Hey! Well I have quite a few problems.
Here's the story: A few days ago I visited an old site that I used to frequently visit a few years back. Well, something is wrong with the site, and it installed a lot of spyware onto my computer. Ugh- honestly, I havnt had problems with spyware or a virus in such a long time. Anyway- I ran Ad-Aware, which got rid of only a few problems.... and after that, I ran Spybot S&D- which got rid of a lot of things (though not all of them).
Well here's some problems I'm still having:
1) Automatic Updates: Somehow, the spyware disabled my automatic updates. I've tried looking up solutions on the internet, even on Microsoft's website, but none of them helped. When I try to enable the updates, a window pops up saying "We're sorry. The Security Center could not change your Automatic Updates settings. Try...blahblah" -- that didn't work. Microsoft's solution said to go to Run>and type in Services.msc, and go from there. But when I switch to Automatic in the Startup Type, and try to click "Start", a little window-thing just pops up saying "Could not start the Automatic Updates on Local Computer... Error 1058: The service cannot be started, either because it is disabled or it has no enabled devices associated with it." well DUH its disabled! I'm TRYING to enable it!!!! ugh.... Not to mention, because of this, I can't even download updates straight from Microsoft's site anyway.
2) Desktop Gone: At first, when I would re-start my Windows, windows would pop up (windows from the cmd thing in run) would come up and say stuff about errors, and most of the time cause my desktop to dissapear, only leaving my background to see. Well, I fixed the error things, but even though I fixed them, my desktop still seems to dissapear on me at times after a while. And I'll have to just reboot the computer at least 2 times just for my desktop to show up again! (like just a few minutes ago, i tried to open something from my desktop- and it freaked out on me and my taskbar/icons dissapeared. but luckily i had my internet explorer window still up, and when i typed "c:\Documents and Settings", they all came back. :/ )
Panda Activscan Log: well, i dont think it did much. :/
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-06-09 09:49:55
PROTECTIONS: 8
MALWARE: 45
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Avira AntiVir PersonalEdition Classic 6.38.1.98
Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.3.33
Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition Classic 7.0.1.129
Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes No
Avira AntiVir PersonalEdition Classic 7.0.1.129
Yes Yes
Avira AntiVir PersonalEdition 8.0.1.18 Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00013512 adware/searchaid Adware No 0 Yes No hkey_classes_root\clsid\{f18b8f19-2940-0876-54d4-fbe52283d28c}
00013512 adware/searchaid Adware No 0 Yes No hkey_classes_root\clsid\{dd33dd18-4d26-b41e-13da-43f55e371dd6}
00013512 adware/searchaid Adware No 0 Yes No hkey_classes_root\clsid\{5df43c22-150c-58be-5a1e-a8ead02a98c7}
00013512 adware/searchaid Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{0A897F02-3691-B9B2-22B5-29117868FF15}
00013512 adware/searchaid Adware No 0 Yes No hkey_classes_root\clsid\{0a897f02-3691-b9b2-22b5-29117868ff15}
00013512 adware/searchaid Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{F18B8F19-2940-0876-54D4-FBE52283D28C}
00013512 adware/searchaid Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{DD33DD18-4D26-B41E-13DA-43F55E371DD6}
00013512 adware/searchaid Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{5DF43C22-150C-58BE-5A1E-A8EAD02A98C7}
00020302 adware/ncase Adware No 0 Yes No hkey_current_user\software\microsoft\internet explorer\main\search bar_bak
00020302 adware/ncase Adware No 0 Yes No c:\windows\msbb.exe.temp
00020302 adware/ncase Adware No 0 Yes No hkey_current_user\software\microsoft\internet explorer\main\search page_bak
00029007 adware/tvmedia Adware No 0 Yes No c:\documents and settings\alyssa\application data\tvmknwrd.dll
00029007 adware/tvmedia Adware No 0 Yes No c:\program files\tv media
00032724 adware/portalscan Adware No 0 Yes No c:\program files\common files\slmss
