Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Frequent System Crashes [CLOSED]

Started by CSPBATMAN , Feb 10 2008 05:25 PM

  • This topic is locked This topic is locked

#1
CSPBATMAN
Posted 10 February 2008 - 05:25 PM

CSPBATMAN

    Member

  • Member
  • PipPip
  • 64 posts
Well, my system used to run fine, now its just been crashing alot. It started like last week, now I'm just fed up with trying to solve it with programs, so I'm posting here.
I'm running NOD32 anti virus system fully updated, so I'm still a little be confused how this happened. I ran AVG, spybot sd and various other programs that I have on my computer. Here is my hjt log.

Logfile of HijackThis v1.99.1
Scan saved at 6:19:37 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Clipomatic\Clipomatic.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Program Files\Flashnote\FlashNote.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
O1 - Hosts: 70.84.125.244 l2authd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Clipomatic] C:\Program Files\Clipomatic\Clipomatic.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Startup: Flashnote.lnk = C:\Program Files\Flashnote\FlashNote.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Shortcut to hotkey.ahk.lnk = C:\Documents and Settings\Administrator\Desktop\less commonly used\computer tweaking\hotkey.ahk.ahk
O4 - Global Startup: NOD32 Control Center.lnk = C:\Program Files\ESET\nod32kui.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.2.1.87.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1144009334609
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: LMIinit - LMIinit.dll (file missing)
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: IIS Admin (IISADMIN) - Unknown owner - (no file)
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PAOGWRNH - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\PAOGWRNH.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Heres my uninstall list:
7-Zip 4.45 beta
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Anti-Keylogger Elite Version 3.3.3
AutoCAD 2008 - English
AVG Anti-Spyware 7.5
CCleaner (remove only)
Chinese (Traditional) Language Support
Clipomatic
Command & Conquer 3
ConvertXtoDVD 2.1.12.214
CrossLoop 1.2
dBpoweramp Music Converter
dBpoweramp Windows Media Audio 10 Codec
dBpowerAMP Windows Media Audio 9 Codec
DivX Web Player
Dragon NaturallySpeaking 9
FlashFXP v3
FlashGet 1.9.0.1012
Foxit PDF Editor
Free Music Zilla
Freez FLV to MP3 Converter
FrostWire 4.13.2.0
GMail Drive Shell Extension
GoldWave v5.20
GTA San Andreas
GUI StudioMDL 1.0
Half-Life editing 0.9b
Hamachi 1.0.1.5
HijackThis 1.99.1
HLSW v1.2.0
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Huffyuv AVI lossless video codec (Remove Only)
iCD CoolBeLa3
IrfanView (remove only)
Java™ 6 Update 2
K-Lite Mega Codec Pack 1.53
Logitech QuickCam Software
Logitech® Camera Driver
Macro Express 3
MapleStory
MediaCoder PSP Edition 0.6.0
Messenger Plus! Live
Microsoft .NET Framework 2.0
Microsoft Halo Custom Edition
Microsoft Office Enterprise 2007
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
MiraScan V4.03
Mozilla Firefox (2.0.0.12)
Mp3tag v2.39
NOD32 antivirus system
Notepad++
O&O Defrag Professional Edition
PacSteamT
Panda ActiveScan
PeerGuardian 2.0
Portal
PowerDVD
PSP ISO Compressor
QuickSFV (Remove only)
ReadPlease 2003/ReadPlease PLUS 2003
Recuva (remove only)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Starcraft
StuffPlug 3
System Requirements Lab
UltraISO Premium V8.65
Unlocker 1.8.5
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Ventrilo Client
VideoLAN VLC media player 0.8.6d
VirtuaWin v3.2
Webserver Stress Tool 7
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows XP Service Pack 3
WinMount V2.0.6
WinRAR archiver
Xfire (remove only)
xplorer˛ professional

thanks for any help.
  • 0

Advertisements

#2
Essexboy
Posted 18 February 2008 - 05:19 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay I will need a fresh look at your system

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
CSPBATMAN
Posted 18 February 2008 - 05:45 PM

CSPBATMAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
main.txt
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-02-18 18:37:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
36: 2008Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3000+
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 766.73 MiB / 423.85 MiB
Pagefile Memory (total/avail): 1490.2 MiB / 1226.82 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.62 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.05 GiB total, 13.31 GiB free.
D: is CDROM (No Media)
F: is Fixed (NTFS) - 8.02 GiB total, 5.42 GiB free.
G: is Fixed (FAT32) - 29.19 GiB total, 12.31 GiB free.
H: is CDROM (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - ST340810A - 37.27 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 8.02 GiB - F:
\PARTITION1 - Extended Partition - 29.25 GiB - G:

\\.\PHYSICALDRIVE0 - WDC WD1600JB-00GVA0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.05 GiB - C:

\\.\PHYSICALDRIVE2 - Mitsumi VT6205-DevB USB Device

\\.\PHYSICALDRIVE3 - Mitsumi VT6205-DevM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Steam\\SteamApps\\redknight123\\condition zero\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\redknight123\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\redknight123\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\redknight123\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Steam\\SteamApps\\afropig\\half-life\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\afropig\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"="C:\\Program Files\\Free Music Zilla\\FMZilla.exe:*:Enabled:FMZilla Module"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EDWARD
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\EDWARD
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=EDWARD
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
__COMPAT_LAYER=DisableNXShowUI


