Thread: Completed 2/5 steps - please look over this and tell me what to do
View Single Post
Old 01-13-2008, 10:49 PM   #9 (permalink)
omgmizzle
Registered User
 
Join Date: Jan 2008
Posts: 71
OS: Windows Vista


Re: Completed 2/5 steps - please look over this and tell me what to do
Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-13 21:46:02
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; computer is in safe mode.


-- Last 5 Restore Point(s) --
89: 2008-01-13 05:22:41 UTC - RP407 - Software Distribution Service 3.0
88: 2008-01-12 20:02:49 UTC - RP406 - Software Distribution Service 3.0
87: 2008-01-12 05:13:50 UTC - RP405 - System Checkpoint
86: 2008-01-11 04:13:40 UTC - RP404 - System Checkpoint
85: 2008-01-10 01:23:11 UTC - RP403 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-09 06:53:22 UTC - RP319 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:01 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtutq.exe
O2 - BHO: (no name) - {05AB4120-EC20-4DB3-821A-DD83F15C09BE} - C:\WINDOWS\system32\mljge.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - C:\WINDOWS\system32\hggfecb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9F8808B0-DAA4-41E3-BD77-EE166B7AA0D9} - C:\WINDOWS\system32\pmkhi.dll (file missing)
O2 - BHO: (no name) - {E2FAB54B-08FC-4214-9F40-83CDB2B410D2} - C:\WINDOWS\system32\mllmk.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass .exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [AOLRebootNeeded] regsvr32.exe /s
O4 - HKLM\..\RunOnce: [VundoFix] "C:\Documents and Settings\Owner\Desktop\vundofix.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7973] command /c del "C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5299] cmd /c del "C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
O4 - HKCU\..\RunOnce: [SpybotDeletingB2782] command /c del "C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8803] cmd /c del "C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old"
O4 - Startup: findfast .exe
O4 - Startup: findfast .exe
O4 - Startup: findfast .exe
O4 - Startup: findfast .exe
O4 - Global Startup: autorun .exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/def...x.1.0.0.87.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/def...GameLoader.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/def...s.1.0.0.39.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/def...caploader1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/def...jolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRD.../heartbeat.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/def...rsion=1,0,0,10
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/def...a.1.0.0.46.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8332 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 AmdLLD (AMD Low Level Device Driver) - c:\windows\system32\drivers\amdlld.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200014F1&REV_00\4&2E26DDEC&0&08A4
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200014F1&REV_00\4&2E26DDEC&0&08A4
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-01-11 20:22:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-13 and 2008-01-13 -----------------------------