00032724 adware/portalscan Adware No 0 Yes No hkey_local_machine\software\whpbgjb
00036016 adware/topmoxie Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{6685509E-B47B-4f47-8E16-9A5F3A62F683}
00039204 adware/cws Adware No 0 Yes No hkey_current_user\software\microsoft\internet explorer\main\start page_bak
00039209 adware/virtualbouncer Adware No 0 Yes No c:\windows\system32\inneradinstall.log
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{a986f4db-792e-4571-8974-0bb6e024766f}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{c0f88e9e-dceb-4655-968a-ae508a677c39}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{d7eac2d8-2d52-4010-a4ad-dfdf60c1706c}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{830d3aed-2fa9-454f-b266-d931862bbf34}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{6e0ed53c-9908-49ed-b055-7cb31b162577}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{9bcdd51b-4a7b-446c-8452-d32d38004582}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{49db48ff-02b5-4645-b676-94a4df1aa026}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{bccab53d-0895-40c3-a942-a03538ce227a}
00040415 adware/wintools Adware No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{8992b6ca-b8c9-4aed-bf89-0a17f6296a06}
00040415 adware/wintools Adware No 0 Yes No hkey_local_machine\software\classes\protocols\name-space handler\res
00040415 adware/wintools Adware No 0 Yes No hkey_classes_root\protocols\name-space handler\res
00040415 adware/wintools Adware No 0 Yes No hkey_local_machine\system\controlset001\enum\root\legacy_wintoolssvc
00041904 adware/sidesearch Adware No 0 Yes No c:\documents and settings\alyssa\application data\lycos
00047863 adware/ieplugin Adware No 0 Yes No c:\windows\kwv2.dat
00047888 adware/iedriver Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{1a00c40b-da85-4aa3-a67f-582d9347eecd}
00047888 adware/iedriver Adware No 0 Yes No hkey_current_user\software\microsoft\internet explorer\extensions\cmdmapping\{1a00c40b-da85-4aa3-a67f-582d9347eecd}
00065260 adware/ipinsight Adware No 0 Yes No c:\windows�inf\polall1r.inf
00092990 Spyware/Apropos Spyware No 1 No No C:\Documents and Settings\Guest\My Documents\Data\all_files4.exe[apropos_client_loader.exe]
00092990 Spyware/Apropos Spyware No 1 No No C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[apropos_client_loader.exe]
00092990 Spyware/Apropos Spyware No 1 No No C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[apropos_client_loader.exe]
00092990 Spyware/Apropos Spyware No 1 No No C:\Documents and Settings\Guest\My Documents\Data\Data\all_files4.exe[apropos_client_loader.exe]
00097668 Adware/PurityScan Adware No 0 No No C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[install_tag002.exe]
00097668 Adware/PurityScan Adware No 0 No No C:\Documents and Settings\Guest\My Documents\Data\all_files4.exe[install_tag002.exe]
00097668 Adware/PurityScan Adware No 0 No No C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[install_tag002.exe]
00097668 Adware/PurityScan Adware No 0 No No C:\Documents and Settings\Guest\My Documents\Data\Data\all_files4.exe[install_tag002.exe]
00111250 Trj/Downloader.OE Virus/Trojan No 0 No No C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][dp-k13w13.exe]
00111250 Trj/Downloader.OE Virus/Trojan No 0 No No C:\Documents and Settings\Guest\My Documents\Data\all_files4.exe[setup233.exe][dp-k13w13.exe]
00111250 Trj/Downloader.OE Virus/Trojan No 0 No No C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][dp-k13w13.exe]
00111250 Trj/Downloader.OE Virus/Trojan No 0 No No C:\Documents and Settings\Guest\My Documents\Data\Data\all_files4.exe[setup233.exe][dp-k13w13.exe]
00117819 Spyware/New.net Spyware No 1 Yes No C:\System Volume Information\_restore{789BB6A8-3318-4B86-BAB2-86DEB9753979}\RP1337\A0294764.EXE
00120350 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][sx.htm]
00120350 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][sx.htm]
00120350 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Guest\My Documents\Data\all_files4.exe[setup233.exe][sx.htm]
00120350 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Guest\My Documents\Data\Data\all_files4.exe[setup233.exe][sx.htm]
