Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Noticeboard
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » Prework results

[Fixed] Hijackthis! Logs - Prework results posted in the Security & Safety forums; I am not sure how this works, but here are my prework results and my problem is that while most sites load without a problem, yahoo, facebook, myspace and maybe ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 5 1 2 3 4 5 >
  #1  
Old 06-17-2008
Isorene's Avatar
Bronze Member
  
Join Date: Jun 2008
Location: Gateshead
Posts: 51
PC Experience: Beginner
Isorene - See this Members User comments on their Profile page
Default Prework results
I am not sure how this works, but here are my prework results and my problem is that while most sites load without a problem, yahoo, facebook, myspace and maybe others, keep on loading forever without success and I can't search with google or yahoo. This pc is second-hand, so I don't really know what may have caused this,help me please... thanksDeckard's System Scanner v20071014.68
Run by Owner on 2008-06-17 08:30:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-06-17 13:30:42 UTC - RP198 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-17 08:33:49
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\RPS.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Eroca\Eroca.exe
C:\Documents and Settings\Owner\Application Data\m\flec006.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = %s - Crawler.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Internet Explorer Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = Search Assistant
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Internet Explorer Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Search Assistant
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: nhdhvmbmjbmgh Copyright (c) 1993-1999 Microsoft Corp.
O1 - Hosts: mvjbm bjkbn,
O1 - Hosts: ;gkhmnhmhgh This file contains the mappings of IP addresses to host names. Each
O1 - Hosts: kyrfhfy be placed in the first column followed by the corresponding host name.
O1 - Hosts: ;lb.nhj.jhuy The IP address and the host name should be separated by at least one
O1 - Hosts: ,gjkkig,bublhikl space.
O1 - Hosts: jhfkljgfkghuig
O1 - Hosts: kmhughgjhkjnh Additionally, comments (such as thb se) may be inserted on individual
O1 - Hosts: nkgloh,kl lines or following the machine name denoted by a '#' symbol.
O1 - Hosts: bfyrmfugfjthrjtyt7
O1 - Hosts: bnnmjgkm ;m For example:
O1 - Hosts: nhmhjookbkh
O1 - Hosts: ghkghl,.;,kjl 102.54.94.97 rhino.acme.com # source server
O1 - Hosts: jhu,ubkgy 38.25.63.10 x.acme.com # x client host
O1 - Hosts: t.tl
O1 - Hosts: dewwewsythgujhb bvnh vcfdsz
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {171390BB-7251-41F9-A5ED-7164EDE6ADC1} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {45C2A50F-8F4A-496E-AF02-D0207525BF5A} - C:\WINDOWS\system32\awtuurp.dll (file missing)
O2 - BHO: {4515cfd6-fb91-1459-13f4-d45068257426} - {62475286-054d-4f31-9541-19bf6dfc5154} - C:\WINDOWS\system32\xausnekk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [BMef10d4fb] Rundll32.exe "C:\WINDOWS\system32\aymuhqyo.dll",s
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Eroca] C:\Program Files\Eroca\Eroca.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: TrayMin220.lnk = C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Casino-On-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\casino.exe (file missing)
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (file missing)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O15 - Trusted Zone: https://www.yahoo.com (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} () - http://aolsvc.aol.com/onlinegames/be...loader_v10.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: awtuurp - C:\WINDOWS\system32\awtuurp.dll (file missing)
O20 - Winlogon Notify: hjyqezzf - C:\WINDOWS\system32\hjyqezzf.dll (file missing)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O23 - Service: dvpapi - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\system32\slserv.exe


--
End of file - 11988 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 MMRTKRNL - c:\windows\system32\drivers\mmrtkrnl.sys <Not Verified; ALCATech; ALCATech Realtime Audio Kernel>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys

S3 viagfx - c:\windows\system32\drivers\vtmini.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_1106&DEV_7205&SUBSYS_D0021631&REV_01\4&1FE B96E4&0&0008
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_1106&DEV_7205&SUBSYS_D0021631&REV_01\4&1FE B96E4&0&0008
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-06-17 08:27:01 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-06-17 02:50:02 416 --a------ C:\WINDOWS\Tasks\PCConfidential.job
2008-06-06 09:00:00 386 --a------ C:\WINDOWS\Tasks\rpc.job