2008-01-13 21:27:08 4022 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-13 21:24:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-01-13 21:24:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-13 21:16:58 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-13 21:16:58 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-13 21:16:58 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-01-13 21:16:58 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-01-13 21:16:58 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-13 21:16:58 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-13 20:57:08 0 d-------- C:\Program Files\SpywareBlaster
2008-01-13 20:54:44 337920 --a------ C:\WINDOWS\system32\vtutq.exe
2008-01-13 20:54:40 20287 --ahs---- C:\WINDOWS\system32\qtutv.ini2
2008-01-13 20:54:35 334336 --a------ C:\WINDOWS\system32\vtutq.dll
2008-01-13 16:09:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-01-13 15:54:10 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-01-13 15:38:33 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-13 15:38:33 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-13 15:38:33 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-13 15:38:33 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-13 15:38:33 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-13 15:38:33 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-01-13 15:38:33 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-13 15:38:33 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-01-13 15:38:33 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-13 15:38:33 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-01-13 15:38:33 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-13 15:38:33 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-13 15:38:32 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-13 14:19:46 0 d-------- C:\Program Files\Trend Micro
2008-01-13 14:17:00 0 d-------- C:\VundoFix Backups
2008-01-11 23:04:52 66048 --a------ C:\WINDOWS\ieResetIcons.exe <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-01-11 12:41:26 0 d-------- C:\Documents and Settings\Owner\Application Data\EasySpywareCleaner.com
2008-01-11 12:40:51 19080 --a------ C:\WINDOWS\system32\ctfmona .exe
2008-01-11 03:31:45 0 d-------- C:\Program Files\EasySpywareCleaner
2008-01-11 03:07:51 18944 --a------ C:\WINDOWS\system32\wowfx.dll
2008-01-08 18:44:25 0 --a------ C:\Install
2008-01-08 18:44:21 0 d-------- C:\Program Files\Outerinfo
2008-01-08 18:44:14 35328 -----n--- C:\WINDOWS\system32\hggfecb.dll
2007-12-19 17:31:44 118784 --a------ C:\WINDOWS\dsdxirmv.exe
2007-12-15 15:49:01 0 d-------- C:\Program Files\Cakewalk
2007-12-15 15:49:01 0 d-------- C:\Cakewalk Projects
2007-12-15 15:30:37 0 d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2007-12-15 15:28:24 0 d-------- C:\Linksys Driver
2007-12-14 02:33:18 8388608 --a------ C:\Documents and Settings\Owner\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-01-13 21:28:35 0 d-------- C:\Program Files\iTunes
2008-01-13 21:28:33 0 d-------- C:\Program Files\QuickTime
2008-01-13 21:00:43 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-13 15:51:26 0 d-------- C:\Program Files\Common Files
2008-01-13 15:49:55 0 d-------- C:\Program Files\Viewpoint
2008-01-13 15:48:28 0 d-------- C:\Program Files\Registry Cleaner Trial
2008-01-13 15:47:49 0 d-------- C:\Program Files\MySpace
2008-01-13 15:45:40 0 d-------- C:\Program Files\Yahoo!
2008-01-13 15:43:50 0 d-------- C:\Program Files\LimeWire
2008-01-13 15:41:58 0 d-------- C:\Program Files\Common Files\AOL
2008-01-13 13:52:07 0 d-------- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2008-01-09 16:50:47 0 d-------- C:\Program Files\Yahoo! Games
2007-12-28 13:01:32 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-27 16:54:11 0 d-------- C:\Documents and Settings\Owner\Application Data\PlayFirst
2007-12-23 17:07:24 0 d-------- C:\Program Files\Diablo II
2007-12-15 15:49:23 0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05AB4120-EC20-4DB3-821A-DD83F15C09BE}]
C:\WINDOWS\system32\mljge.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}]
01/08/2008 06:44 PM 35328 --------- C:\WINDOWS\system32\hggfecb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F8808B0-DAA4-41E3-BD77-EE166B7AA0D9}]
C:\WINDOWS\system32\pmkhi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2FAB54B-08FC-4214-9F40-83CDB2B410D2}]
C:\WINDOWS\system32\mllmk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [08/03/2006 05:12 AM C:\WINDOWS\soundman.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [01/13/2008 09:28 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [01/13/2008 09:28 PM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [01/13/2008 09:28 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [01/13/2008 09:28 PM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [01/13/2008 09:28 PM]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [01/13/2008 09:28 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [01/13/2008 09:28 PM]
"zzzHPSETUP"="D:\Setup.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [01/13/2008 09:28 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/13/2008 09:28 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/13/2008 09:28 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/13/2008 09:28 PM]
"lsass"="C:\WINDOWS\lsass .exe" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [01/13/2008 09:28 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/13/2008 09:28 PM]
"Registry Cleaner"="C:\Program Files\Registry Cleaner Trial\Regclean.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB2782"=command /c del "C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old"
"SpybotDeletingD8803"=cmd /c del "C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"AOLRebootNeeded"=regsvr32.exe /s
"VundoFix"="C:\Documents and Settings\Owner\Desktop\vundofix.exe"
"SpybotDeletingA7973"=command /c del "C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old"
"SpybotDeletingC5299"=cmd /c del "C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old"

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
findfast .exe [1/13/2008 9:28:23 PM]
findfast .exe [1/13/2008 9:28:24 PM]
findfast .exe [1/13/2008 9:28:24 PM]
findfast .exe [1/13/2008 9:28:24 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
autorun .exe [1/12/2008 10:35:29 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/11/2005 11:49:24 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [7/23/2007 8:22:05 PM]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2/1/2007 7:38:18 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}"= C:\WINDOWS\system32\hggfecb.dll [01/08/2008 06:44 PM 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\wowfx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtutq

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, , xlibgfl254.dll, , , wowfx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32f8ce28-469c-11dc-bbbf-0013d3b1bb15}]
AutoRun\command- J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9a92e7e-5d4e-11dc-bbeb-0013d3b1bb15}]
AutoRun\command- I:\LaunchU3.exe -a

*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD



-- End of Deckard's System Scanner: finished at 2008-01-13 21:47:30 ------------

this is main.txt
omgmizzle is offline