Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected Computer [RESOLVED]


  • This topic is locked This topic is locked

#16
td323i

td323i

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hi,
Still can't get into normal mode.

Malwarebytes' Anti-Malware 1.14
Database version: 824

12:44:54 2008-06-04
mbam-log-6-4-2008 (12-44-54).txt

Scan type: Quick Scan
Objects scanned: 51280
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\bndblock4.band (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndblock4.band.1 (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndblock4.bho (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndblock4.bho.1 (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d4a714f6-af40-4425-b708-ff03cbbc0a84} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BndBlock4.DLL (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements


#17
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
One final scan to be safe

Download RootAlyzer to your desktop.
  • Unzip it to a folder on your desktop, close all windows, and run RootAlyzer.exe
  • Click Ok to the two prompts and let the program run it's Quick Scan automatically, this should only take a few seconds
  • Click the Deep Scan tab, check all the boxes and click Ok. Let the scan run un-interrupted, it will take a few minutes.
  • When it is finished scanning, a Log tab will appear at the top, click that. Highlight all the text, right-click on it and press Copy.
  • Paste that information back here by pressing Ctrl + V, or right-click and press Paste. Also mention if you had any problems.

  • 0

#18
td323i

td323i

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Still can't get in through normal mode.

// info: Rootkit removal help file
// copyright: © 2008 Safer Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070131.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070201.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070202.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070203.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070204.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070205.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070206.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070207.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070208.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070209.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070210.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070211.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070212.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070214.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070215.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070216.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070218.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070219.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070222.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070223.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070224.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070225.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070227.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070228.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070301.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070302.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070303.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070304.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070305.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070306.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070307.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070308.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070309.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070310.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070311.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070313.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070314.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070315.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070317.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070318.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070320.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070321.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070322.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070323.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070324.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070325.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070328.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070329.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070330.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070331.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070401.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070404.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070405.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070406.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070407.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070408.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070411.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070412.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070413.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070414.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070415.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070418.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070421.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070422.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070424.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070425.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070426.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070428.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070429.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070501.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070502.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070507.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070508.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070509.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070514.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070517.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070518.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070520.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070523.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070529.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070530.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070602.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070607.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070608.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070611.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070613.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070620.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070622.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070625.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070629.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070630.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070702.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070705.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070707.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070708.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070715.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070716.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070717.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070719.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070723.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070724.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070725.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070726.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070730.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070802.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070803.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070804.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070805.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070806.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070807.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070809.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070812.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070814.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070817.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070819.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070820.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070824.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070825.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070826.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070827.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070828.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070829.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070831.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070902.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070903.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070905.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070907.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070913.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070914.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070916.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070917.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070919.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070920.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070923.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070926.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070927.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070928.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070929.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20070930.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071003.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071004.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071006.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071007.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071010.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071011.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071012.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071013.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071014.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071016.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071018.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071021.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071024.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071025.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071026.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071027.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071029.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071031.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071103.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071104.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071105.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071107.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071108.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071109.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071112.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071114.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071115.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071116.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071117.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071126.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071128.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071129.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071130.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071201.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071204.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071206.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071208.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071209.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071211.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071216.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071223.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071225.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071227.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071228.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071229.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20071230.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080101.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080102.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080103.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080104.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080105.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080106.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080107.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080109.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080110.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080111.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080112.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080114.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080115.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080117.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080118.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080121.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080122.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080129.