-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-17 02:08:26 0 d-------- C:\WINDOWS\Sun
2008-06-17 02:08:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2008-06-17 01:27:53 454656 --a------ C:\WINDOWS\system32\PaintX.dll <Not Verified; ; PaintX Module>
2008-06-17 01:27:53 372736 --a------ C:\WINDOWS\system32\ijl15.dll <Not Verified; Intel Corporation; Intel® JPEG Library>
2008-06-17 01:27:52 0 d-------- C:\Documents and Settings\Owner\Application Data\The Complete Genealogy Reporter - FTB
2008-06-17 01:27:32 0 d-------- C:\Program Files\MyHeritage
2008-06-16 12:37:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-06-16 12:36:29 0 d-------- C:\Program Files\Skype
2008-06-16 12:36:28 0 d-------- C:\Program Files\Common Files\Skype
2008-06-16 07:09:28 0 d--h----- C:\WINDOWS\PIF
2008-06-16 06:37:28 0 d-------- C:\Program Files\Common Files\Authentium
2008-06-16 06:36:39 0 d-------- C:\Program Files\Raxco
2008-06-16 06:36:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-06-16 06:36:03 0 d-------- C:\Program Files\CA
2008-06-16 06:35:46 0 d-------- C:\Program Files\Common Files\Scanner
2008-06-16 06:23:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Virgin Broadband
2008-06-16 06:23:43 0 d-------- C:\Program Files\Virgin Broadband
2008-06-16 06:23:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2008-06-16 05:37:38 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-16 05:32:42 94272 --a------ C:\WINDOWS\system32\tnlfsoyq.dll
2008-06-16 05:26:42 104000 --a------ C:\WINDOWS\system32\xausnekk.dll
2008-06-16 05:23:42 41024 --a------ C:\WINDOWS\system32\uokkermm.dll
2008-06-16 05:17:42 102976 --a------ C:\WINDOWS\system32\hsyvuure.dll
2008-06-14 10:47:46 104512 --a------ C:\WINDOWS\system32\atuofqhv.dll
2008-06-14 10:42:28 0 d-------- C:\Documents and Settings\Owner\Application Data\VTExtra
2008-06-14 10:35:35 41024 --a------ C:\WINDOWS\system32\cpomqlhl.dll
2008-06-14 10:32:34 92224 --a------ C:\WINDOWS\system32\rdlbgfnv.dll
2008-06-14 10:29:34 102976 --a------ C:\WINDOWS\system32\vbnnepee.dll
2008-06-13 10:46:31 95808 --a------ C:\WINDOWS\system32\ittsqyej.dll
2008-06-13 10:43:32 41024 --a------ C:\WINDOWS\system32\yqhrmqjt.dll
2008-06-13 10:40:31 102976 --a------ C:\WINDOWS\system32\jlcimtdn.dll
2008-06-13 10:31:31 92224 --a------ C:\WINDOWS\system32\icbinqcc.dll
2008-06-13 10:28:37 104000 --a------ C:\WINDOWS\system32\srgaejrq.dll
2008-06-12 10:40:51 41024 --a------ C:\WINDOWS\system32\nplydwaj.dll
2008-06-12 10:31:51 104000 --a------ C:\WINDOWS\system32\dopqrsfj.dll
2008-06-12 10:28:50 92224 --a------ C:\WINDOWS\system32\tghyxqrx.dll
2008-06-12 10:27:40 101440 --a------ C:\WINDOWS\system32\aymuhqyo.dll
2008-06-11 15:48:08 0 d-------- C:\Program Files\BitTorrent Fastest Tool
2008-06-11 09:48:46 0 d-------- C:\Documents and Settings\All Users\Application Data\great coal love default
2008-06-11 09:48:22 103488 --a------ C:\WINDOWS\system32\kaaskuip.dll
2008-06-11 09:45:22 41024 --a------ C:\WINDOWS\system32\iqafropx.dll
2008-06-11 09:39:24 92224 --a------ C:\WINDOWS\system32\uoyycnrb.dll
2008-06-11 09:38:32 103488 --a------ C:\WINDOWS\system32\tevibgui.dll
2008-06-10 09:37:41 96320 --a------ C:\WINDOWS\system32\gmqapivj.dll