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.45 beta --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Anti-Keylogger Elite Version 3.3.3 --> "C:\Program Files\Anti Keylogger Elite\unins000.exe"
AutoCAD 2008 - English --> C:\Program Files\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD
AVG Anti-Spyware 7.5 --> C:\Program Files\AVG Anti-Spyware 7.5\Uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Chinese (Traditional) Language Support --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tw.inf, Uninstall
Clipomatic --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\CLIPOMTC.INF, DefaultUninstall.ntx86
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
ConvertXtoDVD 2.1.12.214 --> "C:\Program Files\vso\ConvertXtoDVD\unins000.exe"
Counter-Strike --> "C:\Program Files\PacSteam\steam.exe" steam://uninstall/10
CrossLoop 1.2 --> "C:\Program Files\CrossLoop\unins000.exe"
dBpoweramp Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Windows Media Audio 10 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
dBpowerAMP Windows Media Audio 9 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.dat
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dragon NaturallySpeaking 9 --> MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
FlashFXP v3 --> "C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
FlashGet 1.9.0.1012 --> C:\Program Files\FlashGet\uninst.exe
Foxit PDF Editor --> C:\Program Files\Foxit Software\PDF Editor\uninstall.exe
Free Music Zilla --> "C:\Program Files\Free Music Zilla\unins000.exe"
Freez FLV to MP3 Converter --> "C:\Program Files\Freez FLV to MP3 Converter\unins000.exe"
FrostWire 4.13.2.0 --> C:\Program Files\FrostWire\Uninstall.exe
GMail Drive Shell Extension --> rundll32.exe C:\WINDOWS\system32\ShellExt\GMailFS.dll,Uninstall C:\WINDOWS\system32\ShellExt\GMailFS.inf
GoldWave v5.20 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.20" "C:\Program Files\GoldWave\unstall.log"
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
GUI StudioMDL 1.0 --> C:\Program Files\GUI StudioMDL 1.0\uninst.exe
Half-Life editing 0.9b --> c:\hl-edit\uninst.exe
Hamachi 1.0.1.5 --> C:\Program Files\Hamachi\uninstall.exe
HijackThis 1.99.1 --> C:\HJT\HijackThis.exe /uninstall
HLSW v1.2.0 --> "C:\Program Files\HLSW\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Huffyuv AVI lossless video codec (Remove Only) --> rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
iCD CoolBeLa3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3262B681-4FF9-11D7-B40C-00D0590FF303}\setup.exe" -uninst
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
K-Lite Mega Codec Pack 1.53 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macro Express 3 --> C:\PROGRA~1\MACROE~1\UNWISE.EXE C:\PROGRA~1\MACROE~1\INSTALL.LOG
MapleStory --> MsiExec.exe /I{A25B43DE-B43F-4288-A52A-3EA3B1674B35}
MediaCoder PSP Edition 0.6.0 --> C:\Program Files\MediaCoder PSP Edition\uninst.exe
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Halo Custom Edition --> "C:\Program Files\Halo Custom Edition\Uninstal.exe" /runtemp /addremove
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MiraScan V4.03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01000A03-E058-11D3-9C13-0000E220DC33}\Setup.exe" -uninst
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.39 --> C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1 --> "C:\Program Files\Eset\unins000.exe"
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
O&O Defrag Professional Edition --> MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
PacSteamT --> C:\PacSteamT\PacSteamT-Uninstall.exe
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
Portal --> "C:\PacSteamT\steam.exe" steam://uninstall/400
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PSP ISO Compressor --> MsiExec.exe /X{D47087E7-AA15-4D1D-8C0A-60F7E446D597}
QuickSFV (Remove only) --> C:\Program Files\QuickSFV\QSFVUNST.EXE C:\Program Files\QuickSFV\
ReadPlease 2003/ReadPlease PLUS 2003 --> "C:\Program Files\ReadPlease\unins000.exe"
Recuva (remove only) --> "C:\Program Files\Recuva\uninst.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Source SDK Base --> "C:\Program Files\Steam\steam.exe" steam://uninstall/215
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
StuffPlug 3 --> C:\Program Files\StuffPlug3\Uninstall.exe
System Requirements Lab --> C:\Program Files\Common Files\SystemRequirementsLab\Uninstall.exe
UltraISO Premium V8.65 --> "C:\Program Files\UltraISO\unins000.exe"
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VirtuaWin v3.2 --> "C:\Program Files\VirtuaWin\unins000.exe"
Webserver Stress Tool 7 --> "C:\Program Files\Webserver Stress Tool 7\unins000.exe"
Windows Live installer --> MsiExec.exe /X{7BC43F11-02C8-45FA-ABDC-E2F9FF31F825}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{CB5EA99C-8A5B-49F2-9A1A-2EF78BE4DB41}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinMount V2.0.6 --> "C:\Program Files\WinMount\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
xplorer˛ professional --> "C:\Program Files\zabkat\xplorer2\Uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type8147 / Success
Event Submitted/Written: 02/18/2008 05:28:50 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type8146 / Error
Event Submitted/Written: 02/18/2008 04:50:20 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.20121, faulting module firefox.exe, version 1.8.20080.20121, fault address 0x0027006f.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type8136 / Success
Event Submitted/Written: 02/18/2008 04:28:15 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type8124 / Success
Event Submitted/Written: 02/18/2008 03:02:55 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type8105 / Success
Event Submitted/Written: 02/18/2008 11:59:46 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type871 / Error
Event Submitted/Written: 02/18/2008 06:33:30 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%" attempting to start the service IISADMIN with arguments ""
in order to run the server:
{A9E69610-B80D-11D0-B9B9-00A0C922E750}

Event Record #/Type869 / Error
Event Submitted/Written: 02/18/2008 06:33:30 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The IIS Admin service failed to start due to the following error:
%%3

Event Record #/Type868 / Error
Event Submitted/Written: 02/18/2008 06:33:27 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error:
%%3

Event Record #/Type867 / Error
Event Submitted/Written: 02/18/2008 06:33:27 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error:
%%3

Event Record #/Type866 / Error
Event Submitted/Written: 02/18/2008 06:33:27 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3



-- End of Deckard's System Scanner: finished at 2008-02-18 18:42:37 ------------

-02-18 23:28:31 UTC - RP506 - Deckard's System Scanner Restore Point
35: 2008-02-17 02:04:55 UTC - RP505 - Unsigned driver install
34: 2008-02-17 01:19:41 UTC - RP504 - System Checkpoint
33: 2008-02-16 01:11:52 UTC - RP503 - System Checkpoint
32: 2008-02-14 22:02:16 UTC - RP502 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-30 22:02:53 UTC - RP471 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 13.31 GiB (less than 15%) free.


-- HijackThis (run as Administrator.exe) ---------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-18 18:41:38
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Clipomatic\Clipomatic.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Program Files\Flashnote\FlashNote.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
O1 - Hosts: 70.84.125.244 l2authd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Clipomatic] C:\Program Files\Clipomatic\Clipomatic.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Startup: Flashnote.lnk = C:\Program Files\Flashnote\FlashNote.exe
O4 - Startup: Shortcut to hotkey.ahk.lnk = C:\Documents and Settings\Administrator\Desktop\less commonly used\computer tweaking\hotkey.ahk.ahk
O4 - Global Startup: NOD32 Control Center.lnk = C:\Program Files\ESET\nod32kui.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - ProtocolDefaults: Unknown 'about' protocol is in Restricted Zone (HKLM)
O15 - ProtocolDefaults: Unknown 'about:' protocol is in Restricted Zone (HKLM)
O15 - ProtocolDefaults: Unknown 'mhtml' protocol is in Restricted Zone (HKLM)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} () - http://www.fileplane...DC_2.2.1.87.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1144009334609
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - (no file)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1288.0816.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1288.0816.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\system32\LMIinit.dll (file missing)
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\Autoexnt.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - Unknown owner - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - Unknown owner - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\ESET\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PAOGWRNH - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\PAOGWRNH.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: WNDXCN - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WNDXCN.exe


--
End of file - 11482 bytes

-- HijackThis Fixed Entries (C:\HJT\backups\) ----------------------------------

backup-20060330-152712-321 R3 - Default URLSearchHook is missing
backup-20060330-152712-415 O4 - HKCU\..\Run: [CompMags] C:\DOCUME~1\ADMINI~1\APPLIC~1\KNOBAD~1\bolt bird okay.exe
backup-20060330-152712-541 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.edbaylivz...KURUf2vDCQ8.jpg
backup-20060330-152712-593 O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
backup-20060330-152712-682 O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZNfox000
backup-20060330-152712-778 O4 - HKCU\..\Run: [AutoUpdate] C:\Program Files\Serials3k\s3k_autoupdate.exe
backup-20060330-152712-814 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.whzwvqkcg...1llKYYJo06.html
backup-20060330-225756-680 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rcyzouwaa...1llKYYJo06.html
backup-20060402-134050-704 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
backup-20060402-134050-746 O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
backup-20060515-161938-505 O23 - Service: World Wide Web Publishing (W3SVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
backup-20060515-161938-725 O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
backup-20060515-161938-746 O23 - Service: IIS Admin (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
backup-20060515-161959-592 O23 - Service: World Wide Web Publishing (W3SVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
backup-20060515-161959-769 O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
backup-20060515-161959-955 O23 - Service: IIS Admin (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
backup-20060515-162015-415 O23 - Service: World Wide Web Publishing (W3SVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
backup-20060515-162015-547 O23 - Service: IIS Admin (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
backup-20060515-162015-746 O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
backup-20060515-162857-588 O23 - Service: World Wide Web Publishing (W3SVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
backup-20060515-162857-763 O23 - Service: IIS Admin (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
backup-20060515-162857-808 O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
backup-20070227-163140-985 O23 - Service: WNDXCN - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WNDXCN.exe (file missing)
backup-20070321-213403-254 O1 - Hosts: 66.98.148.65 auto.search.msn.com
backup-20070321-213403-797 O1 - Hosts: 66.98.148.65 auto.search.msn.es

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,23
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
.scr - AutoCADScriptFile - shell\open\command - "C:\Program Files\Notepad++\notepad++.exe" "%1"
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R0 viasraid - c:\windows\system32\drivers\viasraid.sys <Not Verified; VIA Technologies inc,.ltd; Raid controller 6420 driver>
R1 elpow_spy - c:\windows\system32\drivers\elpow_spy.sys
R1 ISODrive (ISO DVD/CD-ROM Device Driver) - c:\program files\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive>
R2 AKEProtect - c:\program files\anti keylogger elite\akeprotect.sys <Not Verified; ISecSoft Inc.; Anti-Keylogger Elite>
R2 MaVctrl - c:\windows\system32\drivers\mavc2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
R2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 QCMerced (Logitech QuickCam Communicate) - c:\windows\system32\drivers\lvcm.sys
R3 scrcap - c:\windows\system32\drivers\scrcap.sys <Not Verified; ZD Soft; ZD Soft Screen Capture Series>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys
R3 WinMTBus (WinMount Bus) - c:\windows\system32\drivers\winmtbus.sys <Not Verified; WinMount International Inc.; WinMTBus Device>
R3 yukonwxp (NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter) - c:\windows\system32\drivers\yukonwxp.sys <Not Verified; Marvell Semiconductor Inc.; Marvell Yukon Gigabit Ethernet Adapter>

S0 PREVXDriver (Prevx Driver) - c:\windows\system32\drivers\pxfsf.sys (file missing)
S2 LMIInfo (LogMeIn Kernel Information Provider) - c:\program files\logmein\rainfo.sys (file missing)
S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BthEnum (Bluetooth Request Block Driver) - c:\windows\system32\drivers\bthenum.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
S3 BthPan (Bluetooth Device (Personal Area Network)) - c:\windows\system32\drivers\bthpan.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 BTHPORT (Bluetooth Port Driver) - c:\windows\system32\drivers\bthport.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 BTHUSB (Bluetooth Radio USB Driver) - c:\windows\system32\drivers\bthusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 Dua1 - c:\documents and settings\administrator\desktop\mshacks\dualengine2\dualengi.sys (file missing)
S3 Dual2 - c:\documents and settings\administrator\desktop\mshacks\gameregistance\dual2.sys (file missing)
S3 GGK - c:\documents and settings\administrator\desktop\ggk\ggk.sys (file missing)
S3 IlvMoneyDRIVER53 - c:\documents and settings\administrator\desktop\risk's hackpack\moonlight engine 1129.1\ilvmoney1129.sys (file missing)
S3 nenum13E - c:\docume~1\admini~1\locals~1\temp\nenum13e.sys (file missing)
S3 pcwe - c:\program files\pc wizard 2006\pcw86-32.sys (file missing)
S3 RenameMe - c:\windows\system32\renameme.sys
S3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\windows\system32\drivers\rootmdm.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 serb1 - c:\documents and settings\administrator\desktop\mshacks\serbio\serbio.sys (file missing)
S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>
S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 zenx1 - c:\documents and settings\administrator\desktop\ms\zenx engine 0.31\zenx.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 AutoExNT - c:\windows\system32\autoexnt.exe
S2 IISADMIN (IIS Admin) -
S2 SMTPSVC (Simple Mail Transfer Protocol (SMTP)) -
S3 BthServ (Bluetooth Support Service) - c:\windows\system32\svchost.exe -k bthsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 IDriverT (InstallDriver Table Manager) - "c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe" (file missing)
S3 iPodService (iPod Service) - "c:\program files\ipod\bin\ipodservice.exe" (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>
S3 PAOGWRNH - c:\docume~1\admini~1\locals~1\temp\paogwrnh.exe (file missing)
S3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>
S4 LMIMaint (LogMeIn Maintenance Service) - "c:\program files\logmein\ramaint.exe" (file missing)
S4 LogMeIn - "c:\program files\logmein\logmein.exe" (file missing)
S4 WNDXCN - c:\docume~1\admini~1\locals~1\temp\wndxcn.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

Class GUID: {FF646F80-8DEF-11D2-9449-00105A075F6B}
Description: pcouffin device for 32 bits systems
Device ID: ROOT\PCOUFFIN\0000
Manufacturer: VSO Software
Name: pcouffin device for 32 bits systems
PNP Device ID: ROOT\PCOUFFIN\0000
Service: pcouffin


-- Files created between 2008-01-18 and 2008-02-18 -----------------------------

2008-02-18 00:32:41 0 d--hs---- C:\Documents and Settings\Administrator\Recent
2008-02-11 17:01:51 13631488 --a------ C:\Documents and Settings\Administrator\ntuser.dat
2008-02-11 17:01:50 249856 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-02-07 17:39:28 0 d-------- C:\Program Files\Anti Keylogger Elite
2008-02-07 17:17:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-07 17:16:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-07 17:16:27 0 d-------- C:\Program Files\AVG Anti-Spyware 7.5
2008-02-04 21:40:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Xfire
2008-02-04 21:40:28 0 d-------- C:\Program Files\Xfire
2008-02-02 21:46:38 0 d------c- C:\VueScan
2008-02-02 21:32:44 0 d-------- C:\Program Files\MiraScan
2008-01-28 13:31:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Command & Conquer 3 Tiberium Wars
2008-01-28 12:31:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-01-28 12:17:56 545 --a------ C:\WINDOWS\UC.PIF
2008-01-28 12:17:56 545 --a------ C:\WINDOWS\RAR.PIF
2008-01-28 12:17:56 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-01-28 12:17:56 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-01-28 12:17:56 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-01-28 12:17:56 545 --a------ C:\WINDOWS\LHA.PIF
2008-01-28 12:17:56 545 --a------ C:\WINDOWS\ARJ.PIF
2008-01-28 12:17:56 0 d------c- C:\totalcmd
2008-01-27 10:45:21 0 d-------- C:\Program Files\QuickSFV
2008-01-26 21:57:57 0 d-------- C:\Program Files\Hamachi
2008-01-26 21:37:23 967 --a------ C:\WINDOWS\ScUnin.pif
2008-01-26 21:37:23 35382 --a------ C:\WINDOWS\scunin.dat
2008-01-26 21:37:22 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-01-26 21:35:48 0 d-------- C:\Program Files\Starcraft
2008-01-26 17:46:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nexon
2008-01-26 17:35:00 0 d------c- C:\Nexon
2008-01-25 23:04:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Hamachi


-- Find3M Report ---------------------------------------------------------------

2008-02-18 18:33:58 165106752 --a----c- C:\WINDOWS\elpow_spyKEYLOG
2008-02-17 16:29:19 0 d-------- C:\Program Files\Free Music Zilla
2008-02-17 13:39:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\FrostWire
2008-02-16 21:34:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\flashnote
2008-02-14 19:30:26 2571462 --a----c- C:\WINDOWS\elpow_spyBLOB
2008-02-14 19:30:25 254364 --a----c- C:\WINDOWS\elpow_spyINDEX
2008-02-12 21:48:06 33 --a----c- C:\WINDOWS\system32\mssaver.dll
2008-02-10 14:53:51 0 d-------- C:\Program Files\Steam
2008-02-09 20:05:31 0 d-------- C:\Program Files\FlashGet
2008-02-04 16:10:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-02-03 14:14:56 0 d-------- C:\Program Files\FrostWire
2008-01-28 12:46:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Vso
2008-01-25 23:03:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Hamachi-Backup
2008-01-25 22:41:45 31 --a----c- C:\WINDOWS\system32\srecorder.dll
2008-01-25 17:30:21 0 d-------- C:\Program Files\Hitman 2 Silent Assassin
2008-01-16 18:45:35 0 d-------- C:\Program Files\Messenger Plus! Live
2008-01-15 17:50:44 0 d-------- C:\Program Files\MagicISO
2008-01-15 16:40:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Thinstall
2008-01-15 16:20:01 0 d-------- C:\Program Files\AviSynth 2.5
2008-01-14 19:54:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Move Networks
2008-01-13 20:28:38 0 d-------- C:\Program Files\FlashFXP
2008-01-13 17:20:25 0 d-------- C:\Program Files\zabkat
2008-01-12 12:07:52 0 d-------- C:\Program Files\PeerGuardian2
2008-01-05 11:38:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-05 11:38:09 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-02 20:22:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Autodesk
2008-01-02 13:10:37 0 d---s---- C:\Program Files\HLSW
2007-12-30 19:22:08 0 d-------- C:\Program Files\Webserver Stress Tool 7
2007-12-29 23:01:09 0 d-------- C:\Program Files\Common Files
2007-12-29 23:01:09 0 d-------- C:\Program Files\Common Files\Everstrike Software
2007-12-29 15:10:08 0 d-------- C:\Program Files\WinMount
2007-12-29 14:50:25 0 d-------- C:\Program Files\Windows NT
2007-12-29 14:49:52 0 d-------- C:\Program Files\Movie Maker
2007-12-29 14:42:07 0 d-------- C:\Program Files\Messenger
2007-12-28 22:02:50 250048 -rahs---- C:\ntldr
2007-12-28 21:29:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinMount
2007-12-28 11:22:09 0 d-------- C:\Program Files\UltraISO
2007-12-28 11:22:08 0 d-------- C:\Program Files\Common Files\EZB Systems
2007-12-27 22:39:56 0 d-------- C:\Program Files\StuffPlug3
2007-12-26 19:30:55 0 d-------- C:\Program Files\Freez FLV to MP3 Converter
2007-12-26 00:59:48 0 d-------- C:\Program Files\DivX
2007-12-26 00:49:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\FMZilla
2007-12-26 00:35:37 16 --a------ C:\WINDOWS\bnsacomm64_c.dll
2007-12-18 17:28:54 0 d-------- C:\Program Files\Eidos
2007-12-09 20:12:56 8157 --a----c- C:\WINDOWS\mozver.dat
2007-12-01 00:40:26 1788 --a------ C:\WINDOWS\system32\dcache.bin
2007-12-01 00:26:50 7680 --a------ C:\WINDOWS\system32\spdwnwxp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [07/19/2005 04:32 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Clipomatic"="C:\Program Files\Clipomatic\Clipomatic.exe" [05/15/1999 09:48 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
FastStone Capture.lnk - C:\Program Files\FastStone Capture\FSCapture.exe [1/15/2007 11:48:40 PM]
Flashnote.lnk - C:\Program Files\Flashnote\FlashNote.exe [12/16/2006 9:35:32 AM]
Shortcut to hotkey.ahk.lnk - C:\Documents and Settings\Administrator\Desktop\le
  • 0