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080130.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080204.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080205.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080208.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080209.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080210.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080211.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080213.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080214.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080215.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080216.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080217.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080218.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080220.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080221.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080222.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080223.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080228.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080301.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080302.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080303.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080304.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080306.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080312.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080313.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080315.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080317.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080318.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080319.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080321.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080322.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080324.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080325.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080326.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080327.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080328.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080331.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080401.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080402.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080403.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080404.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080405.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080407.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080412.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080414.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080415.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080416.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080417.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080418.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080422.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080423.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080424.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080425.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080426.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080427.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080428.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080429.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080502.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080503.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080505.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080507.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080508.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080509.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080511.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080512.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080513.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080514.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080516.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080518.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080519.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080521.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080522.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080523.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080525.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080527.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080528.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080531.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080601.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\__Global\Logs\20080602.log"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\1_0.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\1_1.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\1_2.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\1_3.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\1_4.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\2_0.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\2_1.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\2_2.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\2_3.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\2_4.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\5_0.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\5_1.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\5_2.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\5_3.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\5_4.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\5_5.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\5_6.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\7_0.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\7_1.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\7_2.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\7_3.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\7_4.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\7_5.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\7_6.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\ad.html"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\ad_main.html"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\B0_0.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\B0_1.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\B0_7.txt"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\bluetrash.gif"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\btn_gold.gif"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\cust_care_logo_ad4.gif"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\cust_care_logo_sm_new.gif"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\flash.jpg"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\gateway_main.css"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\Gateway_Specific.fxf"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\Gateway_Specific_UK.fxf"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\GW_header_UK.gif"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\header_bf_new.gif"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\Microsoft_Security.fxf"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\Microsoft_Security_UK.fxf"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\moreinfo.gif"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\nav_left.gif"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\openifvalid.exe"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\operator_new.gif"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\Other.fxf"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\poweroff2.jpg"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\ShellExecute.exe"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\siteicol.bmp"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\siteicon.bmp"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\siteicos.bmp"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\spacer.gif"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\support_sidenav_head.gif"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\Urgent.fxf"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp(2)\Gateway_Specific.dat"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp(2)\Gateway_Specific_UK.dat"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp(2)\Gateway_Specific_Vista.dat"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp(2)\Gateway_Specific_Vista_UK.dat"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp(2)\Microsoft_Security.dat"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp(2)\Microsoft_Security_UK.dat"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp(2)\Other.dat"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp(2)\Urgent.dat"
File:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp(2)\Welcome.dat"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\__Global\Options"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\__Global\Logs\20070127.log"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\__Global\Logs\20070128.log"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\__Global\Logs\20070129.log"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\__Global\Logs\20070130.log"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\Gateway\siteicol.bmp"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\Gateway\siteicon.bmp"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\Gateway\siteicos.bmp"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\Gateway\__Local\FileLNew"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\Gateway\__Local\Masthead"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\Gateway\__Local\SiteData"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\action_button.gif"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\backdrop.jpg"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\BCEstyle.css"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\blink.gif"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\blueb.GIF"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\bullet.gif"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\fixlet list.gif"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\globe.gif"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\main.gif"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\sitebar.gif"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\siteicol.bmp"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\siteicon.bmp"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\siteicos.bmp"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\tlogo.gif"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\toolbar.gif"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\tool_back.gif"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\tool_context.gif"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\tool_font.gif"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\tool_gather.gif"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\tool_home.gif"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\tool_next.gif"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\tool_print.gif"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\tool_stop.gif"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\tool_trash.gif"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\tool_trash_full.gif"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\tray.GIF"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\TutorialPage1.html"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\TutorialPage2.html"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\TutorialPage3.html"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\TutorialPage4.html"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\TutorialPage5.html"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\TutorialPage6.html"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\TutorialPage7.html"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\TutorialPage8.html"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\__Local\FileLNew"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\__Local\Masthead"
File:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\__Local\SiteData"
Directory:"No admin in ACL","C:\System Recovery"
Directory:"No admin in ACL","C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp(2)"
Directory:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix"
Directory:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data"
Directory:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix"
Directory:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\Gateway"
Directory:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\__Global"
Directory:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\__Global\Logs"
Directory:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\Gateway\__Local"
Directory:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\Gateway\__Local\Get"
Directory:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\__Local"
Directory:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Program Files\BigFix\__Data\BigFix\__Local\Get"
Directory:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Documents and Settings\Owner.YOUR-34EFF17BD0"
Directory:"No admin in ACL","C:\My Backup -- 07-01-31 0848AM\Documents and Settings\All Users\Application Data\Microsoft\Money\15.0\Webcache"
Directory:"No admin in ACL","C:\Documents and Settings\Owner.YOUR-9167397A84"
Directory:"No admin in ACL","C:\Documents and Settings\All Users\Application Data\Microsoft\Money\15.0\Webcache"
  • 0

#19
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok this isn't a malware problem

I have no idea what is causing your Normal Mode problem

You need to go over to the Windows XP forum, tell them I sent you over and explain your problem to them