2008-06-10 09:34:41 53312 --a------ C:\WINDOWS\system32\euktvlqk.dll
2008-06-10 09:33:05 53312 --a------ C:\WINDOWS\system32\pxnyxvvh.dll
2008-06-09 15:32:24 94272 --a------ C:\WINDOWS\system32\sxtgcehu.dll
2008-06-09 15:28:33 53312 --a------ C:\WINDOWS\system32\kxwsmsqa.dll
2008-06-09 15:28:27 96320 --a------ C:\WINDOWS\system32\tlubopas.dll
2008-06-09 14:58:10 53312 --a------ C:\WINDOWS\system32\phygcxhv.dll
2008-06-06 14:53:35 0 d-------- C:\Program Files\JavaCore
2008-06-06 14:53:29 0 d-------- C:\Virtual
2008-06-06 14:53:29 0 d-------- C:\Documents and Settings\All Users\Application Data\BufferZone
2008-06-06 14:53:24 0 d-------- C:\WINDOWS\E4153266612C460FAB94C9DB6802459A.TMP
2008-06-06 14:53:02 0 d-------- C:\WINDOWS\system32\djpclib
2008-06-06 14:52:32 0 d-------- C:\Program Files\ALCATech
2008-06-06 14:52:24 0 d-------- C:\Program Files\Eroca
2008-06-06 14:52:22 0 d-------- C:\Program Files\Share_Accelerator_MM
2008-06-06 14:51:46 0 d-------- C:\WINDOWS\Philips
2008-06-06 14:51:46 0 d-------- C:\Documents and Settings\Owner\Application Data\ArcSoft
2008-06-06 14:51:39 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-06-06 14:50:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-06 14:47:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Live Writer
2008-06-06 14:46:34 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-06 14:46:12 0 d-------- C:\Documents and Settings\Owner\Documents and Settings
2008-06-06 14:46:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Application Data
2008-06-06 14:45:44 0 d-------- C:\Program Files\SpacialAudio
2008-06-06 14:27:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Disk Cleaner
2008-06-06 14:26:21 0 d-------- C:\Program Files\nvcoi(2)
2008-06-06 14:26:17 0 d-------- C:\Documents and Settings\Owner\Application Data\WeatherDPA(2)
2008-06-06 14:16:30 3756032 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-06-03 11:55:46 0 d--hs---- C:\Program Files\outlook
2008-06-03 11:20:18 0 d--h----- C:\Documents and Settings\Owner\Application Data\m
2008-06-03 10:57:15 0 --a------ C:\Documents and Settings\Owner\C_
2008-06-03 10:42:44 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-06-03 10:41:34 0 d-------- C:\Program Files\Java
2008-06-03 10:40:39 0 d-------- C:\Program Files\Common Files\Java
2008-06-03 10:37:38 0 d-------- C:\Program Files\LimeWire
2008-06-01 10:03:50 0 d-------- C:\Program Files\DJ Music Mixer
2008-06-01 05:39:42 0 d-------- C:\Documents and Settings\Owner\.ultramixer
2008-05-31 13:13:55 0 d-------- C:\Program Files\Native Instruments
2008-05-31 13:01:08 0 d-------- C:\Documents and Settings\Owner\Application Data\NCH Software
2008-05-31 12:54:58 344576 --a------ C:\WINDOWS\system32\MMRTKRNL.DLL <Not Verified; ALCATech; BPM-Studio>
2008-05-31 12:54:53 48128 --a------ C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-31 12:54:53 92672 --a------ C:\WINDOWS\system32\drivers\mmrtkrnl.sys <Not Verified; ALCATech; ALCATech Realtime Audio Kernel>
2008-05-31 12:54:53 23936 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-31 12:54:53 4672 --a------ C:\WINDOWS\system\WOWPOST.EXE <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-24 07:13:50 0 d-------- C:\Program Files\Zapu


