafe.com ## added by CiD 127.0.0.1 de.winantivirus.com ## added by CiD 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD 60 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-05-20 18:42:52 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Pentium® 4 CPU 2.80GHz CPU 1: Intel® Pentium® 4 CPU 2.80GHz Percentage of Memory in Use: 57% Physical Memory (total/avail): 510.98 MiB / 217.18 MiB Pagefile Memory (total/avail): 1249.32 MiB / 676.2 MiB Virtual Memory (total/avail): 2047.88 MiB / 1935.39 MiB A: is Removable (Unformatted) C: is Fixed (NTFS) - 148.99 GiB total, 22.3 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) \\.\PHYSICALDRIVE0 - ST3160023AS - 149.05 GiB - 2 partitions \PARTITION0 - Unknown - 47.03 MiB \PARTITION1 (bootable) - Installable File System - 148.99 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AntiVirusDisableNotify is set. FirewallDisableNotify is set. UpdatesDisableNotify is set. AV: avast! antivirus 4.8.1169 [VPS 080520-1] v4.8.1169 (ALWIL Software) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Microsoft Games\\Age of Empires II Trial\\EMPIRES2.EXE"="C:\\Program Files\\Microsoft Games\\Age of Empires II Trial\\EMPIRES2.EXE:*:Disabled:Age of Empires II" "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" "C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\jason\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=JASON-Z0GJM62XN ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\jason LOGONSERVER=\\JASON-Z0GJM62XN NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\Mozilla Firefox\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0304 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\jason\LOCALS~1\Temp TMP=C:\DOCUME~1\jason\LOCALS~1\Temp USERDOMAIN=JASON-Z0GJM62XN USERNAME=jason USERPROFILE=C:\Documents and Settings\jason windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- jason (admin) Guest (new local, guest) -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\Creative\Sound Blaster Live! 24-bit\Program\Ctzapxx.EXE" /X /U /S --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf "AbiWord 2.4.2 (remove only)" --> "C:\Program Files\AbiSuite2\UninstallAbiWord2.exe" 3wPlayer version 1.9.0.0 --> "C:\Program Files\3wPlayer\unins000.exe" Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002} Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Azureus --> C:\Program Files\Azureus\Uninstall.exe CiD Help --> C:\DOCUME~1\jason\APPLIC~1\ONLINE~1\Find Mfcd.exe -uninstall Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe" DesktopEarth --> MsiExec.exe /I{D87176E9-ECD0-48C6-8E8B-B0054781DFB4} DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN ElectricSheep 2.6.6 --> C:\WINDOWS\system32\UninstallElectricSheep.exe Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" Half-Life --> C:\Sierra\HALF-L~1\UNWISE.EXE C:\Sierra\HALF-L~1\INSTALL.LOG HighGrow --> C:\PROGRA~1\HighGrow\UNGROW.EXE C:\PROGRA~1\HighGrow\INSTALL.LOG Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF} HP Memories Disc --> MsiExec.exe /X{D35191B3-F340-4C11-A4E0-8B09477B4302} HP Software Update --> MsiExec.exe /X{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12} Intel® PRO Network Adapters and Drivers --> Prounstl.exe iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B} J2SE Development Kit 5.0 Update 4 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150040} J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030} J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} JCreator LE 3.50 --> "C:\Program Files\Xinox Software\JCreatorV3LE\unins000.exe" Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe LEGO Star Wars II --> C:\Program Files\InstallShield Installation Information\{4E074808-1B86-4230-A9EB-0904942EC4AE}\setup.exe -runfromtemp -l0x0409 LiveUpdate 2.7 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Luxor (remove only) --> "C:\Program Files\MumboJumbo\Luxor\uninstall.exe" Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Magic DVD Ripper V5.2.1 --> "C:\Program Files\MagicDVDRipper\unins000.exe" Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA} Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8} Monopoly Here & Now --> "C:\WINDOWS\Monopoly Here & Now Edition\uninstall.exe" "/U:C:\Program Files\KaPi_Monopoly \Uninstall\uninstall.xml" Monopoly Here & Now Edition --> C:\PROGRA~1\AOLGAM~1\MONOPO~1\UNWISE.EXE /U C:\PROGRA~1\AOLGAM~1\MONOPO~1\INSTALL.LOG Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13} NinjaVideo