Once they fix it, come back here and I will remove any traces of malware
  • 0

#20
td323i

td323i

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hi,
I would up having to do a system restore against the wishes of Wizzy on the OS forum because the person didn't have his windows disk for me to do a repair install. I restored back a few weeks and everyting boots normal. I would like to run some tests to make sure this is a clean slate to work with. Below you will find the latest hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:57 PM, on 6/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\BigFix\bigfix.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Photobucket Publisher - http://pic.photobuck...t_publisher.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://roxy71986.spa...ad/MsnPUpld.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 10422 bytes
  • 0

#21
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#22
td323i

td323i

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Malwarebytes' Anti-Malware 1.14
Database version: 827

12:55:05 PM 6/5/2008
mbam-log-6-5-2008 (12-55-05).txt

Scan type: Quick Scan
Objects scanned: 53664
Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 13
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\bndblock4.band (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndblock4.band.1 (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1fe2ebe5-42ff-4586-a144-ca420c84ff6a} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1fe2ebe5-42ff-4586-a144-ca420c84ff6a} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndblock4.bho (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndblock4.bho.1 (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d4a714f6-af40-4425-b708-ff03cbbc0a84} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BndBlock4.DLL (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache\0159D071.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.


Deckard's System Scanner v20071014.68
Run by Roxy on 2008-06-05 12:57:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
76: 2008-06-05 16:57:21 UTC - RP399 - Deckard's System Scanner Restore Point
75: 2008-06-05 16:16:58 UTC - RP398 - Restore Operation
74: 2008-06-05 16:07:01 UTC - RP397 - Restore Operation
73: 2008-06-05 13:18:42 UTC - RP396 - System Checkpoint
72: 2008-06-03 21:13:16 UTC - RP395 - Deckard's System Scanner Restore Point


-- First Restore Point --
1: 2008-03-06 21:19:24 UTC - RP324 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Roxy.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:01 PM, on 6/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Roxy\Desktop\dss.exe
C:\HIJACK~1\Roxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Photobucket Publisher - http://pic.photobuck...t_publisher.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://roxy71986.spa...ad/MsnPUpld.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 9890 bytes

-- HijackThis Fixed Entries (C:\HIJACK~1\backups\) -----------------------------

backup-20080604-091441-849 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht
backup-20080605-123509-636 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20080605-123509-846 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
backup-20080605-123509-856 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080605-123509-877 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-05 12:23:17 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-05 09:04:00 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2008-05-05 and 2008-06-05 -----------------------------

2008-06-05 12:37:40 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-05 12:23:53 0 d-------- C:\WINDOWS\LastGood
2008-06-05 09:02:37 0 d-------- C:\Documents and Settings\Test\Templates
2008-06-05 09:02:37 786432 --ah----- C:\Documents and Settings\Test\NTUSER.DAT
2008-06-05 09:02:37 0 d-------- C:\Documents and Settings\Test\Local Settings
2008-06-05 09:02:37 0 d-------- C:\Documents and Settings\Test\Favorites
2008-06-05 09:02:37 0 d-------- C:\Documents and Settings\Test\Cookies
2008-06-05 09:02:37 0 d-------- C:\Documents and Settings\Test\Application Data
2008-06-05 09:02:37 0 d-------- C:\Documents and Settings\Test\Application Data\Microsoft
2008-06-04 12:36:16 0 d-------- C:\Documents and Settings\Roxy\Application Data\Malwarebytes
2008-06-04 12:36:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 12:36:14 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-03 16:21:54 0 d-------- C:\WINDOWS\ERUNT
2008-06-03 14:31:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-01 12:23:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-06-01 12:22:58 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-29 19:15:44 0 d-------- C:\Program Files\VirtualDJ
2008-05-29 19:15:11 0 d-------- C:\Program Files\Free Offers from Freeze.com
2008-05-27 16:24:58 3424256 --a------ C:\Documents and Settings\Roxy\ntuser.dat
2008-05-25 16:28:26 0 d-------- C:\Documents and Settings\Roxy\Application Data\TomTom
2008-05-25 16:28:26 0 d-------- C:\Documents and Settings\Roxy\Application Data\Mozilla
2008-05-25 16:28:06 0 d-------- C:\Program Files\TomTom HOME 2
2008-05-25 16:19:04 0 d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-05-25 16:18:19 0 d-------- C:\Program Files\TomTom HOME