00127080 Backdoor Program Virus/Trojan No 0 Yes Yes C:\WINDOWS\SYSTEM32\WwuwSer.exe
00127080 Backdoor Program Virus/Trojan No 0 Yes Yes C:\WINDOWS\SYSTEM32\VgmTO8q.exe
00127080 Backdoor Program Virus/Trojan No 0 Yes Yes C:\WINDOWS\SYSTEM32\JapXq.exe
00132447 adware program Adware No 0 � Yes No c:\windows\ss3unstl.exe
00134624 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Guest\My Documents\Data\all_files4.exe[setup233.exe][ieupdate.exe]
00134624 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][ieupdate.exe]
00134624 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][ieupdate.exe]
00134624 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Guest\My Documents\Data\Data\all_files4.exe[setup233.exe][ieupdate.exe]
00134625 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][td.exe]
00134625 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Guest\My Documents\Data\Data\all_files4.exe[setup233.exe][td.exe]
00134625 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Guest\My Documents\Data\all_files4.exe[setup233.exe][td.exe]
00134625 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][td.exe]
00134626 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Guest\My Documents\Data\all_files4.exe[setup233.exe][IEDRIVER.EXE]
00134626 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][IEDRIVER.EXE]
00134626 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][IEDRIVER.EXE]
00134626 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Guest\My Documents\Data\Data\all_files4.exe[setup233.exe][IEDRIVER.EXE]
00137181 Adware/BrowserAid Adware No 0 No No C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[dist1_1_00.exe]
00137181 Adware/BrowserAid Adware No 0 No No C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[dist1_1_00.exe]
00137181 Adware/BrowserAid Adware No 0 No No C:\Documents and Settings\Guest\My Documents\Data\all_files4.exe[dist1_1_00.exe]
00137181 Adware/BrowserAid Adware No 0 No No C:\Documents and Settings\Guest\My Documents\Data\Data\all_files4.exe[dist1_1_00.exe]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Alyssa\Cookies\alyssa@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Alyssa\Local Settings\Temp\Cookies\alyssa@trafficmp[2].txt
00145348 Cookie/Gator TrackingCookie No 0 Yes No C:\FOUND.032\FILE0000.CHK
00145454 Cookie/Centralmedia TrackingCookie No 0 Yes No C:\FOUND.037\FILE0017.CHK
00168056 Cookie/YieldManager � TrackingCookie No 0 Yes No C:\Documents and Settings\Alyssa\Local Settings\Temp\Cookies\alyssa@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.053\FILE0178.CHK
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.058\FILE0006.CHK
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.050\FILE0109.CHK
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Alyssa\Local Settings\Temp\Cookies\alyssa@advertising[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Alyssa\Local Settings\Temp\Cookies\alyssa@realmedia[2].txt
00193504 Adware/eZula Adware No 0 No No C:\Documents and Settings\Guest\My Documents\Data\Data\all_files4.exe[ezStub.exe]
00193504 Adware/eZula Adware No 0 No No C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[ezStub.exe]
00193504 Adware/eZula Adware No 0 No No C:\Documents and Settings\Guest\My Documents\Data\all_files4.exe[ezStub.exe]
00193504 Adware/eZula Adware No 0 No No C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[ezStub.exe]
00193712 Adware/WindowEnhancer Adware No 0 Yes No C:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll.tcf
00200583 adware/block-checker Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\tkqlhce.com\
00200583 adware/block-checker Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\cc-dt.com\
00200583 adware/block-checker Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\anrdoezrs.net\
00200583 adware/block-checker Adware No 1 Yes No c:\windows\system32\ustart.exe
00200583 adware/block-checker Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\jdoqocy.com\
00200583 adware/block-checker Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\dpbolvw.net\
00208670 Spyware/New.net Spyware No 1 Yes No C:\System Volume Information\_restore{789BB6A8-3318-4B86-BAB2-86DEB9753979}\RP1337\A0296743.EXE
00217379 adware/dollarrevenue Adware No 0 No No c:\windows\timessquare1.dat
00219235 adware/commad Adware No 0 Yes No hkey_local_machine\system\currentcontrolset\services\cmdservice
00219235 adware/commad Adware No 0 Yes No hkey_local_machine\system\controlset001\enum\root\legacy_cmdservice
00219235 adware/commad Adware No 0 Yes No hkey_local_machine\system\controlset001\services\cmdservice
00243573 Adware/SaveNow Ad�are No 0 No No C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[SaveInstCsSm.exe]
00243573 Adware/SaveNow Adware No 0 No No C:\Documents and Settings\Guest\My Documents\Data\Data\all_files4.exe[SaveInstCsSm.exe]
00243573 Adware/SaveNow Adware No 0 No No C:\Documents and Settings\Guest\My Documents\Data\all_files4.exe[SaveInstCsSm.exe]
00243573 Adware/SaveNow Adware No 0 No No C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[SaveInstCsSm.exe]
00262492 Adware/CommAd Adware No 0 Yes No C:\WINDOWS\SmVyaSBEZW5raW5z\mApVum1HtqcOuqcW.vbs
00350959 Spyware/New.net Spyware No 1 Yes No C:\System Volume Information\_restore{789BB6A8-3318-4B86-BAB2-86DEB9753979}\RP1337\A0296742.EXE
00461206 Adware/TVMedia Adware Yes 1 Yes No C:\WINDOWS\SYSTEM32\MAD.DLL
00527204 Application/PRScheduler HackTools No 0 Yes No C:\WINDOWS\PSS\PowerReg Scheduler V3.exeStartup
00527204 Application/PRScheduler HackTools No 0 Yes No C:\Documents and Settings\Alyssa\Desktop\Installations\SpyWare Helpers\Anti-Vir Backups\backup-20050616-084336-271-PowerReg Scheduler V3.exe
00778290 Trj/Qhost.FM Virus/Trojan No 1 No No C:\Documents and Settings\Guest\My Documents\Data\Data\all_files4.exe[SvcHost.exe]
00778290 Trj/Qhost.FM Virus/Trojan No 1 No No C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[SvcHost.exe]
00778290 Trj/Qhost.FM Virus/Trojan No 1 No No C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[SvcHost.exe]
00778290 Trj/Qhost.FM Virus/Trojan No 1 No No C:\Documents and Settings\Guest\My Documents\Data\all_files4.exe[SvcHost.exe]
02901943 Adware/AdsInContext Adware No 0 No No C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[icinstaller.exe]
02901943 Adware/AdsInContext Adware No 0 No No C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[icinstaller.exe]
02901943 Adware/AdsInContext Adware No 0 No No C:\Documents and Settings\Guest\My Documents\Data\Data\all_files4.exe[icinstaller.exe]
02901943 Adware/AdsInContext Adware No 0 No No C:\Documents and Settings\Guest\My Documents\Data\all_files4.exe[icinstaller.exe]
03020910 Bck/BEnergy.M Virus/Trojan No 1 Yes Yes C:\WINDOWS\SYSTEM32\MSSRV32.EXE
03020910 Bck/BEnergy.M Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{789BB6A8-3318-4B86-BAB2-86DEB9753979}\RP1337\A0298743.EXE
03020910 Bck/BEnergy.M Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{789BB6A8-3318-4B86-BAB2-86DEB9753979}\RP1337\A0298754.EXE
03020910 Bck/BEnergy.M Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{789BB6A8-3318-4B86-BAB2-86DEB9753979}\RP1337\A0298762.EXE
03020910 Bck/BEnergy�M Virus/Trojan No 1 Yes Yes C:\System Volume Information\_restore{789BB6A8-3318-4B86-BAB2-86DEB9753979}\RP1337\A0296738.EXE
03020910 Bck/BEnergy.M Virus/Trojan No 1 Yes Yes C:\WINDOWS\TEMP\BN2.TMP
03032060 Adware/VapSup Adware No 0 Yes No C:\WINDOWS\XBQMFSED.EXE
03052662 W32/Socks.E.worm Virus/Worm Yes 1 No No C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\CFTMON.EXE
03052662 W32/Socks.E.worm Virus/Worm No 0 No No C:\DOCUMENTS AND SETTINGS\ALYSSA\CFTMON.EXE
03052662 W32/Socks.E.worm Virus/Worm No 0 No No C:\WINDOWS\SYSTEM32\DRIVERS\SPOOLS.EXE
;===================================================================================================================================================================================
SUSPECTS
Sent Location ^,
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ^,
;===================================================================================================================================================================================
120815 HIGH MS06-022 ^,
;===================================================================================================================================================================================
My DSS main log:
and, of course, the extra.txt log-thingy will be attatched.