Helper --> MsiExec.exe /X{9C9785F3-26E3-4731-AD37-65044AE0A129} NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nvdd.inf Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\setup\hpzscr01.exe -datfile hphscr01.dat PowerISO --> "C:\Program Files\PowerISO\uninstall.exe" Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727} QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 RollerCoaster Tycoon® 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9 Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D} SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe" Sound Blaster Live! 24-bit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB481CC-F57C-4397-81A0-DADD22257047}\SETUP.EXE" -l0x9 Starcraft --> C:\WINDOWS\scunin.exe C:\WINDOWS\scunin.dat VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409 Videora iPod Converter 3.06 --> C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat WeatherEye --> "C:\Program Files\TheWeatherNetwork\WeatherEye\MMTWNLiveUpdate.exe" /language ENGLISH /uninstall HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WeatherEye,HKEY_CURRENT_USER\Software\MMTWN\WeatherEye WhiteCap --> C:\Program Files\SoundSpectrum\WhiteCap\Uninstall.exe WinAce Archiver --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66} Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C} Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D} Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397} -- Application Event Log ------------------------------------------------------- Event Record #/Type3923 / Error Event Submitted/Written: 05/20/2008 04:05:54 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application winace.exe, version 2.6.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type3911 / Success Event Submitted/Written: 05/20/2008 00:32:06 AM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type3906 / Error Event Submitted/Written: 05/19/2008 11:27:50 PM Event ID/Source: 8193 / VSS Event Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. Event Record #/Type3905 / Error Event Submitted/Written: 05/19/2008 11:27:50 PM Event ID/Source: 4609 / EventSystem Event Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error. Event Record #/Type3872 / Warning Event Submitted/Written: 05/19/2008 03:57:29 PM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type15647 / Warning Event Submitted/Written: 05/20/2008 04:05:37 PM Event ID/Source: 51 / Cdrom Event Description: An error was detected on device \Device\CdRom0 during a paging operation. Event Record #/Type15646 / Warning Event Submitted/Written: 05/20/2008 04:05:27 PM Event ID/Source: 51 / Cdrom Event Description: An error was detected on device \Device\CdRom0 during a paging operation. Event Record #/Type15645 / Warning Event Submitted/Written: 05/20/2008 04:05:26 PM Event ID/Source: 51 / Cdrom Event Description: An error was detected on device \Device\CdRom0 during a paging operation. Event Record #/Type15644 / Error Event Submitted/Written: 05/20/2008 04:05:25 PM Event ID/Source: 7 / Cdrom Event Description: The device, \Device\CdRom0, has a bad block. Event Record #/Type15643 / Error Event Submitted/Written: 05/20/2008 04:05:17 PM Event ID/Source: 7 / Cdrom Event Description: The device, \Device\CdRom0, has a bad block. -- End of Deckard's System Scanner: finished at 2008-05-20 18:42:52 ------------ |
 |
 
|
|
Jun 17 2008, 02:53 PM
Post
#2
|
|
 'r Brudiwr Group: HJT Team Posts: 2,442 Joined: 10-April 05 From: South Wales, Great Britain Member No.: 16,608 |
Hi bergerk_420
Sorry for the delay in answering your post. If you still need help could you please post back a new Hjt log.... things change so quickly and we need to see what's happening now. Thanks Starbuck -------------------- W2k/WinXp/Vista. Celeron® 2.66Ghz, 1.5Gb Ram, 80 + 160 Gb HD's. GeForce Fx5500 256mb G Card, 2x17"monitors.
Member of:  &  |
|
|
|
|
Jul 5 2008, 05:49 PM
Post
#3
|
|
|
'r Brudiwr Group: HJT Team Posts: 2,442 Joined: 10-April 05 From: South Wales, Great Britain Member No.: 16,608 |
Due to the lack of feedback, this Topic will now be closed.
If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- W2k/WinXp/Vista. Celeron® 2.66Ghz, 1.5Gb Ram, 80 + 160 Gb HD's. GeForce Fx5500 256mb G Card, 2x17"monitors.
Member of: & |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 11th October 2008 - 08:23 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.