-- Find3M Report ---------------------------------------------------------------

2008-06-05 12:37:40 0 d-------- C:\Program Files\Common Files
2008-06-05 12:22:30 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-31 17:46:10 0 d-------- C:\Documents and Settings\Roxy\Application Data\LimeWire
2008-05-27 06:07:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-29 00:02:32 0 d-------- C:\Program Files\Lexmark 1200 Series
2008-04-10 09:34:14 0 d-------- C:\Program Files\Java
2008-04-09 16:59:40 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-09 16:59:00 0 d-------- C:\Program Files\3DGroove
2008-04-09 16:58:58 0 d-------- C:\Program Files\YourScreen
2008-04-09 16:58:58 0 d-------- C:\Program Files\Viewpoint
2008-04-09 16:58:58 0 d-------- C:\Documents and Settings\Roxy\Application Data\YourScreen


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/06/2005 12:56 AM]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [12/09/2005 10:44 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/18/2005 12:32 PM]
"nwiz"="nwiz.exe" [09/18/2005 12:32 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/18/2005 12:32 PM]
"CHotkey"="zHotkey.exe" [12/08/2004 09:57 PM C:\WINDOWS\zHotkey.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [01/07/2005 09:07 PM C:\WINDOWS\system32\HdAShCut.exe]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"RTHDCPL"="RTHDCPL.EXE" [09/14/2005 03:38 PM C:\WINDOWS\RTHDCPL.EXE]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [08/12/2005 08:16 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 07:19 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/31/2007 01:21 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [02/08/2007 06:52 PM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [02/08/2007 06:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 07:24 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/05/2008 12:22 PM]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [05/06/2008 04:42 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=NA
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [1/31/2007 1:15:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/23/2008 08:10 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 02:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2962e707-b152-11db-ac57-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480




-- End of Deckard's System Scanner: finished at 2008-06-05 12:58:27 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 4000+
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 894.42 MiB / 447.05 MiB
Pagefile Memory (total/avail): 2165.5 MiB / 1722.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.36 MiB

C: is Fixed (NTFS) - 182.19 GiB total, 145.59 GiB free.
D: is Fixed (FAT32) - 4.11 GiB total, 1.39 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3200827A - 186.31 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 182.19 GiB - C:
\PARTITION1 - Unknown - 4.11 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: v (McAfee) Disabled
AV: avast! antivirus 4.8.1201 [VPS 080605-0] v4.8.1201 (ALWIL Software)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1170264049\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1170264049\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Owner.YOUR-9167397A84\\My Documents\\My Music\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Owner.YOUR-9167397A84\\My Documents\\My Music\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Documents and Settings\\Roxy\\Desktop\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Roxy\\Desktop\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\lxczcoms.exe"="C:\\WINDOWS\\system32\\lxczcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Roxy\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-9167397A84
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Roxy
LOGONSERVER=\\YOUR-9167397A84
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2701
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Roxy\LOCALS~1\Temp
TMP=C:\DOCUME~1\Roxy\LOCALS~1\Temp
USERDOMAIN=YOUR-9167397A84
USERNAME=Roxy
USERPROFILE=C:\Documents and Settings\Roxy
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner.YOUR-9167397A84 (admin)
Roxy (admin)
Dinna (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI-SV92PP Soft Modem --> agrsmdel
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\aolunins_us.exe
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Browser Address Error Redirector --> regsvr32 /u /s "c:\windows\system32\BAE.dll"
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Deckadance --> C:\Program Files\VstPlugins\Deckadance\uninstall.exe
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} /l1033
DreamStation DXi2 --> C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
DVD Solution --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
gtw_logo --> C:\WINDOWS\system32\gtw_logo.scr /UNINSTALL "C:\WINDOWS\system32\gtw_logo.log"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\hijackthis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lexmark 1200 Series --> C:\Program Files\Lexmark 1200 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
LimeWire 4.16.6 --> "C:\Documents and Settings\Roxy\Desktop\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}\Setup.exe" -l0x9
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OTOY --> RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,[email protected]
PoiZone --> C:\Program Files\Image-Line\PoiZone\uninstall.exe
Power2Go 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Pure Networks Port Magic --> C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TomTom HOME --> C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
Toxic Biohazard --> C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
VC_MergeModuleToMSI --> MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Sound Canvas DXi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F}\setup.exe" UNINSTALL_XXX
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
YourScreen --> "C:\Program Files\YourScreen\UNINSTAL.EXE" /U "C:\Program Files\YourScreen\INSTALL.LOG"


-- Application Event Log -------------------------------------------------------

Event Record #/Type4695 / Warning
Event Submitted/Written: 06/04/2008 00:48:15 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4689 / Warning
Event Submitted/Written: 06/04/2008 09:28:50 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4688 / Error
Event Submitted/Written: 06/04/2008 09:27:44 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mbam-setup.tmp, version 51.49.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4687 / Error
Event Submitted/Written: 06/04/2008 09:08:26 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application avast.setup, version 4.8.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0000ec8d.
Processing media-specific event for [avast.setup!ws!]