-- Find3M Report ---------------------------------------------------------------

2008-06-17 07:39:51 0 d-------- C:\Program Files\eMule
2008-06-17 02:46:21 665443 --ahs---- C:\WINDOWS\system32\efhkj.ini2
2008-06-17 00:06:35 0 d-------- C:\Documents and Settings\Owner\Application Data\skypePM
2008-06-16 12:36:28 0 d-------- C:\Program Files\Common Files
2008-06-16 12:34:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-16 05:53:27 0 d-------- C:\Program Files\ICQToolbar
2008-06-12 14:25:35 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-11 13:55:58 0 d-------- C:\Program Files\NotePad++
2008-06-11 11:37:24 2086 --a------ C:\WINDOWS\mozver.dat
2008-06-11 11:37:17 0 d-------- C:\Program Files\DivX
2008-06-11 11:18:42 0 d-------- C:\Program Files\NCH Software
2008-06-11 11:16:20 0 d-------- C:\Program Files\Movavi Video Converter 5
2008-06-06 14:53:47 0 d-------- C:\Program Files\NCH Swift Sound
2008-06-06 14:53:47 0 d-------- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2008-06-06 14:53:22 0 d-------- C:\Program Files\Secured IE
2008-06-06 14:53:06 0 d-------- C:\Program Files\VirtualDJ
2008-06-06 14:52:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-06-06 14:51:41 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-06 14:51:24 0 d-------- C:\Program Files\Common Files\Real
2008-06-06 14:50:58 0 d-------- C:\Program Files\Winferno
2008-06-06 14:50:58 0 d-------- C:\Program Files\AVS4YOU
2008-06-06 14:50:55 0 d-------- C:\Program Files\UltraMixer
2008-06-06 14:50:06 0 d-------- C:\Program Files\Mixxx
2008-06-06 14:50:03 0 d-------- C:\Program Files\BearShare Applications
2008-06-06 14:47:35 0 d-------- C:\Program Files\ICQ6
2008-06-06 14:47:04 0 d-------- C:\Program Files\CPV
2008-06-06 14:47:04 0 d-------- C:\Program Files\Astonsoft
2008-06-06 14:46:37 0 d-------- C:\Program Files\PC Registry Cleaner
2008-06-06 14:46:29 0 d-------- C:\Program Files\Smart PC Solutions
2008-06-06 14:46:29 0 d-------- C:\Documents and Settings\Owner\Application Data\Smart PC Solutions
2008-06-06 14:46:16 0 d-------- C:\Program Files\Exo Adult
2008-06-06 14:21:20 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-06-06 10:39:36 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-04 07:53:44 57632 --a------ C:\SPC220NC.DAT
2008-06-01 07:16:39 0 d-------- C:\Documents and Settings\Owner\Application Data\BearShare
2008-05-16 06:30:36 231424 --a------ C:\WINDOWS\b148.exe
2008-05-09 14:33:33 0 d-------- C:\Program Files\ArcSoft
2008-05-09 14:33:06 0 d-------- C:\Program Files\Philips
2008-05-08 12:09:09 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-05-08 10:30:30 0 d-------- C:\Program Files\SoftwareClub.ws
2008-04-20 08:38:15 96320 --a------ C:\WINDOWS\system32\sydwkfsn.dll
2008-04-18 09:03:34 96320 --a------ C:\WINDOWS\system32\wwlnpavm.dll
2008-04-16 05:45:18 92224 --a------ C:\WINDOWS\system32\hswojmlw.dll
2008-04-16 05:39:18 53312 --a------ C:\WINDOWS\system32\mlxfroku.dll
2008-04-16 05:36:18 95296 --a------ C:\WINDOWS\system32\clqrespd.dll
2008-04-15 05:43:15 91712 --a------ C:\WINDOWS\system32\epycclrr.dll
2008-04-15 05:37:17 53312 --a------ C:\WINDOWS\system32\oyubsgog.dll
2008-04-15 05:35:13 96320 --a------ C:\WINDOWS\system32\kahxntrh.dll
2008-04-14 11:03:41 53312 --a------ C:\WINDOWS\system32\shdhmqkl.dll
2008-04-14 11:00:41 96320 --a------ C:\WINDOWS\system32\ljbfylww.dll
2008-04-13 11:07:25 92736 --a------ C:\WINDOWS\system32\rxngwexn.dll
2008-04-13 11:03:17 53312 --a------ C:\WINDOWS\system32\kgaadvfv.dll
2008-04-13 11:00:17 95296 --a------ C:\WINDOWS\system32\koltexkg.dll
2008-04-12 11:12:12 92736 --a------ C:\WINDOWS\system32\usyottdj.dll
2008-04-12 11:03:12 53312 --a------ C:\WINDOWS\system32\pbrxauoo.dll
2008-04-12 11:00:12 94272 --a------ C:\WINDOWS\system32\uhrlvigp.dll
2008-04-11 11:06:08 90176 --a------ C:\WINDOWS\system32\rsitcjrg.dll
2008-04-11 11:00:08 94784 --a------ C:\WINDOWS\system32\trfaicej.dll
2008-04-11 10:57:36 53312 --a------ C:\WINDOWS\system32\wgmfywdx.dll
2008-04-10 11:05:16 90176 --a------ C:\WINDOWS\system32\flwiypcu.dll
2008-04-10 10:59:15 53312 --a------ C:\WINDOWS\system32\whqigmjc.dll
2008-04-10 10:57:06 88128 --a------ C:\WINDOWS\system32\speovnsm.dll
2008-04-09 11:00:33 90688 --a------ C:\WINDOWS\system32\spxtxqdj.dll
2008-04-09 10:57:39 53312 --a------ C:\WINDOWS\system32\ymwrrmjo.dll
2008-04-09 10:57:33 87616 --a------ C:\WINDOWS\system32\gwnbjpoj.dll
2008-04-08 11:08:56 91712 --a------ C:\WINDOWS\system32\jrmmmvvx.dll
2008-04-08 10:59:56 88640 --a------ C:\WINDOWS\system32\vabagdko.dll
2008-04-08 10:56:56 53312 --a------ C:\WINDOWS\system32\dmkraciu.dll
2008-04-07 10:59:21 90176 --a------ C:\WINDOWS\system32\ucxqqxtr.dll
2008-04-07 10:56:23 88128 --a------ C:\WINDOWS\system32\yfhsvecr.dll
2008-04-07 10:56:18 53312 --a------ C:\WINDOWS\system32\gmgggucp.dll
2008-04-06 10:58:12 89664 --a------ C:\WINDOWS\system32\ugijgaoe.dll
2008-04-06 10:55:16 53312 --a------ C:\WINDOWS\system32\bgswxfhs.dll
2008-04-06 10:54:49 87104 --a------ C:\WINDOWS\system32\xwhuustl.dll
2008-04-04 04:49:32 90688 --a------ C:\WINDOWS\system32\iofgycuc.dll
2008-04-04 04:47:56 88640 --a------ C:\WINDOWS\system32\hivjbcdc.dll
2008-04-03 02:28:52 91712 --a------ C:\WINDOWS\system32\slklimcc.dll
2008-04-03 02:26:34 88128 --a------ C:\WINDOWS\system32\mldlibuh.dll
2008-04-01 17:11:07 90688 --a------ C:\WINDOWS\system32\hinjhcic.dll
2008-04-01 17:08:06 88128 --a------ C:\WINDOWS\system32\tjmyepgi.dll
2008-04-01 10:05:19 0 --a------ C:\WINDOWS\system32\0
2008-04-01 10:05:19 32 --a------ C:\WINDOWS\0
2008-03-31 17:07:22 91712 --a------ C:\WINDOWS\system32\ilppccen.dll
2008-03-30 17:09:14 90176 --a------ C:\WINDOWS\system32\ikmoqvoj.dll
2008-03-30 17:06:14 87104 --a------ C:\WINDOWS\system32\dektiugx.dll
2008-03-29 17:10:25 90176 --a------ C:\WINDOWS\system32\wvngvyas.dll
2008-03-28 17:05:16 90688 --a------ C:\WINDOWS\system32\ktpbqiwt.dll
2008-03-27 16:12:09 92224 --a------ C:\WINDOWS\system32\snecfvvx.dll
2008-03-27 16:06:09 93248 --a------ C:\WINDOWS\system32\vagirnet.dll
2008-03-26 16:12:08 92736 --a------ C:\WINDOWS\system32\axnpcgka.dll
2008-03-26 16:06:08 90688 --a------ C:\WINDOWS\system32\vdvxpika.dll
2008-03-25 16:05:27 94272 --a------ C:\WINDOWS\system32\rieogeaa.dll
2008-03-25 16:05:13 90688 --a------ C:\WINDOWS\system32\fdmcekoa.dll
2008-03-24 07:55:57 93248 --a------ C:\WINDOWS\system32\emlugtin.dll
2008-03-24 07:51:39 91200 --a------ C:\WINDOWS\system32\bvbcwuuf.dll
2008-03-23 06:27:07 92736 --a------ C:\WINDOWS\system32\famshyni.dll
2008-03-23 06:21:07 90176 --a------ C:\WINDOWS\system32\kgpptlfq.dll