#4
CSPBATMAN
Posted 18 February 2008 - 05:47 PM

CSPBATMAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
contd main.txt
Shortcut to hotkey.ahk.lnk - C:\Documents and Settings\Administrator\Desktop\less commonly used\computer tweaking\hotkey.ahk.ahk [12/30/2006 10:47:59 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NOD32 Control Center.lnk - C:\Program Files\ESET\nod32kui.exe [3/3/2007 4:08:42 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoRecentDocsNetHood"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoRun"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)
"NoRemoteRecursiveEvents"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)
"NoClose"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"ClearRecentDocsOnExit"=1 (0x1)
"NoSMHelp"=0 (0x0)
"NoRun"=0 (0x0)
"NoUserNameInStartMenu"=1 (0x1)
"NoInstrumentation"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"ForceStartMenuLogoff"=0 (0x0)
"NoSMBalloonTip"=1 (0x1)
"NoSaveSettings"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoClose"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoStartBanner"=01000000
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=0 (0x0)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
"NoThemesTab"=0 (0x0)
"New Value #1"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 12/20/2001 11:34 PM 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08e8b666-9972-11dc-9392-0011d847514a}]
1\Command- E:\.\RECYCLER\RECYCLER\autorun.exe
2\Command- E:\.\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b5bb3c0-44e2-11dc-931c-0013eff143da}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe CHUNG.vbs




-- Hosts -----------------------------------------------------------------------

70.84.125.244 l2authd.lineage2.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

7893 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-02-18 18:42:37 ------------

extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3000+
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 766.73 MiB / 423.85 MiB
Pagefile Memory (total/avail): 1490.2 MiB / 1226.82 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.62 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.05 GiB total, 13.31 GiB free.
D: is CDROM (No Media)
F: is Fixed (NTFS) - 8.02 GiB total, 5.42 GiB free.
G: is Fixed (FAT32) - 29.19 GiB total, 12.31 GiB free.
H: is CDROM (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - ST340810A - 37.27 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 8.02 GiB - F:
\PARTITION1 - Extended Partition - 29.25 GiB - G:

\\.\PHYSICALDRIVE0 - WDC WD1600JB-00GVA0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.05 GiB - C:

\\.\PHYSICALDRIVE2 - Mitsumi VT6205-DevB USB Device

\\.\PHYSICALDRIVE3 - Mitsumi VT6205-DevM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Steam\\SteamApps\\redknight123\\condition zero\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\redknight123\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\redknight123\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\redknight123\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Steam\\SteamApps\\afropig\\half-life\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\afropig\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"="C:\\Program Files\\Free Music Zilla\\FMZilla.exe:*:Enabled:FMZilla Module"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EDWARD
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\EDWARD
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=EDWARD
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
__COMPAT_LAYER=DisableNXShowUI


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.45 beta --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Anti-Keylogger Elite Version 3.3.3 --> "C:\Program Files\Anti Keylogger Elite\unins000.exe"
AutoCAD 2008 - English --> C:\Program Files\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD
AVG Anti-Spyware 7.5 --> C:\Program Files\AVG Anti-Spyware 7.5\Uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Chinese (Traditional) Language Support --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tw.inf, Uninstall
Clipomatic --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\CLIPOMTC.INF, DefaultUninstall.ntx86
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
ConvertXtoDVD 2.1.12.214 --> "C:\Program Files\vso\ConvertXtoDVD\unins000.exe"
Counter-Strike --> "C:\Program Files\PacSteam\steam.exe" steam://uninstall/10
CrossLoop 1.2 --> "C:\Program Files\CrossLoop\unins000.exe"
dBpoweramp Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Windows Media Audio 10 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
dBpowerAMP Windows Media Audio 9 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.dat
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dragon NaturallySpeaking 9 --> MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
FlashFXP v3 --> "C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
FlashGet 1.9.0.1012 --> C:\Program Files\FlashGet\uninst.exe
Foxit PDF Editor --> C:\Program Files\Foxit Software\PDF Editor\uninstall.exe
Free Music Zilla --> "C:\Program Files\Free Music Zilla\unins000.exe"
Freez FLV to MP3 Converter --> "C:\Program Files\Freez FLV to MP3 Converter\unins000.exe"
FrostWire 4.13.2.0 --> C:\Program Files\FrostWire\Uninstall.exe
GMail Drive Shell Extension --> rundll32.exe C:\WINDOWS\system32\ShellExt\GMailFS.dll,Uninstall C:\WINDOWS\system32\ShellExt\GMailFS.inf
GoldWave v5.20 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.20" "C:\Program Files\GoldWave\unstall.log"
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
GUI StudioMDL 1.0 --> C:\Program Files\GUI StudioMDL 1.0\uninst.exe
Half-Life editing 0.9b --> c:\hl-edit\uninst.exe
Hamachi 1.0.1.5 --> C:\Program Files\Hamachi\uninstall.exe
HijackThis 1.99.1 --> C:\HJT\HijackThis.exe /uninstall
HLSW v1.2.0 --> "C:\Program Files\HLSW\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Huffyuv AVI lossless video codec (Remove Only) --> rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
iCD CoolBeLa3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3262B681-4FF9-11D7-B40C-00D0590FF303}\setup.exe" -uninst
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
K-Lite Mega Codec Pack 1.53 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macro Express 3 --> C:\PROGRA~1\MACROE~1\UNWISE.EXE C:\PROGRA~1\MACROE~1\INSTALL.LOG
MapleStory --> MsiExec.exe /I{A25B43DE-B43F-4288-A52A-3EA3B1674B35}
MediaCoder PSP Edition 0.6.0 --> C:\Program Files\MediaCoder PSP Edition\uninst.exe
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Halo Custom Edition --> "C:\Program Files\Halo Custom Edition\Uninstal.exe" /runtemp /addremove
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MiraScan V4.03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01000A03-E058-11D3-9C13-0000E220DC33}\Setup.exe" -uninst
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.39 --> C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1 --> "C:\Program Files\Eset\unins000.exe"
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
O&O Defrag Professional Edition --> MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
PacSteamT --> C:\PacSteamT\PacSteamT-Uninstall.exe
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
Portal --> "C:\PacSteamT\steam.exe" steam://uninstall/400
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PSP ISO Compressor --> MsiExec.exe /X{D47087E7-AA15-4D1D-8C0A-60F7E446D597}
QuickSFV (Remove only) --> C:\Program Files\QuickSFV\QSFVUNST.EXE C:\Program Files\QuickSFV\
ReadPlease 2003/ReadPlease PLUS 2003 --> "C:\Program Files\ReadPlease\unins000.exe"
Recuva (remove only) --> "C:\Program Files\Recuva\uninst.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Source SDK Base --> "C:\Program Files\Steam\steam.exe" steam://uninstall/215
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
StuffPlug 3 --> C:\Program Files\StuffPlug3\Uninstall.exe
System Requirements Lab --> C:\Program Files\Common Files\SystemRequirementsLab\Uninstall.exe
UltraISO Premium V8.65 --> "C:\Program Files\UltraISO\unins000.exe"
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VirtuaWin v3.2 --> "C:\Program Files\VirtuaWin\unins000.exe"
Webserver Stress Tool 7 --> "C:\Program Files\Webserver Stress Tool 7\unins000.exe"
Windows Live installer --> MsiExec.exe /X{7BC43F11-02C8-45FA-ABDC-E2F9FF31F825}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{CB5EA99C-8A5B-49F2-9A1A-2EF78BE4DB41}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinMount V2.0.6 --> "C:\Program Files\WinMount\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
xplorer˛ professional --> "C:\Program Files\zabkat\xplorer2\Uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type8147 / Success
Event Submitted/Written: 02/18/2008 05:28:50 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type8146 / Error
Event Submitted/Written: 02/18/2008 04:50:20 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.20121, faulting module firefox.exe, version 1.8.20080.20121, fault address 0x0027006f.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type8136 / Success
Event Submitted/Written: 02/18/2008 04:28:15 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type8124 / Success
Event Submitted/Written: 02/18/2008 03:02:55 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type8105 / Success
Event Submitted/Written: 02/18/2008 11:59:46 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type871 / Error
Event Submitted/Written: 02/18/2008 06:33:30 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%" attempting to start the service IISADMIN with arguments ""
in order to run the server:
{A9E69610-B80D-11D0-B9B9-00A0C922E750}