Deckard's System Scanner v20071014.68
Run by Alyssa on 2008-06-09 10:08:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
53: 2008-06-09 14:09:32 UTC - RP1338 - Deckard's System Scanner Restore Point
52: 2008-06-07 01:36:33 UTC - RP1337 - Avira AntiVir Personal - 6/6/2008 21:35
51: 2008-06-07 00:17:24 UTC - RP1336 - Last known good configuration
50: 2008-06-06 23:45:43 UTC - RP1335 - Installed Windows Live
49: 2008-06-06 23:44:16 UTC - RP1334 - Installed Windows Live installer
-- First Restore Point --
1: 2008-04-23 07:46:58 UTC - RP1286 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 255 MiB (512 MiB recommended).
-- HijackThis (run as Alyssa.exe) ----------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-09 10:15:12
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\LocalService\cftmon.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Alyssa\Desktop\Installations\SpyWare Helpers\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://daizex.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://my.lycos.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ie
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {c212643f-e3bb-4797-8458-d7d1c455677f} - C:\WINDOWS\SYSTEM32\qoMeBrqo.dll
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O2 - BHO: (no name) - {DA7DC5AC-FD40-45FA-9F03-A66A4D467B63} - C:\WINDOWS\SYSTEM32\jkkICtrO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: nmwegbsf - {8BCDB708-77A2-4C1C-B35C-C81FDCC045EF} - C:\WINDOWS\nmwegbsf.dll (file missing)
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\Alyssa\LOCALS~1\Temp\rbnpsrv.exe/r
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Alyssa\cftmon.exe
O4 - HKLM\..\Run: [10551e76] rundll32.exe "C:\WINDOWS\system32\mmyqocpv.dll",b
O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Alyssa\LOCALS~1\Temp\winlogan.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [InstallProgram] C:\DOCUME~1\Alyssa\LOCALS~1\Temp\setup_526_1_.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Alyssa\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Alyssa\cftmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [oiwo] C:\PROGRA~1\COMMON~1\oiwo\oiwom.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [oiwo] C:\PROGRA~1\COMMON~1\oiwo\oiwom.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\nwprovau.dll
O15 - Trusted Zone:
https://www.dbgforums.com (HKCU)
O15 - Trusted IP Range: (HKLM)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () -
http://codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} () -
http://codecs.microsoft.com/codecs/i386/voxacm.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) -
http://fpdownload.macromedia.com/get...irector/sw.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) -
http://67.15.101.3/g_bin/eng/boards_2_0_0_20.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,911,0
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} () -
http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...?1155644189618
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} () -
http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () -
http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://download.yahoo.com/dl/mail/ymmapi.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} () -
http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/get...nt/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) -
http://upload.facebook.com/controls/...ploader4_5.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O20 - AppInit_DLLs: mad.dll
O20 - Winlogon Notify: qomebrqo - C:\WINDOWS\system32\qoMeBrqo.dll
O20 - Winlogon Notify: winctrl32 - C:\WINDOWS\system32\WinCtrl32.dll
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (antivirscheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - C:\WINDOWS\SYSTEM32\mssrv32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\HPZipm12.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\spools.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 12184 bytes
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-153
.com - comfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,2
.exe - exefile - shell\open\command - C:\WINDOWS\system32\drivers\spools.exe "%1" %*
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,23
.ini - inifile - DefaultIcon - shell32.dll,-151
.js - JSFile - shell\open\command - unable to read value
.txt - txtfile - shell\open\command - notepad.exe %1
.vbs - VBSFile - shell\open\command - unable to read value
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 winot73 - c:\windows\system32\drivers\winot73.sys (file missing)
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S0 Teefer (Teefer for NT) - c:\windows\\systemroot\system32\drivers\teefer.sys (file missing)
S1 hcnwg4u - c:\windows\system32\hcnwg4u.sys
S1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys (file missing)
S2 PAVDRV (Panda anti-virus driver) - c:\windows\system32\drivers\pavdrv51.sys (file missing)
S2 wg3n (SyGate for NT, wg3n) - c:\windows\system32\drivers\wg3n.sys (file missing)
S3 ComFiltr (Panda Anti-Dialer) - c:\windows\system32\drivers\comfiltr.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 rdriv - c:\windows\system32\rdriv.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 antivirscheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
S2 AIM (AOL Instant Messanger) - "c:\windows\aim.exe" (file missing)
S2 msupdate (Microsoft security update service) - c:\windows\system32\mssrv32.exe
S2 PAVFIRES (Panda Firewall Service) - c:\program files\panda software\panda platinum internet security\firewall\pavfires.exe (file missing)
S2 PAVSRV (Panda anti-virus service) - "c:\program files\panda software\panda platinum internet security\pavsrv51.exe" (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-06-07 10:30:02 390 --a------ C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job
2008-06-07 09:00:02 502 --a------ C:\WINDOWS\Tasks\Tune-up Application Start.job
2008-06-03 01:00:04 494 --a------ C:\WINDOWS\Tasks\Maintenance-Defragment programs.job
2008-06-01 00:30:02 532 --a------ C:\WINDOWS\Tasks\Maintenance-Disk cleanup.job
2004-08-25 15:59:32 346 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1085255803.job
-- Files created between 2008-05-09 and 2008-06-09 -----------------------------
2008-06-09 09:59:46 0 dr-h----- C:\Documents and Settings\Alyssa\Recent
2008-06-09 02:23:34 92544 --a------ C:\WINDOWS\system32\mmyqocpv.dll
2008-06-08 19:55:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-08 19:51:26 0 d-------- C:\Program Files\Panda Security
2008-06-08 19:51:11 0 d-------- C:\WINDOWS\LastGood
2008-06-08 18:42:12 7680 --a------ C:\Documents and Settings\Guest\cftmon.exe
2008-06-08 08:08:58 92544 --a------ C:\WINDOWS\system32\qawcoiug.dll
2008-06-08 06:34:20 7680 --a------ C:\Documents and Settings\Alyssa\cftmon.exe
2008-06-08 06:33:41 7680 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-06-07 23:10:33 12792 -----n--- C:\WINDOWS\system32\mssrv32.exe
2008-06-06 21:37:45 0 d-------- C:\Program Files\Avira
2008-06-06 21:37:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-06 21:17:42 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-06 20:18:26 92544 --a------ C:\WINDOWS\system32\cbblbqiu.dll
2008-06-06 20:16:35 391428 --ahs---- C:\WINDOWS\system32\OrtCIkkj.ini2
2008-06-06 20:16:27 320256 --a------ C:\WINDOWS\system32\jkkICtrO.dll
2008-06-06 20:11:23 15360 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-06-06 20:11:05 29824 --a------ C:\WINDOWS\system32\qoMeBrqo.dll
2008-06-06 20:10:44 139264 --a------ C:\WINDOWS\eslm.exe
2008-06-06 20:10:43 81920 --a------ C:\WINDOWS\xbqmfsed.exe
2008-06-06 20:10:43 245760 --a------ C:\WINDOWS\nogxfvblqld.dll
2008-06-06 20:07:44 0 --a------ C:\274013913
2008-06-06 20:07:36 7680 --a------ C:\WINDOWS\system32\drivers\spools.exe
2008-06-06 20:07:22 71602 --a------ C:\WINDOWS\system32\hcnwg4u.sys
2008-06-06 20:07:20 7680 --a------ C:\xnphs.exe
2008-06-06 19:44:52 0 d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-06 19:44:28 0 d-------- C:\Program Files\Windows Live
2008-06-06 19:43:24 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-04 08:39:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-11 14:27:00 0 d-------- C:\Program Files\TV Media
-- Find3M Report ---------------------------------------------------------------
2008-05-11 14:21:58 7168 --ahs---- C:\Program Files\Common Files\Thumbs.db
2008-04-22 15:55:20 0 d-------- C:\Documents and Settings\Alyssa\Application Data\acccore
2008-04-22 15:46:54 0 d-------- C:\Program Files\AIM6
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c212643f-e3bb-4797-8458-d7d1c455677f}]
06/06/2008 08:11 PM 29824 --a------ C:\WINDOWS\system32\qoMeBrqo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af49a2-94f3-42bd-f434-2604812c897d}]
C:\WINDOWS\system32\jfiehayd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA7DC5AC-FD40-45FA-9F03-A66A4D467B63}]
06/06/2008 08:16 PM 320256 --a------ C:\WINDOWS\system32\jkkICtrO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" [06/06/2008 08:07 PM]
"advap32"="C:\DOCUME~1\Alyssa\LOCALS~1\Temp\rbnpsrv.exe/r" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/24/2006 03:24 AM]
"autoload"="C:\Documents and Settings\Alyssa\cftmon.exe" [06/06/2008 08:07 PM]
"10551e76"="C:\WINDOWS\system32\mmyqocpv.dll" [06/09/2008 02:23 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"jdgf894jrghoiiskd"="C:\DOCUME~1\Alyssa\LOCALS~1\Temp\winlogan.exe" []
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" [06/06/2008 08:07 PM]
"InstallProgram"="C:\DOCUME~1\Alyssa\LOCALS~1\Temp\setup_526_1_.exe" []
"Jnskdfmf9eldfd"="C:\DOCUME~1\Alyssa\LOCALS~1\Temp\csrssc.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"autoload"="C:\Documents and Settings\Alyssa\cftmon.exe" [06/06/2008 08:07 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe"
"oiwo"=C:\PROGRA~1\COMMON~1\oiwo\oiwom.exe
"ntuser"=C:\WINDOWS\system32\drivers\spools.exe
"autoload"=C:\Documents and Settings\LocalService\cftmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C5AF49A2-94F3-42BD-F434-2604812C897D}"= C:\WINDOWS\system32\jfiehayd.dll [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C212643F-E3BB-4797-8458-D7D1C455677F}"= C:\WINDOWS\system32\qoMeBrqo.dll [06/06/2008 08:11 PM 29824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomebrqo]
qoMeBrqo.dll 06/06/2008 08:11 PM 29824 C:\WINDOWS\SYSTEM32\qoMeBrqo.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winctrl32]
WinCtrl32.dll 06/08/2008 08:05 AM 15360 C:\WINDOWS\SYSTEM32\WinCtrl32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=mad.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkICtrO
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winot73.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Runner.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Runner.LNK
backup=C:\WINDOWS\pss\Runner.LNKCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jerisue^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\jerisue\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM95\aim.exe -cnetwait.odl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bargains]
C:\Program Files\Bargain Buddy\bin\bargains.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DealHelperUpdate]
C:\WINDOWS\DHUpdt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZWO]
C:\PROGRA~1\Web Offer\wo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HXIUL.EXE]
C:\Program Files\Alset\HelpExpress\jerisue\HXIUL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\Money Express.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan]
C:\Program Files\Power Scan\powerscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHAgent]
C:\WINDOWS\System32\SahAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer]
C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
C:\Program Files\VVSN\VVSN.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSavingsfromEbates]
wjview /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows auto update]
msblast.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xqjibmmkbzwl]
C:\WINDOWS\System32\qnlrbt.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MoneyStartUp"=C:\Program Files\Microsoft Money\System\Money Startup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe
"HPStart"=c:\hp\hpcoach\hpstart.wsf
"Tour"=C:\WINDOWS\wincool.exe /30m
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"MMTray"=C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
"hpsysdrv"=C:\WINDOWS\SYSTEM32\hpsysdrv.exe
"Delay"=C:\WINDOWS\delayrun.exe
"MotiveMonitor"=C:\Program Files\Motive\motmon.exe
"mgavrtclexe"=C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
"wcmdmgr"=C:\WINDOWS\wt\wcmdmgrl.exe -launch
"LoadQM"=loadqm.exe
"CMESys"="C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
"webHancer Agent"="C:\Program Files\webHancer\Programs\whAgent.exe"
"OEMCleanup"=C:\WINDOWS\OPTIONS\OEMRESET.EXE /O
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*Newly Created Service* - RKPAVPROC
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
-- End of Deckard's System Scanner: finished at 2008-06-09 10:20:48 ------------
Also, i noticed after I scanned with the Deckard's Scanner, some stuff got put into my documents, like some images, and something called
"desktop.ini", "hpothb07.dat", "hpothb07.tif", and "Thumbs.db" -
I can delete them, right? What are they?