Event Record #/Type4686 / Error
Event Submitted/Written: 06/04/2008 09:07:50 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application jusched.exe, version 6.0.50.13, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0000ec8d.
Processing media-specific event for [jusched.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type29609 / Warning
Event Submitted/Written: 06/05/2008 00:58:16 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-9167397A8427 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-9167397A8427 can't undo changes that you allow.

For more information please see the following:
%YOUR-9167397A84275

Scan ID: {C67E2D6B-07E8-47C3-B5EB-CBE009A172DF}

User: YOUR-9167397A84\Roxy

Name: %YOUR-9167397A84271

ID: %YOUR-9167397A84272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %YOUR-9167397A84276

Alert Type: %YOUR-9167397A84278

Detection Type: 1.1.1593.02

Event Record #/Type29608 / Warning
Event Submitted/Written: 06/05/2008 00:58:16 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-9167397A8427 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-9167397A8427 can't undo changes that you allow.

For more information please see the following:
%YOUR-9167397A84275

Scan ID: {8FF1A17E-69E8-44C9-B475-F729300B5F97}

User: YOUR-9167397A84\Roxy

Name: %YOUR-9167397A84271

ID: %YOUR-9167397A84272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %YOUR-9167397A84276

Alert Type: %YOUR-9167397A84278

Detection Type: 1.1.1593.02

Event Record #/Type29607 / Warning
Event Submitted/Written: 06/05/2008 00:58:16 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-9167397A8427 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-9167397A8427 can't undo changes that you allow.

For more information please see the following:
%YOUR-9167397A84275

Scan ID: {32F6655A-BAB7-4167-8FF4-627DE15D3F05}

User: YOUR-9167397A84\Roxy

Name: %YOUR-9167397A84271

ID: %YOUR-9167397A84272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %YOUR-9167397A84276

Alert Type: %YOUR-9167397A84278

Detection Type: 1.1.1593.02

Event Record #/Type29606 / Warning
Event Submitted/Written: 06/05/2008 00:58:14 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-9167397A8427 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-9167397A8427 can't undo changes that you allow.

For more information please see the following:
%YOUR-9167397A84275

Scan ID: {E3A243B1-9CD6-4777-A664-B34CF085F386}

User: YOUR-9167397A84\Roxy

Name: %YOUR-9167397A84271

ID: %YOUR-9167397A84272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %YOUR-9167397A84276

Alert Type: %YOUR-9167397A84278

Detection Type: 1.1.1593.02

Event Record #/Type29605 / Warning
Event Submitted/Written: 06/05/2008 00:58:14 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-9167397A8427 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-9167397A8427 can't undo changes that you allow.

For more information please see the following:
%YOUR-9167397A84275

Scan ID: {FD8616BE-6540-4948-A77C-80C8D5E95C29}

User: YOUR-9167397A84\Roxy

Name: %YOUR-9167397A84271

ID: %YOUR-9167397A84272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %YOUR-9167397A84276

Alert Type: %YOUR-9167397A84278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-06-05 12:58:27 ------------
  • 0

#23
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean

You have to remove one of your anti-virus programs or there will be trouble


You can delete the tools that we used



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here




Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#24
td323i

td323i

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Thanks for all your help. I only see Avast in add/remove programs. I think this OS was repaired once before and it must have screwed something up with the other AV. Have any recommendation's on how to remove McAfee?
  • 0

#25
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download and run the McAfee removal tool from here

http://majorgeeks.co...Tool_d5420.html


Tell me how that goes and if you have any more questions
  • 0

Advertisements


#26
td323i

td323i

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
The computer is perfect. Thanks for all your help. You can close this issue. I just created another post for a second computer that i'm working on thats a mess.
  • 0

#27
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP