Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Can't Run Ad-aware 2007
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 11-29-2007, 08:12 PM   #1 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 22
OS: xp


Can't Run Ad-aware 2007
It was working fine until recently "system error 1080". I would log on to my pc and control panel disappeared. Then i was only able to log off, no other options. Then when i tried to run security for my firewall it said restricted see system administrator even after i logged on as administrator. I did the 5steps before posting. also ran "smitfraudfix", then fan "dss" so here is my

main.txt
Deckard's System Scanner v20071014.68
Run by Administrator on 2007-11-29 19:56:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-11-30 03:56:26 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2007-11-30 03:00:44 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:19 PM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\TEMP\winA4D.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://s2.thezirius.com/?pid=1014&dt=2007-11-21&v=8
O2 - BHO: (no name) - {0355C51B-E82C-48F3-A6A9-FF92CEC1E307} - C:\WINDOWS\system32\gebcy.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} - C:\WINDOWS\system32\awtstut.dll
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - C:\Program Files\kcyhfzxx\azkwxhfy.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] -C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] -C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pqxcbwra] -regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pqxcbwra.dll"
O4 - HKLM\..\Run: [LSBWatcher] -c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] -"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] -C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] -C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehTray] -C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] -C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] -C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] -"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winA4D.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1192401233814
O20 - Winlogon Notify: awtstut - C:\WINDOWS\SYSTEM32\awtstut.dll
O20 - Winlogon Notify: winpdc32 - C:\WINDOWS\SYSTEM32\winpdc32.dll
O21 - SSODL: E404Helper - {06a57c19-3bae-49cd-b275-e9e637b7ba8c} - e404d.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - -"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - -"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (file missing)
O23 - Service: Apple Mobile Device - Unknown owner - -"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - -"C:\Program Files\Bonjour\mDNSResponder.exe" (file missing)
O23 - Service: Media Center Receiver Service (ehRecvr) - Unknown owner - C:\WINDOWS\eHome\ehRecvr.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Unknown owner - -"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Unknown owner - -C:\Program Files\HPQ\shared\hpqwmi.exe (file missing)
O23 - Service: iPod Service - Unknown owner - -"C:\Program Files\iPod\bin\iPodService.exe" (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - -"C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)

--
End of file - 6461 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 aawservice (Ad-Aware 2007 Service) - -"c:\program files\lavasoft\ad-aware 2007\aawservice.exe" (file missing)
S2 Apple Mobile Device - -"c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" (file missing)
S2 Ati HotKey Poller - c:\windows\system32\ati2evxx.exe (file missing)
S2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - -"c:\program files\bonjour\mdnsresponder.exe" (file missing)
S2 ehRecvr (Media Center Receiver Service) - c:\windows\ehome\ehrecvr.exe (file missing)
S2 LightScribeService (LightScribeService Direct Disc Labeling Service) - -"c:\program files\common files\lightscribe\lssrvc.exe" (file missing)
S3 Adobe LM Service - -"c:\program files\common files\adobe systems shared\service\adobelmsvc.exe" (file missing)
S3 FLEXnet Licensing Service - -"c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" (file missing)
S3 gusvc (Google Updater Service) - -"c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)
S3 hpqwmi (HP WMI Interface) - -c:\program files\hpq\shared\hpqwmi.exe (file missing)
S3 iPod Service - -"c:\program files\ipod\bin\ipodservice.exe" (file missing)
S3 ose (Office Source Engine) - -"c:\program files\common files\microsoft shared\source engine\ose.exe" (file missing)
S3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - -"c:\program files\windows media player\wmpnetwk.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-10-29 and 2007-11-29 -----------------------------

2007-11-29 19:59:11 0 d-------- C:\Program Files\Trend Micro
2007-11-29 19:50:20 0 d-------- C:\Program Files\SpywareBlaster
2007-11-29 19:49:30 11776 --a------ C:\WINDOWS\mgrs.exe
2007-11-29 19:26:36 0 d-------- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Application Data\Sun
2007-11-29 18:44:13 0 d-------- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Application Data\Google
2007-11-29 18:43:51 0 d-------- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Application Data\Identities
2007-11-27 20:56:13 0 d-------- C:\Program Files\Ultimate Cleaner
2007-11-27 20:52:18 41472 --a------ C:\WINDOWS\system32\e404d.dll <Not Verified; Melkosoft Corporation; avp>
2007-11-26 20:58:35 23817 --a------ C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Application Data\info.dat
2007-11-25 10:33:16 0 d-------- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Application Data\Macromedia
2007-11-25 10:29:48 0 d-------- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Application Data\Mozilla
2007-11-25 07:59:47 0 d--hs---- C:\WINDOWS\CSC
2007-11-23 17:13:29 110592 --a------ C:\Documents and Settings\All Users\Application Data\pqxcbwra.dll
2007-11-23 17:13:25 0 d-------- C:\Program Files\kcyhfzxx
2007-11-23 17:13:15 0 d-------- C:\Program Files\Ultimate Defender
2007-11-23 17:13:10 19968 --a------ C:\WINDOWS\system32\xlibgfl254.dll
2007-11-23 1747 9728 -----n--- C:\Program Files\xloader10181.exe
2007-11-22 10:08:56 0 d-------- C:\WINDOWS\system32\appmgmt
2007-11-22 10:04:10 0 d--h----- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Templates
2007-11-22 10:04:10 0 dr------- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Start Menu
2007-11-22 10:04:10 0 dr-h----- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\SendTo
2007-11-22 10:04:10 0 dr-h----- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Recent
2007-11-22 10:04:10 0 d--h----- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\PrintHood
2007-11-22 10:04:10 0 d--h----- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\NetHood
2007-11-22 10:04:10 0 dr------- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\My Documents
2007-11-22 10:04:10 0 d--h----- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Local Settings
2007-11-22 10:04:10 0 dr------- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Favorites
2007-11-22 10:04:10 0 d-------- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Desktop
2007-11-22 10:04:10 0 d--hs---- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Cookies
2007-11-22 10:04:10 0 dr-h----- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Application Data
2007-11-22 10:04:09 1310720 --ah----- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\NTUSER.DAT
2007-11-22 09:28:30 0 d-------- C:\Program Files\E404 Helper
2007-11-22 09:27:22 10240 --a------ C:\Program Files\spoolsv.exe <Not Verified; NoName Corp.; NNC module>
2007-11-22 09:27:22 14900 --a------ C:\Program Files\3269.exe
2007-11-18 22:57:01 6495 ---hs---- C:\WINDOWS\system32\ycbeg.bak2
2007-11-18 11:18:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-11-18 1159 0 d-------- C:\Documents and Settings\Administrator\Templates
2007-11-18 1159 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2007-11-18 1159 0 d-------- C:\Documents and Settings\Administrator\Cookies
2007-11-18 1159 0 d-------- C:\Documents and Settings\Administrator\Application Data
2007-11-18 1159 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-18 1158 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-18 11:01:59 0 d-------- C:\WINDOWS\pss
2007-11-18 10:56:55 6470 ---hs---- C:\WINDOWS\system32\ycbeg.bak1
2007-11-18 10:56:16 325728 --a------ C:\WINDOWS\system32\gebcy.dll
2007-11-18 10:11:28 0 d-------- C:\Program Files\Lavasoft
2007-11-18 10:11:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-18 10:11:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-18 09:24:28 15360 --a------ C:\WINDOWS\system32\drvzalr.dll
2007-11-18 09:22:04 36352 --a------ C:\WINDOWS\system32\ssqqpno.dll
2007-11-18 09:21:38 24576 --a------ C:\WINDOWS\system32\winpdc32.dll
2007-11-18 09:21:36 38912 --a------ C:\WINDOWS\system32\awtstut.dll
2007-11-15 18:35:11 1156 --a------ C:\WINDOWS\mozver.dat
2007-11-13 17:39:06 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-07 22:08:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-07 22:01:48 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-07 21:16:33 0 d-------- C:\Program Files\uCertify
2007-11-07 20:45:54 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-07 20:35:05 0 d-------- C:\Program Files\Bonjour
2007-11-07 20:27:35 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-06 16:18:33 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-06 16:16:38 0 d-------- C:\Program Files\MagicISO
2007-11-01 16:05:31 0 d-------- C:\Program Files\uTorrent
2007-10-30 19:28:24 0 d-------- C:\Program Files\ImgBurn


-- Find3M Report ---------------------------------------------------------------

2007-11-19 16:27:26 0 d-------- C:\Program Files\HPQ
2007-11-18 10:11:04 0 d-------- C:\Program Files\Common Files
2007-10-28 11:30:59 0 d-------- C:\Program Files\DVD Shrink
2007-10-28 11:29:26 0 d-------- C:\Program Files\DVD Decrypter
2007-10-17 16:58:06 0 d-------- C:\Program Files\Google
2007-10-14 17:26:18 0 d-------- C:\Program Files\iTunes
2007-10-14 17:26:08 0 d-------- C:\Program Files\iPod
2007-10-14 17:25:36 0 d-------- C:\Program Files\QuickTime
2007-10-14 17:25:13 0 d-------- C:\Program Files\Apple Software Update
2007-10-14 17:25:00 0 d-------- C:\Program Files\Common Files\Apple
2007-10-14 16:45:24 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-14 16:44:32 0 d-------- C:\Program Files\Microsoft.NET
2007-10-14 16:38:58 0 d-------- C:\Program Files\Common Files\LightScribe
2007-10-14 15:53:28 0 d-------- C:\Program Files\MSXML 6.0
2007-10-14 15:38:17 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-14 15:36:45 0 d-------- C:\Program Files\MSBuild
2007-10-14 15:33:49 0 d-------- C:\Program Files\Reference Assemblies
2007-10-14 14:01:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-14 14:00:49 0 d-------- C:\Program Files\Java
2007-10-14 14:00:24 0 d-------- C:\Program Files\Common Files\Java
2007-10-14 14:00:13 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-14 13:59:16 0 d-------- C:\Program Files\Sonic
2007-10-14 13:59:16 0 d-------- C:\Program Files\Common Files\TiVo Shared
2007-10-14 13:58:38 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-10-14 13:58:28 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-10-14 13:56:25 50 --a------ C:\AUTOEXEC.BAT
2007-10-14 13:56:10 0 d-------- C:\Program Files\muvee Technologies
2007-10-14 13:56:10 0 d-------- C:\Program Files\Common Files\muvee Technologies
2007-10-14 13:55:50 0 d-------- C:\Program Files\Zone.com
2007-10-14 13:53:39 0 d-------- C:\Program Files\Messenger
2007-10-14 13:42:06 0 d-------- C:\Program Files\Hp
2007-10-14 13:42:06 0 d-------- C:\Program Files\Hewlett-Packard
2007-10-14 13:34:13 0 d-------- C:\Program Files\Common Files\InterVideo
2007-10-14 13:34:04 0 d-------- C:\Program Files\InterVideo
2007-10-14 13:31:32 0 d-------- C:\Program Files\ATI Technologies
2007-10-14 13:30:38 0 d-------- C:\Program Files\Synaptics
2007-10-14 13:29:51 0 d-------- C:\Program Files\CONEXANT
2007-10-14 13:28:47 0 d-------- C:\Program Files\AMD
2007-10-14 13:21:12 0 d-------- C:\Program Files\microsoft frontpage
2007-10-14 13:20:56 0 -rahs---- C:\MSDOS.SYS
2007-10-14 13:20:56 0 -rahs---- C:\IO.SYS
2007-10-14 13:20:56 0 --a------ C:\CONFIG.SYS
2007-10-14 13:19:21 0 d--h----- C:\Program Files\WindowsUpdate
2007-10-14 13:18:32 0 d-------- C:\Program Files\Common Files\MSSoap
2007-10-14 13:18:21 0 d-------- C:\Program Files\Movie Maker
2007-10-14 13:16:59 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-10-14 13:16:41 0 d-------- C:\Program Files\Online Services
2007-10-14 13:16:08 0 d-------- C:\Program Files\Windows Plus
2007-10-14 13:13:40 0 d-------- C:\Program Files\MSN Gaming Zone
2007-10-14 13:13:33 0 d-------- C:\Program Files\Windows NT
2007-10-14 06:07:49 0 d-------- C:\Program Files\Common Files\ODBC
2007-10-14 06:07:46 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-10-14 06:07:26 62 --ahs---- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0355C51B-E82C-48F3-A6A9-FF92CEC1E307}]
11/18/2007 10:56 AM 325728 --a------ C:\WINDOWS\system32\gebcy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C80EAD3-74CD-4700-83A4-AA878CD1C03C}]
11/18/2007 09:21 AM 38912 --a------ C:\WINDOWS\system32\awtstut.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}]
11/23/2007 05:13 PM 110592 --a------ C:\Program Files\kcyhfzxx\azkwxhfy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="-C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" []
"SunJavaUpdateSched"="-C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"pqxcbwra"="-regsvr32 /u C:\Documents and Settings\All Users\Application Data\pqxcbwra.dll" []
"LSBWatcher"="-c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" []
"iTunesHelper"="-C:\Program Files\iTunes\iTunesHelper.exe" []
"hpWirelessAssistant"="-C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" []
"HP Software Update"="-C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" []
"ehTray"="-C:\WINDOWS\ehome\ehtray.exe" []
"eabconfg.cpl"="-C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" []
"Cpqset"="-C:\Program Files\HPQ\Default Settings\cpqset.exe" []
"ATIPTA"="-C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" []
"avp"="C:\WINDOWS\TEMP\winA4D.exe" []
"smgr"="mgrs.exe" [11/29/2007 07:49 PM C:\WINDOWS\mgrs.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/10/2007 10:07 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 04:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2C80EAD3-74CD-4700-83A4-AA878CD1C03C}"= C:\WINDOWS\system32\awtstut.dll [11/18/2007 09:21 AM 38912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"= {06a57c19-3bae-49cd-b275-e9e637b7ba8c} - e404d.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtstut]
awtstut.dll 11/18/2007 09:21 AM 38912 C:\WINDOWS\system32\awtstut.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpdc32]
winpdc32.dll 11/18/2007 09:21 AM 24576 C:\WINDOWS\system32\winpdc32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebcy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- Hosts -----------------------------------------------------------------------

10.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 ar.atwola.com
10.18.250.4 atdmt.com
10.18.250.4 avp.ch
10.18.250.4 avp.com
10.18.250.4 avp.ru
10.18.250.4 awaps.net
10.18.250.4 banner.fastclick.net

79 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-11-29 20:00:17 ------------




and my extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Turion(tm) 64 Mobile Technology ML-40
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 1022.17 MiB / 584.9 MiB
Pagefile Memory (total/avail): 2459.25 MiB / 2165.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.13 MiB

C: is Fixed (NTFS) - 74.33 GiB total, 59.67 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)

\\.\PHYSICALDRIVE1 - MemoryStickPro2 Device - 951 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 949.82 MiB - E:

\\.\PHYSICALDRIVE0 - ST98823A - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 74.33 GiB - C:
\PARTITION1 - Unknown - 203.95 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\xloader10181.exe"="C:\\Program Files\\xloader10181.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Raymond Huerta\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Raymond Huerta\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Raymond Huerta\\Application Data\\trant.exe"="C:\\Documents and Settings\\Raymond Huerta\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Raymond Huerta\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Raymond Huerta\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Raymond Huerta\\Application Data\\ppldr.exe"="C:\\Documents and Settings\\Raymond Huerta\\Application Data\\ppldr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Administrator.RAYMOND-D8FBE0E\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Administrator.RAYMOND-D8FBE0E\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\DOCUME~1\\RAYMON~1\\LOCALS~1\\Temp\\win38.exe"="C:\\DOCUME~1\\RAYMON~1\\LOCALS~1\\Temp\\win38.exe:*:Enabled:win38"
"C:\\Program Files\\xloader10181.exe"="C:\\Program Files\\xloader10181.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Raymond Huerta\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Raymond Huerta\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Raymond Huerta\\Application Data\\trant.exe"="C:\\Documents and Settings\\Raymond Huerta\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Raymond Huerta\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Raymond Huerta\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Raymond Huerta\\Application Data\\ppldr.exe"="C:\\Documents and Settings\\Raymond Huerta\\Application Data\\ppldr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Administrator.RAYMOND-D8FBE0E\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Administrator.RAYMOND-D8FBE0E\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RAYMOND-D8FBE0E
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator.RAYMOND-D8FBE0E
LOGONSERVER=\\RAYMOND-D8FBE0E
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\PROGRA~1\Java\JRE15~1.0_0\bin;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;.
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2402
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1.RAY\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1.RAY\LOCALS~1\Temp
USERDOMAIN=RAYMOND-D8FBE0E
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Raymond Huerta (admin)
Administrator.RAYMOND-D8FBE0E (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Broadcom 802.11 Wireless LAN Adapter --> C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\UIU32a.exe -U -ICPL309BA.INF
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP User Guides 0012 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{984DED38-AD2A-4143-8412-C3827A920BE5}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 1.01 C1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.10) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
muvee autoProducer 4.0 - SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}\setup.exe" -l0x9
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Quick Launch Buttons 5.20 D2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x9 REMOVE
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378\HXFSETUP.EXE -U -Icpl309bk.inf
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FF6F491D-BC82-4DCC-A72F-1824957C6466} /l1033
Ultra soft --> C:\Documents and Settings\Raymond Huerta\Application Data\ultra\uninstall.bat
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Media Center Edition 2005 KB894553 --> C:\WINDOWS\$NtUninstallKB894553$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
Zone Deluxe Games --> MsiExec.exe /I{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}


-- Application Event Log -------------------------------------------------------

Event Record #/Type624 / Error
Event Submitted/Written: 11/29/2007 07:48:16 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16544, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type622 / Error
Event Submitted/Written: 11/29/2007 07:39:01 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: Microsoft Office Professional Edition 2003 -- Error 25090. Office Setup encountered a problem with the Office Source Engine, system error: -2147024894. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look for "Office Source Engine" for information on how to resolve this problem.

Event Record #/Type621 / Warning
Event Submitted/Written: 11/29/2007 07:38:43 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'OfficeUserData', component '{4A31E933-6F67-11D2-AAA2-00A0C90F57B0}' failed. The resource 'HKEY_CURRENT_USER\Software\ODBC\ODBC.INI\MS Access Database\' does not exist.

Event Record #/Type619 / Error
Event Submitted/Written: 11/29/2007 07:24:57 PM
Event ID/Source: 3011 / LoadPerf
Event Description:
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Event Record #/Type618 / Error
Event Submitted/Written: 11/29/2007 07:24:57 PM
Event ID/Source: 3012 / LoadPerf
Event Description:
The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4626 / Error
Event Submitted/Written: 11/29/2007 07:40:35 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Office Source Engine service failed to start due to the following error:
%%2

Event Record #/Type4625 / Error
Event Submitted/Written: 11/29/2007 07:40:32 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Office Source Engine service failed to start due to the following error:
%%2

Event Record #/Type4617 / Error
Event Submitted/Written: 11/29/2007 07:38:53 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Office Source Engine service failed to start due to the following error:
%%2

Event Record #/Type4582 / Error
Event Submitted/Written: 11/29/2007 07:20:57 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service failed to start due to the following error:
%%2

Event Record #/Type4581 / Error
Event Submitted/Written: 11/29/2007 07:20:57 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Apple Mobile Device service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2007-11-29 20:00:17 ------------



please email me at rhuerta87@yahoo.com since this is my 1st time posting and visiting the site.

thanks for all the help. Hopefully you can help me get my computer up and running like brand new again.
Last edited by smilez; 11-29-2007 at 08:19 PM.
smilez is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 11-30-2007, 07:44 PM   #2 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 22
OS: xp


Re: Can't Run Ad-aware 2007
OH AND ALSO... when my computer starts "ultimate cleaner" tries to be installed. "find spyware remover" "free online dating" "go to casino"

come up in my desktop.
smilez is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-30-2007, 09:10 PM   #3 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,560
OS: 2000 Pro; XP Pro; XP Home


Re: Can't Run Ad-aware 2007
Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

    * IMPORTANT !!! Place combofix.exe on your Desktop


  2. Disconnect from the internet....pull the plug!
  3. Go to -> Run -> paste in the following single line command & click OK

    "%userprofile%\desktop\combofix.exe" /killall



  4. Follow the prompts. Type "1" and press Enter to begin the scan.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  7. Re-establish an internet connection.

  8. I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer.

    Install this FREE AntiVirus program, update it, and run a full system scan.

    Avira PersonalEdition Classic

    Here is a tutorial on it's setup and use:

    http://www.techsupportforum.com/cont...ticles/64.html

    Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

    ---------------------------------------------------------------------------------------------

  9. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-01-2007, 03:33 PM   #4 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 22
OS: xp


Re: Can't Run Ad-aware 2007
ComboFix 07-12-02.4 - Administrator 2007-12-01 15:18:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.661 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Local Settings\Temporary Internet Files\Content.IE5\KXIVC9YN\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Start Menu\Programs\Startup\findfast.exe
C:\Documents and Settings\All Users\Application Data.\pqxcbwra.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Program Files\3269.exe
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\Program Files\Ultimate Defender
C:\Program Files\xloader10181.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\shell.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\awtstut.dll
C:\WINDOWS\system32\cuaricrp.exe
C:\WINDOWS\system32\drvzalr.dll
C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\micsxtys.dll
C:\WINDOWS\system32\ndawfcgr.exe
C:\WINDOWS\system32\nflodaua.exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\puvgjmxc.exe
C:\WINDOWS\system32\rihvpbvq.dll
C:\WINDOWS\system32\spoolvs.exe
C:\WINDOWS\system32\ssqqpno.dll
C:\WINDOWS\system32\winpdc32.dll
C:\WINDOWS\system32\xlibgfl254.dll
C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.bak2
C:\WINDOWS\system32\ycbeg.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.

2007-11-30 20:28 . 2007-11-30 20:45 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-30 20:28 . 2007-11-30 20:28 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-30 20:28 . 2007-11-30 20:28 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-30 20:28 . 2007-11-30 20:28 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-30 19:52 . 2007-12-01 14:55 3,078 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-30 19:51 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-30 19:51 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-30 19:51 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-30 19:51 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-30 19:51 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-29 19:59 . 2007-11-29 19:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-29 19:56 . 2007-11-29 19:56 <DIR> d-------- C:\Deckard
2007-11-29 19:50 . 2007-11-29 19:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-27 20:52 . 2007-11-27 20:52 41,472 --a------ C:\WINDOWS\system32\e404d.dll
2007-11-26 20:58 . 2007-11-26 22:43 23,817 --a------ C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Application Data\info.dat
2007-11-23 17:13 . 2007-11-23 17:13 <DIR> d-------- C:\Program Files\kcyhfzxx
2007-11-22 09:28 . 2007-11-23 17:00 <DIR> d-------- C:\Program Files\E404 Helper
2007-11-22 09:27 . 2007-11-30 19:45 10,240 --a------ C:\Program Files\spoolsv.exe
2007-11-18 17:02 . 2007-11-29 17:48 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-18 10:11 . 2007-11-18 10:11 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-18 10:11 . 2007-11-18 10:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-18 10:11 . 2007-11-18 10:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-15 18:35 . 2007-11-15 18:35 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-13 17:39 . 2007-11-13 17:39 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-07 22:08 . 2007-11-07 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-07 22:01 . 2007-11-07 22:01 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-07 21:16 . 2007-11-07 21:16 <DIR> d-------- C:\Program Files\uCertify
2007-11-07 20:45 . 2007-11-07 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-07 20:35 . 2007-11-07 20:35 <DIR> d-------- C:\Program Files\Bonjour
2007-11-07 20:27 . 2007-11-07 20:27 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-06 20:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-06 16:18 . 2007-11-07 22:02 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-06 16:16 . 2007-11-29 18:39 <DIR> d-------- C:\Program Files\MagicISO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 06:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-11-20 00:27 --------- d-----w C:\Program Files\HPQ
2007-11-02 00:05 --------- d-----w C:\Program Files\uTorrent
2007-10-31 03:28 --------- d-----w C:\Program Files\ImgBurn
2007-10-28 21:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-28 19:30 --------- d-----w C:\Program Files\DVD Shrink
2007-10-28 19:29 --------- d-----w C:\Program Files\DVD Decrypter
2007-10-18 00:58 --------- d-----w C:\Program Files\Google
2007-10-15 01:26 --------- d-----w C:\Program Files\iTunes
2007-10-15 01:26 --------- d-----w C:\Program Files\iPod
2007-10-15 01:25 --------- d-----w C:\Program Files\QuickTime
2007-10-15 01:25 --------- d-----w C:\Program Files\Common Files\Apple
2007-10-15 01:25 --------- d-----w C:\Program Files\Apple Software Update
2007-10-15 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-15 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-15 01:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-10-15 01:08 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-15 00:45 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-15 00:44 --------- d-----w C:\Program Files\Microsoft.NET
2007-10-15 00:38 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-10-14 23:53 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-14 23:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-14 23:36 --------- d-----w C:\Program Files\MSBuild
2007-10-14 23:33 --------- d-----w C:\Program Files\Reference Assemblies
2007-10-14 22:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-14 22:00 --------- d-----w C:\Program Files\Java
2007-10-14 22:00 --------- d-----w C:\Program Files\Common Files\Java
2007-10-14 22:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-14 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-10-14 21:59 --------- d-----w C:\Program Files\Sonic
2007-10-14 21:59 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2007-10-14 21:58 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-10-14 21:58 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-10-14 21:56 --------- d-----w C:\Program Files\muvee Technologies
2007-10-14 21:56 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2007-10-14 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-10-14 21:55 --------- d-----w C:\Program Files\Zone.com
2007-10-14 21:42 --------- d-----w C:\Program Files\Hp
2007-10-14 21:42 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-14 21:37 1,579 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_Pavilion dv5000 (EP414UA#ABA)_YN_0Pavi_QCND608085X_EU_46_I30A4_SHP_V49.37_BF.31_T060104_WXP2_L409_M1023_J80_7AMD_8Turion 64 Technology ML-40_92.19_#071014_N10EC8139_(EP414UA#ABA)_XMOBILE_CN10_Z10024378.MRK
2007-10-14 21:34 --------- d-----w C:\Program Files\InterVideo
2007-10-14 21:34 --------- d-----w C:\Program Files\Common Files\InterVideo
2007-10-14 21:31 --------- d-----w C:\Program Files\ATI Technologies
2007-10-14 21:30 --------- d-----w C:\Program Files\Synaptics
2007-10-14 21:29 --------- d-----w C:\Program Files\CONEXANT
2007-10-14 21:28 --------- d-----w C:\Program Files\AMD
2007-10-14 21:21 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-14 21:16 --------- d-----w C:\Program Files\Windows Plus
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}]
2007-11-23 17:13 110592 --a------ C:\Program Files\kcyhfzxx\azkwxhfy.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-10 10:07]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="-C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" []
"SunJavaUpdateSched"="-C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"LSBWatcher"="-c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" []
"iTunesHelper"="-C:\Program Files\iTunes\iTunesHelper.exe" []
"hpWirelessAssistant"="-C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" []
"HP Software Update"="-C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" []
"ehTray"="-C:\WINDOWS\ehome\ehtray.exe" []
"eabconfg.cpl"="-C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" []
"Cpqset"="-C:\Program Files\HPQ\Default Settings\cpqset.exe" []
"ATIPTA"="-C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"= {06a57c19-3bae-49cd-b275-e9e637b7ba8c} - e404d.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 15:24:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-02 15:24:53 - machine was rebooted
.
--- E O F ---
smilez is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-01-2007, 04:46 PM   #5 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,560
OS: 2000 Pro; XP Pro; XP Home


Re: Can't Run Ad-aware 2007
I'll have more instructions for you after you install the AntiVirus, run that scan, and then post a new HijackThis log.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-01-2007, 05:37 PM   #6 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 22
OS: xp


Re: Can't Run Ad-aware 2007
AntiVir PersonalEdition Classic
Report file date: Sunday, December 02, 2007 16:09

Scanning for 955520 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrator
Computer name: RAYMOND-D8FBE0E

Version information:
BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 22:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 21:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/15/2007 00:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 21:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 23:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 9/13/2007 23:26:55
ANTIVIR2.VDF : 7.0.1.30 1575424 Bytes 11/30/2007 00:07:10
ANTIVIR3.VDF : 7.0.1.31 2048 Bytes 11/30/2007 00:07:10
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 12/3/2007 00:07:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 19:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 16:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 22:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 8/3/2007 17:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 16:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 21:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 16:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 20:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 21:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 21:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 18:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Sunday, December 02, 2007 16:09

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '28' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Deckard\System Scanner\backup\WINDOWS\temp\16power.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[INFO] The file was deleted!
C:\Deckard\System Scanner\backup\WINDOWS\temp\lookserver.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[INFO] The file was deleted!
C:\Deckard\System Scanner\backup\WINDOWS\temp\serversyn.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[INFO] The file was deleted!
C:\Deckard\System Scanner\backup\WINDOWS\temp\svmon.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[INFO] The file was deleted!
C:\Deckard\System Scanner\backup\WINDOWS\temp\svserver.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[INFO] The file was deleted!
C:\Deckard\System Scanner\backup\WINDOWS\temp\sys16.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[INFO] The file was deleted!
C:\Deckard\System Scanner\backup\WINDOWS\temp\syswin.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[INFO] The file was deleted!
C:\Deckard\System Scanner\backup\WINDOWS\temp\win2A7.exe
[DETECTION] Is the Trojan horse TR/Dldr.Alphabet.LH1
[INFO] The file was deleted!
C:\Deckard\System Scanner\backup\WINDOWS\temp\win34.exe
[DETECTION] Is the Trojan horse TR/Dldr.Alphabet.LH1
[INFO] The file was deleted!
C:\Deckard\System Scanner\backup\WINDOWS\temp\win37.exe
[DETECTION] Is the Trojan horse TR/Dldr.Alphabet.LH1
[INFO] The file was deleted!
C:\Deckard\System Scanner\backup\WINDOWS\temp\winA4D.exe
[DETECTION] Is the Trojan horse TR/Dldr.Alphabet.LH1
[INFO] The file was deleted!
C:\Deckard\System Scanner\backup\WINDOWS\temp\winmon.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[INFO] The file was deleted!
C:\Program Files\spoolsv.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[INFO] The file was deleted!
C:\Program Files\Common Files\Microsoft Shared\MSInfo\msnfo32.exe
[DETECTION] Is the Trojan horse TR/Drop.IRC.TKB.1
[INFO] The file was deleted!
C:\Program Files\Common Files\Microsoft Shared\MSInfo\TaskUpdate.exe
[DETECTION] Is the Trojan horse TR/Drop.IRC.TKB.1
[INFO] The file was deleted!
C:\Program Files\E404 Helper\e404.v5.dll
[DETECTION] Is the Trojan horse TR/Dldr.BHO.BT.1
[INFO] The file was deleted!
C:\Program Files\E404 Helper\e404.v6.dll
[DETECTION] Is the Trojan horse TR/Dldr.BHO.BT.1
[INFO] The file was deleted!
C:\Program Files\kcyhfzxx\azkwxhfy.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] The file could not be deleted!
C:\qoobox\Quarantine\catchme2007-12-02_152355.56.zip
[0] Archive type: ZIP
--> awtstut.dll
[DETECTION] Is the Trojan horse TR/Agent.38912
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Start Menu\Programs\Startup\findfast.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.eus.19
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\pqxcbwra.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.eus.19
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\Program Files\3269.exe.vir
[DETECTION] Is the Trojan horse TR/Small.Crypted.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\Program Files\xloader10181.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.eus.19
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\shell.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.eus.19
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\awtstut.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\cuaricrp.exe.vir
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\gebcy.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\ndawfcgr.exe.vir
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\nflodaua.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\printer.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.eus.19
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\puvgjmxc.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\spoolvs.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.eus.19
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\winpdc32.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\xlibgfl254.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.bfj.7
[INFO] The file was deleted!
C:\WINDOWS\system32\e404d.dll
[DETECTION] Is the Trojan horse TR/Drop.Agent.ctx
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\ActiveScan\pskavs.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was deleted!
Begin scan in 'E:\'
Begin scan in 'D:\'
Search path D:\ could not be opened!
The device is not ready.



End of the scan: Sunday, December 02, 2007 17:36
Used time: 1:27:37 min

The scan has been done completely.

5850 Scanning directories
207758 Files were scanned
37 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
35 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
207721 Files not concerned
832 Archives were scanned
4 Warnings
0 Notes
smilez is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-01-2007, 05:45 PM   #7 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 22
OS: xp


Re: Can't Run Ad-aware 2007
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:12 PM, on 12/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
c:\program files\avira\antivir personaledition classic\avscan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://s2.thezirius.com/?pid=1014&dt=2007-11-21&v=8
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - C:\Program Files\kcyhfzxx\azkwxhfy.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] -C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] -C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] -c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] -"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] -C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] -C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehTray] -C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] -C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] -C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] -"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1192401233814
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O21 - SSODL: E404Helper - {06a57c19-3bae-49cd-b275-e9e637b7ba8c} - e404d.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - -"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Unknown owner - -"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - -"C:\Program Files\Bonjour\mDNSResponder.exe" (file missing)
O23 - Service: Media Center Receiver Service (ehRecvr) - Unknown owner - C:\WINDOWS\eHome\ehRecvr.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Unknown owner - -"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Unknown owner - -C:\Program Files\HPQ\shared\hpqwmi.exe (file missing)
O23 - Service: iPod Service - Unknown owner - -"C:\Program Files\iPod\bin\iPodService.exe" (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - -"C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)

--
End of file - 6448 bytes
smilez is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-01-2007, 05:48 PM   #8 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,560
OS: 2000 Pro; XP Pro; XP Home


Re: Can't Run Ad-aware 2007
Ok, good.

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://s2.thezirius.com/?pid=1014&dt=2007-11-21&v=8

Close HijackThis now.