Event Record #/Type869 / Error
Event Submitted/Written: 02/18/2008 06:33:30 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The IIS Admin service failed to start due to the following error:
%%3

Event Record #/Type868 / Error
Event Submitted/Written: 02/18/2008 06:33:27 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error:
%%3

Event Record #/Type867 / Error
Event Submitted/Written: 02/18/2008 06:33:27 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error:
%%3

Event Record #/Type866 / Error
Event Submitted/Written: 02/18/2008 06:33:27 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3



-- End of Deckard's System Scanner: finished at 2008-02-18 18:42:37 ------------
  • 0

#5
Essexboy
Posted 19 February 2008 - 06:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there a question before I start deleting - Did you install a keylogger on your system called elpow_spy

I also found several old trojans, so I will run a malware tool first and then use it to clear the other stuff I found

Download and run ERUNT http://www.larsheder...nline.de/erunt/

Start ERUNT, confirm the Welcome message.

Type in the name of a restore folder where the backed up registry
files should be saved, or click "..." to browse your computer's drives
and select a folder. You can also simply leave the default, which is a
folder named ERDNT inside your Windows folder, the advantage being
that you have access to this folder from the Windows Recovery Console
in case Windows does not boot anymore.


Next, select the backup options:

- System registry:

- Current user registy: .

- Other open user registries:

Click "OK" and wait until the backup process is complete. (Note that
depending on your system configuration this may take some time, and
that the first bar is NOT a progress bar, just an indicator that the
program is still running.) The ERDNT program for later restoration of
the registry is automatically copied to the restore folder.

WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine

REGISTRY FIX

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08e8b666-9972-11dc-9392-0011d847514a}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b5bb3c0-44e2-11dc-931c-0013eff143da}]


Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop Posted Image

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

THEN

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Logs required : Combofix
  • 0

#6
Essexboy
Posted 25 February 2008 - 04:22 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#7
Essexboy
Posted 29 February 2008 - 09:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#8
CSPBATMAN
Posted 29 February 2008 - 10:27 PM

CSPBATMAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
ComboFix 08-02-20.2 - Administrator 2008-02-27 22:29:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.410 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
.

2008-02-27 22:29 . 2008-02-27 22:33 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE
2008-02-21 19:07 . 2008-02-21 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-02-21 19:05 . 2008-02-21 21:55 <DIR> d-------- C:\Program Files\InterVideo
2008-02-21 19:05 . 2001-12-10 18:42 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-02-21 19:05 . 2001-12-10 18:42 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-02-21 19:05 . 2001-12-10 18:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-02-21 19:05 . 2001-12-10 18:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-02-21 19:05 . 2001-12-10 18:42 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-02-21 19:05 . 2001-12-10 18:42 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-02-19 17:27 . 2008-02-19 17:28 <DIR> d-------- C:\Program Files\ERUNT
2008-02-18 18:27 . 2008-02-18 18:27 <DIR> d----c--- C:\Deckard
2008-02-07 17:39 . 2008-02-07 17:51 <DIR> d-------- C:\Program Files\Anti Keylogger Elite
2008-02-07 17:17 . 2008-02-07 17:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-07 17:16 . 2008-02-07 17:18 <DIR> d-------- C:\Program Files\AVG Anti-Spyware 7.5
2008-02-07 17:16 . 2008-02-07 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-07 17:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-04 21:40 . 2008-02-04 21:40 <DIR> d-------- C:\Program Files\Xfire
2008-02-04 21:40 . 2008-02-04 22:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Xfire
2008-02-03 12:23 . 2003-05-22 16:31 55,808 --a------ C:\WINDOWS\system32\lfpsd13n.dll
2008-02-02 21:46 . 2008-02-02 21:53 <DIR> d----c--- C:\VueScan
2008-02-02 21:32 . 2008-02-02 21:32 <DIR> d-------- C:\Program Files\MiraScan
2008-01-30 21:03 . 2008-01-30 21:03 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-28 13:31 . 2008-01-28 13:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Command & Conquer 3 Tiberium Wars
2008-01-28 13:19 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-28 12:17 . 2008-01-28 12:29 <DIR> d----c--- C:\totalcmd
2008-01-28 12:17 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2008-01-28 12:17 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-01-28 12:17 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-01-28 12:17 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-01-28 12:17 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-01-28 12:17 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-01-28 12:17 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 03:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Hamachi
2008-02-26 23:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\FrostWire
2008-02-25 03:34 --------- d-----w C:\Documents and Settings\Administrator\Application Data\flashnote
2008-02-22 00:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-17 21:29 --------- d-----w C:\Program Files\Free Music Zilla
2008-02-12 23:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-12 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-10 19:53 --------- d-----w C:\Program Files\Steam
2008-02-10 17:31 --------- d-----w C:\Program Files\Starcraft
2008-02-10 01:05 --------- d-----w C:\Program Files\FlashGet
2008-02-07 22:06 --------- d-----w C:\Program Files\ESET
2008-02-06 02:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-04 21:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-02-03 19:14 --------- d-----w C:\Program Files\FrostWire
2008-01-28 17:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Vso
2008-01-27 15:45 --------- d-----w C:\Program Files\QuickSFV
2008-01-27 02:58 --------- d-----w C:\Program Files\Hamachi
2008-01-27 02:57 17,480 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-27 02:42 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2008-01-26 22:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nexon
2008-01-26 04:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Hamachi-Backup
2008-01-25 22:30 --------- d-----w C:\Program Files\Hitman 2 Silent Assassin
2008-01-16 23:45 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-15 22:50 --------- d-----w C:\Program Files\MagicISO
2008-01-15 21:40 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Thinstall
2008-01-15 21:20 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-15 00:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Move Networks
2008-01-14 01:28 --------- d-----w C:\Program Files\FlashFXP
2008-01-13 22:20 --------- d-----w C:\Program Files\zabkat
2008-01-12 17:07 --------- d-----w C:\Program Files\PeerGuardian2
2008-01-05 16:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-03 01:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-03 01:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Autodesk
2008-01-02 18:10 --------- d-s---w C:\Program Files\HLSW
2007-12-31 00:22 --------- d-----w C:\Program Files\Webserver Stress Tool 7
2007-12-30 04:01 --------- d-----w C:\Program Files\Common Files\Everstrike Software
2007-12-29 20:10 --------- d-----w C:\Program Files\WinMount
2007-12-29 02:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\WinMount
2007-12-28 16:22 --------- d-----w C:\Program Files\UltraISO
2007-12-28 16:22 --------- d-----w C:\Program Files\Common Files\EZB Systems
2007-12-28 03:39 --------- d-----w C:\Program Files\StuffPlug3
2007-08-10 14:44 382 ----a-w C:\Program Files\Shortcut to Program Files.lnk
2007-05-20 14:27 4,835 ----a-w C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
2007-04-16 00:28 87,608 ----a-w C:\Documents and Settings\Administrator\Application Data\ezpinst.exe
2007-04-16 00:28 47,360 ----a-w C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
2007-04-07 14:56 4 ----a-w C:\Documents and Settings\All Users\Application Data\CBD31F1C.DAT
2006-06-04 03:17 102 -c--a-w C:\Program Files\rs.abc
2006-02-21 03:12 68,080 -c--a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2005-02-04 02:00 1,381,774 -c--a-w C:\Program Files\Uninst.isu
2004-07-22 14:51 3,432,656 -c--a-w C:\Program Files\ManagedDX.CAB
2004-07-20 02:58 1,156,363 -c--a-w C:\Program Files\BDANT.cab
2004-07-20 02:53 976,020 -c--a-w C:\Program Files\BDAXP.cab
2004-07-09 18:17 13,265,040 -c--a-w C:\Program Files\dxnt.cab
2004-07-09 13:13 703,080 -c--a-w C:\Program Files\BDA.cab
2004-07-09 13:13 15,493,481 -c--a-w C:\Program Files\DirectX.cab
2004-07-09 08:08 472,576 -c--a-w C:\Program Files\dxsetup.exe
2004-07-09 08:08 2,242,560 -c--a-w C:\Program Files\dsetup32.dll
2004-07-09 07:03 62,976 -c--a-w C:\Program Files\DSETUP.dll
2003-05-08 19:40 28,672 -c--a-w C:\Program Files\Uninst.dll
2003-04-11 16:42 54,532 -c--a-w C:\Program Files\NFXRect.tlb
2003-04-11 16:42 23,380 -c--a-w C:\Program Files\nfusion.tlb
2003-04-11 16:41 401,408 -c--a-w C:\Program Files\DAlib.dll
2003-04-10 22:53 90,112 -c--a-w C:\Program Files\Pubview.dll
2003-04-10 21:13 28,672 -c--a-w C:\Program Files\NFXPort.dll
2003-04-10 20:48 143,360 -c--a-w C:\Program Files\UTUnpack.dll
2003-04-10 20:47 135,168 -c--a-w C:\Program Files\UTCmprss.dll
2003-04-10 20:46 20,480 -c--a-w C:\Program Files\PtRes.dll
2003-04-10 20:26 118,784 -c--a-w C:\Program Files\asrv.dll
2003-04-10 19:53 303,104 -c--a-w C:\Program Files\FSI.dll
2003-04-10 19:35 69,632 -c--a-w C:\Program Files\t2edit.dll
2003-04-10 19:35 163,840 -c--a-w C:\Program Files\t2html.dll
2003-04-10 19:35 118,784 -c--a-w C:\Program Files\Pdlib.dll
2003-04-10 19:13 69,632 -c--a-w C:\Program Files\JaxCompiler.ocx
2003-04-10 19:11 45,056 -c--a-w C:\Program Files\CoFTP.dll
2003-04-10 03:16 11,643 -c--a-w C:\Program Files\License.txt
2003-04-10 02:38 476,160 -c--a-w C:\Program Files\SiteSlurp.dll
2003-04-10 02:38 374,272 -c--a-w C:\Program Files\NOFPR.DLL
2003-04-10 02:38 196,608 -c--a-w C:\Program Files\NOFPD.DLL
2003-04-10 02:29 848,384 -c--a-w C:\Program Files\SBEditorForm.ocx
2003-04-10 02:29 503,808 -c--a-w C:\Program Files\xerces-c_1_1.dll
2003-04-10 02:29 32,768 -c--a-w C:\Program Files\OdbcDsnRetriever.dll
2003-04-10 02:29 184,320 -c--a-w C:\Program Files\patchw32.dll
2003-04-10 02:28 996,872 -c--a-w C:\Program Files\cp3240mt.dll
2003-04-10 02:28 4,321,280 -c--a-w C:\Program Files\icudata.dll
2003-04-10 02:28 352,256 -c--a-w C:\Program Files\icuuc.dll
2003-04-10 02:28 29,952 -c--a-w C:\Program Files\borlndmm.dll
2003-04-10 02:28 29,380 -c--a-w C:\Program Files\Fusion.cnt
2006-10-19 00:56 8 --sha-r C:\WINDOWS\neoqaz2.dll
2004-08-04 08:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
.

------- Sigcheck -------

"C:\WINDOWS\system32\svchost.exe"
-c----w 14,336 2004-08-04 08:56:57 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
------w 14,336 2004-08-04 07:56:57 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
----a-w 14,336 2004-08-04 08:56:57 C:\WINDOWS\system32\svchost.exe

"C:\WINDOWS\system32\user32.dll"
-c--a-w 577,024 2005-03-02 18:19:56 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
-c--a-w 578,048 2007-03-08 15:48:36 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
-c----w 577,536 2007-03-08 15:36:28 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
-c----w 560,128 2002-08-29 03:41:18 C:\WINDOWS\$NtUninstallKB840987$\user32.dll
-c----w 577,024 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
-c----w 560,128 2004-06-17 17:58:35 C:\WINDOWS\$NtUninstallKB891711$\user32.dll
-c----w 577,024 2005-03-02 19:09:30 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
------w 577,024 2004-08-04 07:56:46 C:\WINDOWS\ServicePackFiles\i386\user32.dll
----a-w 577,536 2007-03-08 15:36:28 C:\WINDOWS\system32\user32.dll
-c----w 577,536 2007-03-08 15:36:28 C:\WINDOWS\system32\dllcache\user32.dll

"C:\WINDOWS\system32\ws2_32.dll"
-c----w 82,944 2004-08-04 08:56:46 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
------w 82,944 2004-08-04 07:56:46 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
----a-w 82,944 2004-08-04 08:56:46 C:\WINDOWS\system32\ws2_32.dll

"C:\WINDOWS\system32\wininet.dll"
-c--a-w 656,896 2004-09-29 18:27:41 C:\WINDOWS\$hf_mig$\KB834707\SP2QFE\wininet.dll
-c--a-w 657,920 2005-01-27 17:08:42 C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll
-c--a-w 658,944 2005-05-02 20:57:24 C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll
-c--a-w 657,920 2005-03-10 07:43:23 C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll
-c--a-w 660,480 2005-09-02 23:53:41 C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
-c--a-w 659,456 2005-07-03 02:09:33 C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
-c--a-w 661,504 2005-10-21 03:38:08 C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
-c--a-w 663,552 2006-03-04 03:58:52 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
-c--a-w 663,552 2006-05-10 05:25:22 C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
-c--a-w 664,576 2006-06-23 11:25:31 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
-c--a-w 664,576 2006-09-14 08:31:30 C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
-c--a-w 664,576 2006-10-23 15:34:22 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll
-c--a-w 665,088 2007-01-04 14:05:30 C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\wininet.dll
-c--a-w 665,600 2007-02-20 09:52:17 C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\wininet.dll
-c--a-w 665,600 2007-04-18 12:46:27 C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll
-c--a-w 665,600 2007-06-26 14:35:54 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll
----a-w 665,600 2007-08-22 12:55:44 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
----a-w 666,112 2007-10-11 05:57:41 C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
-c----w 659,456 2007-10-11 06:13:45 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
-c----w 656,384 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallKB834707$\wininet.dll
-c----w 656,896 2004-09-29 18:47:04 C:\WINDOWS\$NtUninstallKB867282$\wininet.dll
-c----w 656,896 2005-03-10 08:02:35 C:\WINDOWS\$NtUninstallKB883939$\wininet.dll
-c----w 599,040 2002-08-29 03:41:18 C:\WINDOWS\$NtUninstallKB889293-IE6SP1-20041111.235619$\wininet.dll
-c----w 656,896 2005-01-27 17:13:18 C:\WINDOWS\$NtUninstallKB890923$\wininet.dll
-c----w 658,432 2005-07-03 02:11:30 C:\WINDOWS\$NtUninstallKB896688$\wininet.dll
-c----w 657,920 2005-05-02 21:52:36 C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
-c----w 658,432 2005-10-21 03:39:30 C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
-c----w 658,432 2006-03-04 03:33:45 C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
-c----w 658,432 2006-05-10 05:23:03 C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
-c----w 658,944 2006-06-23 11:02:52 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll
-c----w 658,944 2006-09-14 08:39:55 C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
-c----w 658,944 2006-10-23 15:17:53 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
-c----w 658,944 2007-01-04 13:37:08 C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
-c----w 658,944 2007-02-20 09:48:18 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
-c----w 658,944 2007-04-18 12:31:39 C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
-c----w 658,944 2007-06-26 14:09:10 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
-c----w 658,944 2007-08-22 13:12:18 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
----a-w 692,736 2007-04-18 12:31:39 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
----a-w 659,456 2007-10-11 06:13:45 C:\WINDOWS\system32\wininet.dll
-c----w 659,456 2007-10-11 06:13:45 C:\WINDOWS\system32\dllcache\wininet.dll

"C:\WINDOWS\system32\drivers\tcpip.sys"
-c--a-w 359,936 2005-05-25 19:07:12 C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
-c--a-w 360,448 2006-01-13 17:07:08 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
-c--a-w 360,576 2006-04-20 12:18:35 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
-c----w 360,576 2006-04-20 12:18:35 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
-c----w 359,040 2004-08-04 06:14:40 C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
-c----w 359,808 2005-05-25 20:04:02 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
-c----w 359,808 2006-04-20 11:51:50 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
-c----w 359,808 2006-01-13 02:28:14 C:\WINDOWS\$NtUninstallKB917953_0$\tcpip.sys
-c----w 360,576 2006-04-20 12:18:35 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
------w 359,040 2004-08-04 06:14:40 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
-c--a-w 360,832 2007-10-30 16:53:32 C:\WINDOWS\system32\dllcache\tcpip.sys
----a-w 360,832 2007-10-30 16:53:32 C:\WINDOWS\system32\drivers\tcpip.sys

"C:\WINDOWS\system32\winlogon.exe"
-c----w 502,272 2004-08-04 08:56:57 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
-c----w 516,608 2002-08-29 03:41:28 C:\WINDOWS\$NtUninstallKB840987$\winlogon.exe
------w 502,272 2004-08-04 07:56:57 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
----a-w 502,272 2004-08-04 08:56:57 C:\WINDOWS\system32\winlogon.exe

"C:\WINDOWS\system32\drivers\ndis.sys"
-c----w 182,912 2004-08-04 07:14:28 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
------w 182,912 2004-08-04 06:14:28 C:\WINDOWS\ServicePackFiles\i386\ndis.sys
-c--a-w 182,912 2004-08-04 07:14:28 C:\WINDOWS\system32\dllcache\ndis.sys
----a-w 182,912 2004-08-04 07:14:28 C:\WINDOWS\system32\drivers\ndis.sys

"C:\WINDOWS\system32\drivers\ip6fw.sys"
-c----w 29,056 2004-08-04 07:00:06 C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
------w 29,056 2004-08-04 06:00:06 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
-c--a-w 29,056 2004-08-04 07:00:06 C:\WINDOWS\system32\dllcache\ip6fw.sys
----a-w 29,056 2004-08-04 07:00:06 C:\WINDOWS\system32\drivers\ip6fw.sys

"C:\WINDOWS\system32\ntkrnlpa.exe"
-c--a-w 2,056,832 2005-03-02 00:36:40 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
-c--a-w 2,059,392 2006-12-19 16:12:16 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
-c--a-w 2,059,392 2007-02-28 09:15:56 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
-c----w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
-c----w 1,947,904 2002-08-29 03:50:10 C:\WINDOWS\$NtUninstallKB840987$\ntkrnlpa.exe
-c----w 1,954,688 2004-06-17 08:03:00 C:\WINDOWS\$NtUninstallKB885835_0$\ntkrnlpa.exe
-c----w 2,056,832 2004-08-04 05:58:58 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
-c----w 2,056,832 2005-03-02 01:34:40 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
-c----w 2,057,600 2006-12-19 12:55:39 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
------w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
------w 2,056,832 2004-08-04 05:58:58 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
----a-w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\system32\ntkrnlpa.exe
-c--a-w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

"C:\WINDOWS\system32\ntoskrnl.exe"
-c--a-w 2,179,456 2005-03-02 01:04:22 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
-c--a-w 2,182,016 2006-12-19 16:51:12 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
-c--a-w 2,182,144 2007-02-28 09:55:14 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
-c----w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
-c----w 2,042,240 2002-08-29 02:03:30 C:\WINDOWS\$NtUninstallKB840987$\ntoskrnl.exe
-c----w 2,051,584 2004-06-17 17:22:02 C:\WINDOWS\$NtUninstallKB885835_0$\ntoskrnl.exe
-c----w 2,180,992 2004-08-04 06:19:59 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
-c----w 2,179,328 2005-03-02 01:59:53 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
-c----w 2,180,352 2006-12-19 14:17:19 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
------w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
------w 2,180,992 2004-08-04 06:19:59 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
----a-w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\system32\ntoskrnl.exe
-c--a-w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