2008-03-22 06:23:13 93248 --a------ C:\WINDOWS\system32\uedttebg.dll
2008-03-22 06:19:40 92224 --a------ C:\WINDOWS\system32\rjjpqldk.dll
2008-03-20 18:56:41 91712 --a------ C:\WINDOWS\system32\yborbnoc.dll
2008-03-20 18:56:33 89664 --a------ C:\WINDOWS\system32\eagjuohd.dll
2008-03-19 18:57:55 88640 --a------ C:\WINDOWS\system32\osyldmlx.dll
2008-03-19 18:54:58 93248 --a------ C:\WINDOWS\system32\jhmrvjfk.dll
2008-03-18 16:54:48 92736 --a------ C:\WINDOWS\system32\nhondwmn.dll
2008-03-18 16:50:05 91200 --a------ C:\WINDOWS\system32\bnvcdafv.dll
2008-03-17 16:10:58 93760 --a------ C:\WINDOWS\system32\vsjurfvm.dll
2008-03-17 16:07:59 87616 --a------ C:\WINDOWS\system32\ksppgumj.dll
2008-03-17 16:04:58 91200 --a------ C:\WINDOWS\system32\lmdbllja.dll
2008-03-17 15:07:59 90688 --a------ C:\WINDOWS\system32\erdckcyf.dll
2008-03-17 15:04:58 88640 --a------ C:\WINDOWS\system32\adlbjdbs.dll
2008-03-17 15:01:58 88640 --a------ C:\WINDOWS\system32\rgimmbhf.dll
2008-03-17 14:05:16 90688 --a------ C:\WINDOWS\system32\fgiuhuul.dll
2008-03-17 14:00:44 88640 --a------ C:\WINDOWS\system32\phqbrnuc.dll
2008-03-17 07:54:37 90688 --a------ C:\WINDOWS\system32\mxywbeiy.dll
2008-03-17 07:51:26 88640 --a------ C:\WINDOWS\system32\fwbxmiso.dll
2008-03-17 07:50:24 88640 --a------ C:\WINDOWS\system32\qfokcyiu.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{171390BB-7251-41F9-A5ED-7164EDE6ADC1}]
C:\WINDOWS\system32\jkhfe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45C2A50F-8F4A-496E-AF02-D0207525BF5A}]
C:\WINDOWS\system32\awtuurp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62475286-054d-4f31-9541-19bf6dfc5154}]
16/06/2008 05:26 AM 104000 --a------ C:\WINDOWS\system32\xausnekk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [19/09/2006 10:07 AM]
"@"="" []
"Realtime Audio Engine"="mmrtkrnl.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28 AM]
"outlook"="C:\Program Files\outlook\outlook.exe" []
"??????
"="" []
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [07/08/2007 06:49 PM]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [05/09/2007 02:10 PM]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [05/09/2007 02:10 PM]
"BMef10d4fb"="C:\WINDOWS\system32\aymuhqyo.dll " [12/06/2008 10:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12/08/2004 01:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [01/06/2005 03:04 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34 PM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [23/01/2008 12:23 PM]
"@"="" []
"Eroca"="C:\Program Files\Eroca\Eroca.exe" [27/05/2008 11:17 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [30/05/2008 03:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonce]
"WIAWizardMenu"=RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TrayMin220.lnk - C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe [09/05/2008 2:33:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{45C2A50F-8F4A-496E-AF02-D0207525BF5A}"= C:\WINDOWS\system32\awtuurp.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuurp]
awtuurp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hjyqezzf]
hjyqezzf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhfe.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService WebClient LmHosts upnphost SSDPSRV
bthsvcs BthServ

*Newly Created Service* - SROSA



-- Hosts -----------------------------------------------------------------------

nhdhvmbmjbmgh Copyright (c) 1993-1999 Microsoft Corp.
mvjbm bjkbn,
;gkhmnhmhgh This file contains the mappings of IP addresses to host names. Each
kyrfhfy be placed in the first column followed by the corresponding host name.
;lb.nhj.jhuy The IP address and the host name should be separated by at least one
,gjkkig,bublhikl space.
jhfkljgfkghuig
kmhughgjhkjnh Additionally, comments (such as thb se) may be inserted on individual
nkgloh,kl lines or following the machine name denoted by a '#' symbol.
bfyrmfugfjthrjtyt7

7 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-17 08:38:25 ------------Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron(tm) 2600+
Percentage of Memory in Use: 77%
Physical Memory (total/avail): 447.49 MiB / 100.36 MiB
Pagefile Memory (total/avail): 720.69 MiB / 254.58 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.13 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 49.72 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FW: PCguard Firewall v6.0.1 (Telewest)
AV: PCguard Anti-Virus v6.0.1 (Telewest)

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Progr am Files\\BearShare Applications\\BearShare\\BearShare.exe:*isabled: BearShare"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS \\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS \\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\ \Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"D:\\emule.exe"="D:\\emule.exe:*:Enabled:eMule "
"C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX01.968\\StrongDC.exe"="C:\\D ocuments and Settings\\Owner\\Local Settings\\Temp\\Rar$EX01.968\\StrongDC.exe:*:Enabl ed:StrongDC++"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*isabledando"
"C:\\Program Files\\Internet Explorer\\VeohClient.exe"="C:\\Program Files\\Internet Explorer\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Zapu\\Zapu\\wDivi.exe"="C:\\Program Files\\Zapu\\Zapu\\wDivi.exe:*:Enabled:Zapu Control"
"C:\\Program Files\\VirtualDJ\\virtualdj.exe"="C:\\Program Files\\VirtualDJ\\virtualdj.exe:*:Enabled:VirtualD J"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Documents and Settings\\Owner\\Application Data\\m\\flec006.exe"="C:\\Documents and Settings\\Owner\\Application Data\\m\\flec006.exe:*isabled:flec006"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPUTER2007
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\COMPUTER2007
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;C:\Program Files\CA\PPRT\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=COMPUTER2007
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe
Authentium AntiVirus SDK - 2 --> MsiExec.exe /I{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}
CDBurnerXP --> "C:\Program Files\CDBurnerXP\unins000.exe"
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Express Burn --> C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
ICQ Toolbar --> regsvr32 /u /s "C:\PROGRA~1\ICQTOO~1\toolbaru.dll"
ICQ6 --> "C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MyHeritage Family Tree Builder --> C:\Program Files\MyHeritage\Bin\Uninstall.exe
PerfectDisk --> MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
Philips SPC220NC Webcam --> C:\Program Files\InstallShield Installation Information\{97CB5A86-4887-4919-A251-FBF6414A200D}\setup.exe -runfromtemp -l0x0009 -removeonly
PPSDKRedistributables --> MsiExec.exe /I{C869F4FF-E5FF-4FBB-9A31-33C23605E170}
Radialpoint Security Services --> MsiExec.exe /X{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}
RPS Ad Blocker --> MsiExec.exe /I{6EA0ABC4-172B-48D4-AF26-93322D7FDE72}
RPS AntiFraud --> MsiExec.exe /I{C831972C-3834-4D9D-A095-8350B324AC3C}
RPS AntiSpyware --> MsiExec.exe /I{EE1D5780-AF29-4DC4-A107-3FD5F79AC63A}
RPS AntiVirus --> MsiExec.exe /I{05BCCF27-DC23-4ED9-87A2-F8D5B244B4C4}
RPS App Detector --> MsiExec.exe /I{3C441434-737C-4D54-8EAB-B409BE54E734}
RPS AsRealtime --> MsiExec.exe /I{D8AEA1D1-78FE-4CE1-9405-D7E55E797C4D}
RPS Backup --> MsiExec.exe /I{B5C0FD16-3A5D-40D5-8B59-4B43279BB5D0}
RPS Burn --> MsiExec.exe /I{A542D695-16D3-4F89-A6F1-091F009B8ABA}
RPS Diagnostic Utility --> MsiExec.exe /I{3A836186-46F8-4388-9830-820E35C02992}
RPS Firewall --> MsiExec.exe /I{ECBDDBD7-43CC-417C-B87A-943AFED8EB57}
RPS ParentalControl --> MsiExec.exe /I{53C32728-D434-4143-9C9D-D73D68D00893}
RPS Performance Tool --> MsiExec.exe /I{DD1C392B-226D-42C9-B8E6-2A9BEF7583B4}
RPS PopupBlocker --> MsiExec.exe /I{324D4909-7A7B-45CD-B199-E975DC108249}
RPS Privacy Manager --> MsiExec.exe /I{FD2EC356-DB5E-40AE-907A-9A1D38F9396D}
RPS RpsCore --> MsiExec.exe /I{AFE0D559-DAC2-4DF0-B432-4CBA15769AA9}
RPS Security Cleanup --> MsiExec.exe /I{5E7EBB6D-F44B-4D8B-9C52-F0F9173FD166}
RPS Zip --> MsiExec.exe /I{3AFF4279-A590-4010-8C8A-3B096A220CFC}
Secured Internet Explorer --> C:\PROGRA~1\SECURE~1\UNWISE.EXE C:\PROGRA~1\SECURE~1\INSTALL.LOG
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Smart PC v4.3 --> "C:\Documents and Settings\Smart PC\unins000.exe"
TV JOJ Media Player --> C:\Program Files\TV JOJ Media Player\uninst.exe
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Virgin Broadband advisor 1.5.14 --> "C:\Program Files\Virgin Broadband\advisor\unins000.exe"
Virgin Broadband PCguard --> C:\Program Files\InstallShield Installation Information\{153BC7CA-9F2F-45AC-B4A1-AFAFBD5D904B}\setup.exe -runfromtemp -l0x0009 -removeonly
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Webcam Video Viewer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CECB7782-F35F-45CE-97C0-74BBBDC51C22}\Setup.exe" -l0x9
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3572 / Error
Event Submitted/Written: 06/17/2008 08:35:44 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type3571 / Error
Event Submitted/Written: 06/17/2008 08:35:38 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type3516 / Warning
Event Submitted/Written: 06/16/2008 06:37:07 AM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, PDProvider, has been registered in the WMI namespace, root\default, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type3511 / Warning
Event Submitted/Written: 06/16/2008 06:35:38 AM
Event ID/Source: 4458 / COM+
Event Description:
During installation of this component into a COM+ application a registry value was changed from its original value. If you are experiencing activation problems with this component then please check the registry values.C:\Program Files\Virgin Broadband\PCguard\SecurityAwareCOMPS.dll
Interface\{419D4EF2-16AE-42BE-B2C1-07E5EC50D42B}\ProxyStubClsid32


Process Name: RunDll32.exe
Comsvcs.dll file version: ENU 2001.12.4414.312 shp

Event Record #/Type3510 / Warning
Event Submitted/Written: 06/16/2008 06:35:38 AM
Event ID/Source: 4458 / COM+
Event Description:
During installation of this component into a COM+ application a registry value was changed from its original value. If you are experiencing activation problems with this component then please check the registry values.C:\Program Files\Virgin Broadband\PCguard\SecurityAwareCOMPS.dll
Interface\{419D4EF2-16AE-42BE-B2C1-07E5EC50D42B}\NumMethods


Process Name: RunDll32.exe
Comsvcs.dll file version: ENU 2001.12.4414.312 shp



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7622 / Error
Event Submitted/Written: 06/17/2008 08:35:52 AM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The SmartLinkService service has reported an invalid current state 0.

Event Record #/Type7610 / Warning
Event Submitted/Written: 06/17/2008 06:18:27 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type7606 / Warning
Event Submitted/Written: 06/17/2008 04:29:13 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type7604 / Warning
Event Submitted/Written: 06/17/2008 03:34:33 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type7603 / Warning
Event Submitted/Written: 06/17/2008 03:07:14 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-06-17 08:38:25 ------------
  #2  
Old 06-17-2008
Hengis's Avatar
PCHF Founder & Owner
My PC
 
Join Date: Jan 2004
Location: Southern England
Posts: 11,321
PC Experience: Always learning
Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page
Send a message via Skype™ to Hengis
Default Re: Prework results
Hi and welcome to PCHF.

Forum Rules require that HJT logs must be analyzed by experienced Security Team Analysts. This is for your protection... and to give you our best service.

Our Security Team is always very busy-- and as we live all over the Earth...
Time-Zones are also an important factor.

Your patience is greatly appreciated.

Thank You


__________________
> Pre-Work > System File Checker
> Did we help you? If we did, please consider A Donation
  #3  
Old 06-18-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,602
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Prework results
Download the program HostsXpert
Unzip HostsXpert.zip
It will create a folder named HostsXpert in whatever folder you extract it to.
Run HostsXpert.exe by double clicking on it.
Click the Make Writeable? button.
Click Restore Microsoft's Hosts File and then click OK.
Click the X to exit the program

================================

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for download links, and instructions for running the tool:

A guide and tutorial on using ComboFix

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should get a prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
[b]New HijackThis log.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.


__________________
  • An Australian Member of
  • and
My real name is Eddy
Last edited by Pancake; 06-18-2008 at 07:05 AM.
  #4  
Old 06-18-2008
Isorene's Avatar
Bronze Member
  
Join Date: Jun 2008
Location: Gateshead
Posts: 51
PC Experience: Beginner
Isorene - See this Members User comments on their Profile page
Default Re: Prework results
Thanks for replying; I don't want to make ny mistakes, so, is it first I do the HostsXpert thing and then the ComboFix? And where do I get the ComboFix? Thanks.
  #5  
Old 06-18-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,602
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Prework results
Double click the link in my post A guide and tutorial on using ComboFix and yes,run HostsXpert first


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #6  
Old 06-18-2008
Isorene's Avatar
Bronze Member
  
Join Date: Jun 2008
Location: Gateshead
Posts: 51
PC Experience: Beginner
Isorene - See this Members User comments on their Profile page
Default Re: Prework results
I did the first step but the link for combofix keeps on loading, like the same problem I said before, so I can't get to the combofix guide...
  #7  
Old 06-18-2008
Pancake's Avatar