---------------------------------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
http://www.techsupportforum.com/security-center/hijackthis-log-help/198638-can-t-run-ad-aware-2007-a.html

File::
C:\WINDOWS\system32\mcrh.tmp

Folder::
C:\Program Files\kcyhfzxx
C:\Program Files\E404 Helper


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"=-

Collect::
C:\Program Files\spoolsv.exe
C:\Program Files\kcyhfzxx\azkwxhfy.dll
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-01-2007, 07:12 PM   #9 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 22
OS: xp


Re: Can't Run Ad-aware 2007
ComboFix 07-12-02.5 - Administrator 2007-12-02 19:07:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.634 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\My Documents\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\mcrh.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\E404 Helper
C:\Program Files\kcyhfzxx
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2007-12-02 16:02 . 2007-12-02 16:02 <DIR> d-------- C:\Program Files\Avira
2007-12-02 16:02 . 2007-12-02 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-30 20:28 . 2007-12-02 17:35 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-30 20:28 . 2007-11-30 20:28 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-30 20:28 . 2007-11-30 20:28 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-30 20:28 . 2007-11-30 20:28 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-30 19:52 . 2007-12-01 14:55 3,078 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-30 19:51 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-30 19:51 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-30 19:51 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-30 19:51 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-30 19:51 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-29 19:59 . 2007-11-29 19:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-29 19:56 . 2007-11-29 19:56 <DIR> d-------- C:\Deckard
2007-11-29 19:50 . 2007-11-29 19:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-26 20:58 . 2007-11-26 22:43 23,817 --a------ C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Application Data\info.dat
2007-11-15 18:35 . 2007-11-15 18:35 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-13 17:39 . 2007-11-13 17:39 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-07 22:08 . 2007-11-07 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-07 22:01 . 2007-11-07 22:01 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-07 21:16 . 2007-11-07 21:16 <DIR> d-------- C:\Program Files\uCertify
2007-11-07 20:45 . 2007-11-07 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-07 20:35 . 2007-11-07 20:35 <DIR> d-------- C:\Program Files\Bonjour
2007-11-07 20:27 . 2007-11-07 20:27 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-06 20:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-06 16:18 . 2007-11-07 22:02 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-06 16:16 . 2007-11-29 18:39 <DIR> d-------- C:\Program Files\MagicISO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 06:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-11-20 00:27 --------- d-----w C:\Program Files\HPQ
2007-11-02 00:05 --------- d-----w C:\Program Files\uTorrent
2007-10-31 03:28 --------- d-----w C:\Program Files\ImgBurn
2007-10-28 21:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-28 19:30 --------- d-----w C:\Program Files\DVD Shrink
2007-10-28 19:29 --------- d-----w C:\Program Files\DVD Decrypter
2007-10-18 00:58 --------- d-----w C:\Program Files\Google
2007-10-15 01:26 --------- d-----w C:\Program Files\iTunes
2007-10-15 01:26 --------- d-----w C:\Program Files\iPod
2007-10-15 01:25 --------- d-----w C:\Program Files\QuickTime
2007-10-15 01:25 --------- d-----w C:\Program Files\Common Files\Apple
2007-10-15 01:25 --------- d-----w C:\Program Files\Apple Software Update
2007-10-15 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-15 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-15 01:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-10-15 01:08 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-15 01:06 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-15 01:06 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-15 00:45 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-15 00:44 --------- d-----w C:\Program Files\Microsoft.NET
2007-10-15 00:38 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-10-14 23:53 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-14 23:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-14 23:36 --------- d-----w C:\Program Files\MSBuild
2007-10-14 23:33 --------- d-----w C:\Program Files\Reference Assemblies
2007-10-14 22:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-14 22:00 --------- d-----w C:\Program Files\Java
2007-10-14 22:00 --------- d-----w C:\Program Files\Common Files\Java
2007-10-14 22:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-14 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-10-14 21:59 --------- d-----w C:\Program Files\Sonic
2007-10-14 21:59 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2007-10-14 21:58 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-10-14 21:58 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-10-14 21:56 --------- d-----w C:\Program Files\muvee Technologies
2007-10-14 21:56 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2007-10-14 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-10-14 21:55 --------- d-----w C:\Program Files\Zone.com
2007-10-14 21:42 --------- d-----w C:\Program Files\Hp
2007-10-14 21:42 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-14 21:37 1,579 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_Pavilion dv5000 (EP414UA#ABA)_YN_0Pavi_QCND608085X_EU_46_I30A4_SHP_V49.37_BF.31_T060104_WXP2_L409_M1023_J80_7AMD_8Turion 64 Technology ML-40_92.19_#071014_N10EC8139_(EP414UA#ABA)_XMOBILE_CN10_Z10024378.MRK
2007-10-14 21:34 --------- d-----w C:\Program Files\InterVideo
2007-10-14 21:34 --------- d-----w C:\Program Files\Common Files\InterVideo
2007-10-14 21:31 --------- d-----w C:\Program Files\ATI Technologies
2007-10-14 21:30 --------- d-----w C:\Program Files\Synaptics
2007-10-14 21:29 --------- d-----w C:\Program Files\CONEXANT
2007-10-14 21:28 --------- d-----w C:\Program Files\AMD
2007-10-14 21:21 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-14 21:16 --------- d-----w C:\Program Files\Windows Plus
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-10 10:07]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="-C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" []
"SunJavaUpdateSched"="-C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"LSBWatcher"="-c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" []
"iTunesHelper"="-C:\Program Files\iTunes\iTunesHelper.exe" []
"hpWirelessAssistant"="-C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" []
"HP Software Update"="-C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" []
"ehTray"="-C:\WINDOWS\ehome\ehtray.exe" []
"eabconfg.cpl"="-C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" []
"Cpqset"="-C:\Program Files\HPQ\Default Settings\cpqset.exe" []
"ATIPTA"="-C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-02 16:07]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys

*Newly Created Service* - SSMDRV
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 19:09:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-02 19:09:25
C:\ComboFix2.txt ... 2007-12-02 15:24
.
--- E O F ---
smilez is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-01-2007, 07:14 PM   #10 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 22
OS: xp


Re: Can't Run Ad-aware 2007
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:06 PM, on 12/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] -C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] -C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] -c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] -"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] -C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] -C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehTray] -C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] -C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] -C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] -"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1192401233814
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Adobe LM Service - Unknown owner - -"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Unknown owner - -"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - -"C:\Program Files\Bonjour\mDNSResponder.exe" (file missing)
O23 - Service: Media Center Receiver Service (ehRecvr) - Unknown owner - C:\WINDOWS\eHome\ehRecvr.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Unknown owner - -"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Unknown owner - -C:\Program Files\HPQ\shared\hpqwmi.exe (file missing)
O23 - Service: iPod Service - Unknown owner - -"C:\Program Files\iPod\bin\iPodService.exe" (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - -"C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)

--
End of file - 6028 bytes
smilez is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-01-2007, 07:26 PM   #11 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,560
OS: 2000 Pro; XP Pro; XP Home


Re: Can't Run Ad-aware 2007
How's your system behaving?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-01-2007, 07:41 PM   #12 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 22
OS: xp


Re: Can't Run Ad-aware 2007
well when i restarted the fake antivirus didnt pop up.

Last time i logged on to my user name not administrator i couldnt use task manager
and under start here was not shutoff just log off.
smilez is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-01-2007, 07:43 PM   #13 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,560
OS: 2000 Pro; XP Pro; XP Home


Re: Can't Run Ad-aware 2007
Are you saying you still can't use task manager?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-01-2007, 07:48 PM   #14 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 22
OS: xp


Re: Can't Run Ad-aware 2007
everything seems good to go when i log on to administrator, but for some reason when i log on to my regular account there is no control panel, no task manager, no shutoff button, just logoff/switch users
smilez is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-01-2007, 07:50 PM   #15 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,560
OS: 2000 Pro; XP Pro; XP Home


Re: Can't Run Ad-aware 2007
I now see we've been running the fixes on the Administrator account, instead of your usual account.

Please log on to your usual account, and run Deckard's System Scanner (dss.exe) once again, like this:

Please run Deckard's System Scanner once again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"%userprofile%\desktop\dss.exe" /config
Click on "Check All"

Click Scan!

When finished, it shall produce two logs for you. Post those logs in your next reply.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-01-2007, 07:54 PM   #16 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 22
OS: xp


Re: Can't Run Ad-aware 2007
on my usual account there is no run :(
smilez is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-01-2007, 07:56 PM   #17 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,560
OS: 2000 Pro; XP Pro; XP Home


Re: Can't Run Ad-aware 2007
erm...right...

We should be able to get the info I need if you just double click on dss.exe to run it....on your usual account.

If that doesn't do it, I have other ideas.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-01-2007, 08:03 PM   #18 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 22
OS: xp


Re: Can't Run Ad-aware 2007
okai i ran combofix for the heck of it. now i have run, control panel, turn off, and also task manager.

now question is do you have the link for dss.exe again since its not on my desktop


never mind i found dss.exe running it right now
smilez is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-01-2007, 08:04 PM   #19 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 22
OS: xp


Re: Can't Run Ad-aware 2007
Deckard's System Scanner v20071014.68
Run by Raymond Huerta on 2007-12-02 20:03:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Raymond Huerta.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:23 PM, on 12/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Raymond Huerta.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] -C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] -C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] -c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] -"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] -C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] -C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehTray] -C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] -C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] -C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] -"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] -"C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1192401233814
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Adobe LM Service - Unknown owner - -"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Unknown owner - -"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - -"C:\Program Files\Bonjour\mDNSResponder.exe" (file missing)
O23 - Service: Media Center Receiver Service (ehRecvr) - Unknown owner - C:\WINDOWS\eHome\ehRecvr.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Unknown owner - -"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Unknown owner - -C:\Program Files\HPQ\shared\hpqwmi.exe (file missing)
O23 - Service: iPod Service - Unknown owner - -"C:\Program Files\iPod\bin\iPodService.exe" (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - -"C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)

--
End of file - 6712 bytes

-- Files created between 2007-11-02 and 2007-12-02 -----------------------------

2007-12-02 16:02:48 0 d-------- C:\Program Files\Avira
2007-12-02 16:02:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-30 20:28:01 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-30 19:52:01 3078 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-30 19:51:23 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-30 19:51:23 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-30 19:51:23 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-30 19:51:23 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-30 19:51:23 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-29 19:59:11 0 d-------- C:\Program Files\Trend Micro
2007-11-29 19:50:20 0 d-------- C:\Program Files\SpywareBlaster
2007-11-29 19:26:36 0 d-------- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Application Data\Sun
2007-11-29 18:44:13 0 d-------- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Application Data\Google
2007-11-29 18:43:51 0 d-------- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Application Data\Identities
2007-11-29 18:25:44 24249 --a------ C:\Documents and Settings\Raymond Huerta\Application Data\info.dat
2007-11-26 20:58:35 23817 --a------ C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Application Data\info.dat
2007-11-25 10:33:16 0 d-------- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Application Data\Macromedia
2007-11-25 10:29:48 0 d-------- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Application Data\Mozilla
2007-11-25 07:59:47 0 d--hs---- C:\WINDOWS\CSC
2007-11-23 17:13:10 0 d-------- C:\Documents and Settings\Raymond Huerta\Application Data\ultra
2007-11-22 10:08:56 0 d-------- C:\WINDOWS\system32\appmgmt
2007-11-22 10:04:10 0 d--h----- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Templates
2007-11-22 10:04:10 0 dr------- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Start Menu
2007-11-22 10:04:10 0 dr-h----- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\SendTo
2007-11-22 10:04:10 0 dr-h----- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Recent
2007-11-22 10:04:10 0 d--h----- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\PrintHood
2007-11-22 10:04:10 0 d--h----- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\NetHood
2007-11-22 10:04:10 0 dr------- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\My Documents
2007-11-22 10:04:10 0 d--h----- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Local Settings
2007-11-22 10:04:10 0 dr------- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Favorites
2007-11-22 10:04:10 0 d-------- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Desktop
2007-11-22 10:04:10 0 d--hs---- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Cookies
2007-11-22 10:04:10 0 dr-h----- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Application Data
2007-11-22 10:04:10 0 d---s---- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\Application Data\Microsoft
2007-11-22 10:04:09 1572864 --ah----- C:\Documents and Settings\Administrator.RAYMOND-D8FBE0E\NTUSER.DAT
2007-11-18 11:18:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-11-18 1159 0 d-------- C:\Documents and Settings\Administrator\Templates
2007-11-18 1159 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2007-11-18 1159 0 d-------- C:\Documents and Settings\Administrator\Cookies
2007-11-18 1159 0 d-------- C:\Documents and Settings\Administrator\Application Data
2007-11-18 1159 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-18 1158 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-18 11:01:59 0 d-------- C:\WINDOWS\pss
2007-11-15 18:35:11 1156 --a------ C:\WINDOWS\mozver.dat
2007-11-13 17:39:06 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-13 17:38:54 0 d-------- C:\Documents and Settings\Raymond Huerta\Application Data\Mozilla
2007-11-07 22:08:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-07 22:01:48 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-07 21:16:33 0 d-------- C:\Program Files\uCertify
2007-11-07 20:45:54 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-07 20:35:05 0 d-------- C:\Program Files\Bonjour
2007-11-07 20:27:35 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-06 20:20:16 0 d-------- C:\Documents and Settings\Raymond Huerta\Application Data\U3
2007-11-06 20:14:55 0 d-------- C:\Documents and Settings\Raymond Huerta\Application Data\AdobeUM
2007-11-06 20:13:47 0 d-------- C:\Documents and Settings\Raymond Huerta\Application Data\Adobe
2007-11-06 16:18:33 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-06 16:16:38 0 d-------- C:\Program Files\MagicISO


-- Find3M Report ---------------------------------------------------------------

2007-12-02 15:28:32 0 d-------- C:\Program Files\Common Files
2007-11-27 22:14:35 0 d-------- C:\Documents and Settings\Raymond Huerta\Application Data\uTorrent
2007-11-19 16:27:26 0 d-------- C:\Program Files\HPQ
2007-11-07 20:40:28 0 d-------- C:\Documents and Settings\Raymond Huerta\Application Data\AVG7
2007-11-01 16:05:31 0 d-------- C:\Program Files\uTorrent
2007-10-30 19:28:51 0 d-------- C:\Documents and Settings\Raymond Huerta\Application Data\ImgBurn
2007-10-30 19:28:38 0 d-------- C:\Program Files\ImgBurn
2007-10-30 19:28:12 0 d-------- C:\Documents and Settings\Raymond Huerta\Application Data\WinRAR
2007-10-28 13:57:00 0 d-------- C:\Documents and Settings\Raymond Huerta\Application Data\Leadertech
2007-10-28 12:28:12 0 d-------- C:\Documents and Settings\Raymond Huerta\Application Data\RipIt4Me
2007-10-28 11:30:59 0 d-------- C:\Program Files\DVD Shrink
2007-10-28 11:29:26 0 d-------- C:\Program Files\DVD Decrypter
2007-10-18 01:56:11 0 d-------- C:\Documents and Settings\Raymond Huerta\Application Data\Sun
2007-10-18 00:44:13 0 d-------- C:\Documents and Settings\Raymond Huerta\Application Data\Google
2007-10-17 16:58:06 0 d-------- C:\Program Files\Google
2007-10-14 17:26:18 0 d-------- C:\Program Files\iTunes
2007-10-14 17:26:08 0 d-------- C:\Program Files\iPod
2007-10-14 17:25:36 0 d-------- C:\Program Files\QuickTime
2007-10-14 17:25:13 0 d-------- C:\Program Files\Apple Software Update
2007-10-14 17:25:00 0 d-------- C:\Program Files\Common Files\Apple
2007-10-14 17:23:45 0 d-------- C:\Documents and Settings\Raymond Huerta\Application Data\InterVideo
2007-10-14 16:45:24 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-14 16:44:32 0 d-------- C:\Program Files\Microsoft.NET
2007-10-14 16:38:58 0 d-------- C:\Program Files\Common Files\LightScribe
2007-10-14 15:53:28 0 d-------- C:\Program Files\MSXML 6.0
2007-10-14 15:48:23 0 d-------- C:\Documents and Settings\Raymond Huerta\Application Data\Macromedia
2007-10-14 15:38:17 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-14 15:36:45 0 d-------- C:\Program Files\MSBuild
2007-10-14 15:33:49 0 d-------- C:\Program Files\Reference Assemblies
2007-10-14 14:01:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-14 14:00:49 0 d-------- C:\Program Files\Java
2007-10-14 14:00:24 0 d-------- C:\Program Files\Common Files\Java
2007-10-14 14:00:13 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-14 13:59:16 0 d-------- C:\Program Files\Sonic
2007-10-14 13:59:16 0 d-------- C:\Program Files\Common Files\TiVo Shared
2007-10-14 13:58:38 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-10-14 13:58:28 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-10-14 13:56:25 50 --a------ C:\AUTOEXEC.BAT
2007-10-14 13:56:10 0 d-------- C:\Program Files\muvee Technologies
2007-10-14 13:56:10 0 d-------- C:\Program Files\Common Files\muvee Technologies
2007-10-14 13:55:50 0 d-------- C:\Program Files\Zone.com
2007-10-14 13:53:39 0 d-------- C:\Program Files\Messenger
2007-10-14 13:47:29 0 d-------- C:\Documents and Settings\Raymond Huerta\Application Data\Apple Computer
2007-10-14 13:42:06 0 d-------- C:\Program Files\Hp
2007-10-14 13:42:06 0 d-------- C:\Program Files\Hewlett-Packard
2007-10-14 13:34:13 0 d-------- C:\Program Files\Common Files\InterVideo
2007-10-14 13:34:04 0 d-------- C:\Program Files\InterVideo
2007-10-14 13:31:32 0 d-------- C:\Program Files\ATI Technologies
2007-10-14 13:30:38 0 d-------- C:\Program Files\Synaptics
2007-10-14 13:29:51 0 d-------- C:\Program Files\CONEXANT
2007-10-14 13:28:47 0 d-------- C:\Program Files\AMD
2007-10-14 13:26:20 0 d-------- C:\Documents and Settings\Raymond Huerta\Application Data\Identities
2007-10-14 13:21:12 0 d-------- C:\Program Files\microsoft frontpage
2007-10-14 13:20:56 0 -rahs---- C:\MSDOS.SYS
2007-10-14 13:20:56 0 -rahs---- C:\IO.SYS
2007-10-14 13:20:56 0 --a------ C:\CONFIG.SYS
2007-10-14 13:19:21 0 d--h----- C:\Program Files\WindowsUpdate
2007-10-14 13:18:32 0 d-------- C:\Program Files\Common Files\MSSoap
2007-10-14 13:18:21 0 d-------- C:\Program Files\Movie Maker
2007-10-14 13:16:59 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-10-14 13:16:41 0 d-------- C:\Program Files\Online Services
2007-10-14 13:16:08 0 d-------- C:\Program Files\Windows Plus
2007-10-14 13:13:40 0 d-------- C:\Program Files\MSN Gaming Zone
2007-10-14 13:13:33 0 d-------- C:\Program Files\Windows NT
2007-10-14 06:07:49 0 d-------- C:\Program Files\Common Files\ODBC
2007-10-14 06:07:46 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-10-14 06:07:26 62 --ahs---- C:\Documents and Settings\Raymond Huerta\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="-C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" []
"SunJavaUpdateSched"="-C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"LSBWatcher"="-c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" []
"iTunesHelper"="-C:\Program Files\iTunes\iTunesHelper.exe" []
"hpWirelessAssistant"="-C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" []
"HP Software Update"="-C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" []
"ehTray"="-C:\WINDOWS\ehome\ehtray.exe" []
"eabconfg.cpl"="-C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" []
"Cpqset"="-C:\Program Files\HPQ\Default Settings\cpqset.exe" []
"ATIPTA"="-C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12/02/2007 04:07 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 04:00 AM]
"MSMSGS"="-C:\Program Files\Messenger\msmsgs.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/10/2007 10:07 AM]

C:\Documents and Settings\Raymond Huerta\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme




-- End of Deckard's System Scanner: finished at 2007-12-02 20:03:38 ------------
smilez is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-01-2007, 08:09 PM   #20 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,560
OS: 2000 Pro; XP Pro; XP Home


Re: Can't Run Ad-aware 2007
OK, combofix cleared the malware-placed policies. May as well post that log, too.

We should be almost done.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 10:19 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84