"C:\WINDOWS\explorer.exe"
----a-w 1,033,216 2007-06-13 10:23:07 C:\WINDOWS\explorer.exe
----a-w 1,033,216 2007-06-13 11:26:03 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
-c----w 1,033,216 2007-06-13 10:23:07 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
-c----w 1,032,192 2004-08-04 08:56:49 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
----a-w 974,336 2004-08-04 08:56:49 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
-c----w 1,033,216 2007-06-13 10:23:07 C:\WINDOWS\system32\dllcache\explorer.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Clipomatic"="C:\Program Files\Clipomatic\Clipomatic.exe" [1999-05-15 09:48 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
"WINSCHEDULER"="C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE" [2003-09-03 18:49 139264]
"WinRemote"="C:\Program Files\InterVideo\WinDVR\WinRemote.exe" [2003-09-03 18:57 131072]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]
FastStone Capture.lnk - C:\Program Files\FastStone Capture\FSCapture.exe [2007-01-15 23:48:40 1110528]
Flashnote.lnk - C:\Program Files\Flashnote\FlashNote.exe [2006-12-16 09:35:32 532480]
Shortcut to hotkey.ahk.lnk - C:\Documents and Settings\Administrator\Desktop\less commonly used\computer tweaking\hotkey.ahk.ahk [2006-12-30 22:47:59 2347]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-02-21 19:05:37 131072]
NOD32 Control Center.lnk - C:\Program Files\ESET\nod32kui.exe [2007-03-03 16:08:42 950664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 0 (0x0)
"NoDesktopCleanupWizard"= 1 (0x1)
"New Value #1"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 03:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-30 22:22]
R1 elpow_spy;elpow_spy;C:\WINDOWS\system32\drivers\elpow_spy.sys [2005-08-04 16:56]
R2 AKEProtect;AKEProtect;C:\Program Files\Anti Keylogger Elite\AKEProtect.sys [2006-03-07 22:36]
R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-12-27 09:47]
R3 WinMTBus;WinMount Bus;C:\WINDOWS\system32\DRIVERS\WinMTBus.sys [2007-04-11 12:35]
S2 713xTVCard;SAA7130 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2005-03-15 12:00]
S2 AutoExNT;AutoExNT;C:\WINDOWS\system32\AutoExNT.Exe [2007-03-02 18:44]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\RaInfo.sys []
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 15:32]
S3 Dua1;Dua1;C:\Documents and Settings\Administrator\Desktop\mshacks\DualEngine2\DualEngi.sys []
S3 Dual2;Dual2;C:\Documents and Settings\Administrator\Desktop\mshacks\GameRegistance\Dual2.sys []
S3 GGK;GGK;C:\Documents and Settings\Administrator\Desktop\ggk\ggk.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Documents and Settings\Administrator\Desktop\Risk's Hackpack\MoonLight Engine 1129.1\IlvMoney1129.sys []
S3 nenum13E;nenum13E;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nenum13E.sys []
S3 PAOGWRNH;PAOGWRNH;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\PAOGWRNH.exe []
S3 pcwe;pcwe;C:\Program Files\PC Wizard 2006\pcw86-32.sys []
S3 RenameMe;RenameMe;C:\WINDOWS\system32\RenameMe.sys [2006-08-12 18:21]
S3 serb1;serb1;C:\Documents and Settings\Administrator\Desktop\mshacks\Serbio\serbio.sys []
S3 zenx1;zenx1;C:\Documents and Settings\Administrator\Desktop\ms\Zenx engine 0.31\zenx.sys []
S4 WNDXCN;WNDXCN;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WNDXCN.exe []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 22:33:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Clipomatic = C:\Program Files\Clipomatic\Clipomatic.exe??|???Z?A~<???*?A~??????f???f?????????????????????????V???????????????0???0?A~????W?D~0?A~????*?A~??A~??????C~??????????????????f?????&?@????? ?????????????????A~??f?@?a?????????????u]B~?????]B~??????????????????@? K@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-27 22:35:23
ComboFix-quarantined-files.txt 2008-02-28 03:35:00
ComboFix2.txt 2008-02-20 23:36:40
.
2008-02-14 22:03:49 --- E O F ---


HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:32 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Clipomatic\Clipomatic.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Program Files\Flashnote\FlashNote.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [Clipomatic] C:\Program Files\Clipomatic\Clipomatic.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Startup: Flashnote.lnk = C:\Program Files\Flashnote\FlashNote.exe
O4 - Startup: Shortcut to hotkey.ahk.lnk = C:\Documents and Settings\Administrator\Desktop\less commonly used\computer tweaking\hotkey.ahk.ahk
O4 - Global Startup: NOD32 Control Center.lnk = C:\Program Files\ESET\nod32kui.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.2.1.87.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1144009334609
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: IIS Admin (IISADMIN) - Unknown owner - (no file)
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PAOGWRNH - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\PAOGWRNH.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8094 bytes




sorry for late replies my computer keeps crashing making it hard to reply >.>
  • 0

#9
Essexboy
Posted 01 March 2008 - 05:39 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When your computer crashes do you get a blue screen with writing on it. That information may help me track down the problem
Does it relate to IIS Admin as you have a lot of programmes calling on that but the files do not appear to be installed - did you uninstall this ?

Also did you install the keylogger ?

We will go for a quick clean up as well

Prefetch is clickable for more information

Click start then run, type prefetch then press enter, click edit then select all, (all files will highlight), right click any file, click delete, confirm

Click start then all programmes, accessories, system tools to run disc clean up

Reboot

Download, install and run Tuneup Utilities 2008

Select Free up disk space

Select Unneccesary files and backups then clean

Select Maintain Windows

Run Drive Defrag

Run Tune Up registry clean up

Then run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Select Increase performance

Run the internet Optimiser to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click Increase performance then system optimizer to run system advisor

Edited by Essexboy, 01 March 2008 - 05:40 AM.

  • 0

#10
CSPBATMAN
Posted 01 March 2008 - 05:20 PM

CSPBATMAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
IIS admin I've never of, no I didn't install the key logger. Ill try the prefetch thing when I get home, but I run CCleaner pretty regularly and I've ran a defrag this month already. I remember my friend played a prank on me a LONG time back, stole some of e-monies from some game, but we're talking like 5 years ago...

No blue screen, immediate restart. Oh sometimes XP doesn't start, it gets to the login page and it restarts. I know its a memory related problem, thats why I think theres a trojan or virus or something hogging all the memory!

thanks for any help
  • 0

Advertisements

#11
Essexboy
Posted 02 March 2008 - 06:24 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that gives me a feel as to where to go next. The next report will be a long one so please attach the file Ta. I will look at removing IIS and the keylogger plus associated files and entries

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind35u folder and double-click on WinPFind35u.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - App Paths
    • Reg - BotCheck
    • Reg - Disabled MS Config Items
    • Reg - Security Settings
    • Reg - Uninstall List
    • File - Additional Folder Scans
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#12
CSPBATMAN
Posted 02 March 2008 - 09:47 PM

CSPBATMAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
alright, attached log, wordwrap off.

Attached Files


  • 0

#13
Essexboy
Posted 03 March 2008 - 01:41 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets see what this does :)

Start WinPFind35. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Win32 Services - Non-Microsoft Only]
YY -> (IISADMIN) IIS Admin [Win32_Shared | Auto | Stopped] -> 
YY -> (PAOGWRNH) PAOGWRNH [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\PAOGWRNH.exe
YY -> (WNDXCN) WNDXCN [Win32_Own | Disabled | Stopped] -> %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WNDXCN.exe
[Registry - Non-Microsoft Only]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
YN -> %AllUsersProfile%\Start Menu\Programs\Startup\NOD32 Control Center.lnk -> %ProgramFiles%\ESET\nod32kui.exe
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\] > -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar]
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> about -> 4 = Restricted sites (Not a Default Protocol)
YN -> about: -> 4 = Restricted sites (Not a Default Protocol)
YN -> mhtml -> 4 = Restricted sites (Not a Default Protocol)
< Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
< Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
[Registry - Additional Scans - Non-Microsoft Only]
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
YN -> aupdate.dll -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value Path does not exist or could not be read.]
[Files/Folders - Created Within 90 days]
NY -> 1.reg -> %SystemRoot%\System32\1.reg
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> 01076950.dot -> %UserProfile%\Desktop\01076950.dot
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Firefox Setup 2.0.0.12.exe:Zone.Identifier
[Files/Folders - Modified Within 90 days]
NY -> @Alternate Data Stream - 8 bytes -> %SystemRoot%:
NY -> elpow_spyBLOB -> %SystemRoot%\elpow_spyBLOB
NY -> elpow_spyINDEX -> %SystemRoot%\elpow_spyINDEX
NY -> elpow_spyKEYLOG -> %SystemRoot%\elpow_spyKEYLOG
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Firefox Setup 2.0.0.12.exe:Zone.Identifier
NY -> ~$076950.dot -> %UserProfile%\Desktop\~$076950.dot
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind35 scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

#14
CSPBATMAN
Posted 08 March 2008 - 10:24 PM

CSPBATMAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
The fix told me I had to restart computer, i restarted, no long popped up.
computer still crashes - no screen - no nothing - just a frozen screen, and sometimes it restarts by itself instead of a frozen screen
  • 0

#15
Essexboy
Posted 09 March 2008 - 05:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see if we can find out what is causing the crashes

Right-click on My Computer, click Properties, click the Advanced tab.
Under “Startup & Recovery,” click Settings. Under “System Failure,” uncheck the box in front of “Automatically restart.”

Next time the computer crashes it will show a blue screen with some writing on Please copy that down fully then restart and post what the fault was.

If it does not blue screen then


From the Start menu, select Run.
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP