Jump to content


Photo

On-going issues with several trojans/other misc. malware


  • This topic is locked This topic is locked
16 replies to this topic

#1 brandonasu85

brandonasu85

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 23 April 2007 - 12:35 AM

Hi and thanks for any help in advance.

I'd also like to quickly mention that I have read and fully understand the posting guidelines and procedures, and have tried to make the following explanations as thorough and complete as possible.

System: Acer Aspire 5000
Windows XP SP2 Home Edition
AMD Turion 64 Mobile ML-32 1.8Ghz Processor
448 MB Ram

Currently running Spybot S&D, Adaware SE, Avast 4.7, AVG Anti-Spyware 7.5, CCleaner, HJT

Problems first began with typical sluggish system, slow loading, heavy cpu load, etc. I started noticing several extra processes showing up in task mgr. (usually 4-5 extras with random names such as 19exhdda.7.exe, 21exed32_2.d.exe, 28exml32.9.exe, you get the idea...) each using quite a bit of memory. Also noticed that upon ending these processes they would usually re-appear almost immediately under a different yet very similiar name.

The same day that this began, Avast 4.7's resident scanner began alerting me of 2 different infections, Win32:Horst-GZ [Trj] (The more abundant of the two) and Win32:Agent-VM [Trj]. I continually tried both moving the infected files to the virus chest and deleting them outright, neither of which worked. They would come back, usually infecting multple locations, almost immediately. Locations of infected files were always C:\Documents and Settings\Username\Local Settings\Temp. Deleting the entire contents of this directory also did nothing to solve the problem.

Browsers didn't seem to be hijacked, no popups or anthing like that.

I finally found a partial solution <a href="http://forums.spywar...8291&">here</a> after I identified the startup process for this malware (.nvsvc located in C:\WINDOWS\system\smss.exe /w) and googled it. I followed the instructions from this post and removed the startup entry with HJT as well as manually delete the file C:\WINDOWS\system\smss.exe.

As of now it seems the problem has somewhat subsided. The strange processes are not showing up anymore and Avast has stopped picking up traces of Win32:Horst and Win32:Agent for the moment, but system still suffers bad lag, slow startup and shutdown, internet connection, and extremely high CPU load at almost all times. There are also several very suspicious looking startup entries and many repeat processes in task mgr (not really sure if they should be that way or not).

Other major problems that I have not been able to get anywhere with are IE running extremely slow at all times with any and all pages/downloads. That is almost bearable since I almost always use Firefox, but I also seem to be having occasional problems starting Windows Update (the automatic updates service gets turned off and switched from 'automatic' to 'disabled', as well as the BITS service). Even if I am able to get Windows Update started, it AT MOST will tell me that there are updates ready to download, but then when it tries to install them they almost always fail. Then if the update service remains started, it will continue to tell me to download the same updates again only to repeatedly fail the installation. I am pretty sure, however, that most of the critical SP2 updates are installed and up to date.

All of this makes me believe that part of these previous infections may still exist, and that almost definately there are other instances of malware going on as well.

Here is a copy of my HJT log.......

Logfile of HijackThis v1.99.1
Scan saved at 11:19:02 AM, on 4/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\CPUCooL\CooLSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\RunOnce: [aswAhAScr.dll] C:\PROGRA~1\ALWILS~1\Avast4\ASWREG~1.EXE "C:\Program Files\Alwil Software\Avast4\AhAScr.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpeedswitchXP] D:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZNfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by20fd.bay20....es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1167899172593
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FC33931-8368-4B6C-BDC4-F053CBE6F9CF}: NameServer = 205.171.3.65 205.171.2.65
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AAYGOBRY - Unknown owner - C:\DOCUME~1\Brandon\LOCALS~1\Temp\AAYGOBRY.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - D:\Program Files\CPUCooL\CooLSrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
O23 - Service: YOS - Unknown owner - C:\DOCUME~1\Brandon\LOCALS~1\Temp\YOS.exe (file missing)


As well as a copy of my Ewido (AVG 7.5) log........
**I probably should mention that none of these scans, including Ewido, were done in safe mode. I had some serious notebook overheating issues that started a few months back. The processor would reach temps well over 200 deg. F anytime applications which used a lot of CPU were open, (adobe photoshop, games, etc.). The end results would be unexpected shutdowns, usually very quickly. I've since been using a program called SpeedSwitch XP to throttle down the CPU to 800Mhz so as to reduce the heat that's created. Has been working great, only problem is (which I hadn't realized until I tried to do these scans in safe mode just now), for some reason when booting into safe mode, the processor max's out at 1800Mhz non-stop, regardless of whether I change power scheme, open the speedswitch utility, etc. Can't for the life of me figure out how to change the frequency of CPU in safe mode so until I am able to solve that issue here are the logs from normal mode. **


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:21:39 PM 4/22/2007

+ Scan result:



C:\Documents and Settings\Brandon\Local Settings\Temp\7exssd32a.8.exe -> Proxy.Horst.pu : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Local Settings\Temp\12exinjs.a6.exe -> Proxy.Horst.sv : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Local Settings\Temp\15exinjs.a6.exe -> Proxy.Horst.sv : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Local Settings\Temp\18exinjs.a6.exe -> Proxy.Horst.sv : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Local Settings\Temp\20exinjs.a6.exe -> Proxy.Horst.sv : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Local Settings\Temp\27exinjs.a6.exe -> Proxy.Horst.sv : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Local Settings\Temp\28exinjs.a6.exe -> Proxy.Horst.sv : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Local Settings\Temp\30exinjs.a6.exe -> Proxy.Horst.sv : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Local Settings\Temp\40exinjs.a6.exe -> Proxy.Horst.sv : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Local Settings\Temp\42exinjs.a6.exe -> Proxy.Horst.sv : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Local Settings\Temp\48exinjs.a6.exe -> Proxy.Horst.sv : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Local Settings\Temp\49exinjs.a6.exe -> Proxy.Horst.sv : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Local Settings\Temp\52exinjs.a6.exe -> Proxy.Horst.sv : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Local Settings\Temp\5exinjs.a6.exe -> Proxy.Horst.sv : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Local Settings\Temp\63exinjs.a6.exe -> Proxy.Horst.sv : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Local Settings\Temp\69exinjs.a6.exe -> Proxy.Horst.sv : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Local Settings\Temp\84exinjs.a6.exe -> Proxy.Horst.sv : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Local Settings\Temp\89exinjs.a6.exe -> Proxy.Horst.sv : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Local Settings\Temp\91exinjs.a6.exe -> Proxy.Horst.sv : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon\Local Settings\Temp\40exinjs.a6.exe -> Proxy.Horst.sv : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon\Local Settings\Temp\5exinjs.a6.exe -> Proxy.Horst.sv : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\setup.exe -> Proxy.Horst.xy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP335\A0265488.exe -> Proxy.Horst.xy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP336\A0265500.exe -> Proxy.Horst.xy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP339\A0266721.exe -> Proxy.Horst.xy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0266867.exe -> Proxy.Horst.xy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0266919.exe -> Proxy.Horst.xy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP341\A0267092.exe -> Proxy.Horst.xy : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.63:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.64:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.65:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.48:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.49:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.50:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.51:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.52:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.12:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.14:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.43:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.62:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.15:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.16:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.92:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.93:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.28:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.29:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.22:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.67:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.32:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.44:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.24:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.25:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.26:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.28:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.29:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.30:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.36:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.37:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.89:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.90:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.34:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.35:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.36:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.37:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.94:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.96:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.97:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.98:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.99:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.53:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.54:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.55:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.56:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.57:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.58:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.59:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.60:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.61:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.86:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.12:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.13:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.14:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\9v52mle8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.38:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.39:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.42:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\w4mcd5tq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end


After I post this, I will try and get a couple extra online scan logs up, probably from Kaspersky and Panda.

Thanks again in advance for any help you might be able to give.


UPDATE: Here is a log from the Kaspersky online scan.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, April 23, 2007 4:54:26 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 23/04/2007
Kaspersky Anti-Virus database records: 300951
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\Brandon\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 13882
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:18:55

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6b0.dat Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\DOCUME~1\Brandon\LOCALS~1\Temp\~DF2CB8.tmp Object is locked skipped
C:\DOCUME~1\Brandon\LOCALS~1\Temp\~DF2CC1.tmp Object is locked skipped

Scan process completed.


Thx again.

Edited by brandonasu85, 23 April 2007 - 06:37 PM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 25 April 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 17 May 2007 - 10:14 AM

Hi,

Sorry for this long delay.

If you still need help please post a fresh HijackThis log for review.

In a few words let me know what problems are pending.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 brandonasu85

brandonasu85

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 21 May 2007 - 02:55 AM

No problem. Here's a fresh HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:34:31 AM, on 5/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\CPUCooL\CooLSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common

Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpeedswitchXP] D:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_10\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by20fd.bay20....es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.micros...b?1167899172593
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FC33931-8368-4B6C-BDC4-F053CBE6F9CF}: NameServer = 205.171.3.65

205.171.2.65
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32

\WPDShServiceObj.dll
O23 - Service: AAYGOBRY - Unknown owner - C:\DOCUME~1\Brandon\LOCALS~1\Temp\AAYGOBRY.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - D:\Program Files\CPUCooL\CooLSrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows

Media Player\WMPNetwk.exe (file missing)
O23 - Service: YOS - Unknown owner - C:\DOCUME~1\Brandon\LOCALS~


Bascially, i'm still having most of the problems I had described before. Most notably, my system is having problems with extremely high memory usage at all times, a lot of lagging and hanging when opening up certain programs, and extreme CPU overheating. To elaborate on the CPU thing a little, I still am unable to boot from safe mode, run at a speed of over 800mhz, or take longer than about 10 seconds to enter my bios password before the cpu maxes throttle and overheats the system. Also having major issues with internet explorer, although I don't appear to be hijacked. I run avast antivirus and everytime i open IE a screen that says Avast! script blocker pops up, and I'm assuming this is not supposed to happen. IE also loads pages very slow, if at all. (Firefox seems to work as it should). As for the recurring trojan infections, I think I may have taken care of that as the resident scanner has stopped going off constantly.

Thanks again for the help.
-Brandon

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 21 May 2007 - 09:29 AM

Your log is clean.

Let's start with this scan.

Download this file - combofix.exe

and save it to your desktop (Important). Also save the below command in Notepad as a text file so that you can copy/paste in safe mode.

"%userprofile%\desktop\combofix.exe"

Boot into safe mode by tapping the F8 key just before Windows starts to load.

go to start --> run and copy/paste in the following:

"%userprofile%\desktop\combofix.exe"

When finished, it shall produce a log for you. Save it and post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

In your next post, please include
  • new hijackthis log
  • combofix log
*use separate posts to ensure the logs don't get cut off!
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 01 June 2007 - 06:50 AM

Due to the lack of feedback this Topic is closed.

Reopened by request.

Edited by jedi, 02 June 2007 - 07:38 AM.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 02 June 2007 - 08:31 AM

brandonasu85

What is the current situation.

Submit a fresh HijackThis log for review.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 brandonasu85

brandonasu85

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 12 June 2007 - 12:39 PM

Hello again and sorry for the delayed response.

Here is a new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:11, on 2007-06-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\CPUCooL\CooLSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
D:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpeedswitchXP] D:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by20fd.bay20....es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1167899172593
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - http://otp2.mycricke...r/mmsPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FC33931-8368-4B6C-BDC4-F053CBE6F9CF}: NameServer = 205.171.3.65 205.171.2.65
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AAYGOBRY - Unknown owner - C:\DOCUME~1\Brandon\LOCALS~1\Temp\AAYGOBRY.exe (file missing)
O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - D:\Program Files\CPUCooL\CooLSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
O23 - Service: YOS - Unknown owner - C:\DOCUME~1\Brandon\LOCALS~1\Temp\YOS.exe (file missing)


Before this thread had been closed due to my non-responsiveness, you had said that my HJT log was clean, and recommended a scan with combofix in safe-mode. This is where we left off, and I ran into a bit of a problem getting the scan completed. For about the last 6 months, this notebook has had a terrible problem with the CPU overheating (~210F it shuts itself off; even after thorough cleaning of fan, heatsink, etc.). The only way I was able to keep the system from shutting down any time a CPU intensive program was opened was to underclock (or is it undervolt?) the processor with a program called SpeedSwitchXP, and reducing the frequency to a constant 800Mhz. Everything works great with little reduction in speed, but the problem i'm facing now is when I boot up into safe mode, the processor wants to run maxed out at 1800Mhz non-stop, whether the SpeedSwitchXP is running or not, and regardless of the power scheme I select within the control panel. I'm only able to keep the system running for a max. of 5 min, if that, in safe mode, so I'm unable to get more than about 5% of the combofix scan done.

The biggest problem i'm having at the moment just developed yesterday (just when I thought I had it running much better). Almost every time I open Windows Explorer and start browsing through it, I can't seem to get past more than 3 or 4 folders (doesn't appear to be one particular file or folder causing this, sometimes C: drive does it, sometimes D:, or even my flash drive), when suddenly the CPU will shoot up to 100% (99% of that being the process EXPLORER.EXE, which is also using anywhere from 22,000K-33,000K of mem.) and the system will freeze. Sometimes I am able to open the task manager and end the My Computer task, and then the CPU will drop back to normal and won't require reboot, while other times the whole system will just freeze and I'll have to restart manually.

Going through the list of running processes, i've also noticed that there are 8 instances of SVCHOST.EXE, one of them consistently using from 14,000K-22,000K. Not sure if this is normal or not.

Thanks again,
Brandon

#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 13 June 2007 - 06:29 AM

Run this tool in normal mode.



Please download Deckard's System Scanner (DSS)

1. Download Deckard's System Scanner (DSS) to your Desktop

http://www.techsupportforum.com/sectools/Deckard/dss.exe (or other convenient location).

2. Close any open applications and windows.

3. Double-click on dss.exe to run it, and follow the prompts.

4. When the scan is complete, a text file will open - main.txt

5. Copy the text from that log and paste it into your post.

Note: Some firewalls may warn that sigcheck.exe is trying to access the internet. Please allow it permission to do so.


nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 brandonasu85

brandonasu85

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 14 June 2007 - 05:00 PM

Here is the "main.txt" scan results:

Deckard's System Scanner v20070611.50
Run by Brandon on 2007-06-14 at 04:41:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
29: 2007-06-14 11:41:29 UTC - RP400 - Deckard's System Scanner Restore Point
28: 2007-06-14 09:46:34 UTC - RP399 - System Checkpoint
27: 2007-06-13 08:22:38 UTC - RP398 - System Checkpoint
26: 2007-06-12 07:58:52 UTC - RP397 - Removed Microsoft ActiveSync 4.0
25: 2007-06-12 07:43:40 UTC - RP396 - Installed Microsoft ActiveSync 4.0


-- First Restore Point --
1: 2007-05-24 05:53:41 UTC - RP372 - Installed EA downloader


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Brandon.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 04:42, on 2007-06-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
D:\Program Files\CPUCooL\CooLSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Brandon\Desktop\dss.exe
C:\HJT\Brandon.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpeedswitchXP] D:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by20fd.bay20....es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1167899172593
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - http://otp2.mycricke...r/mmsPlayer.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AAYGOBRY - Unknown owner - C:\DOCUME~1\Brandon\LOCALS~1\Temp\AAYGOBRY.exe (file missing)
O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - D:\Program Files\CPUCooL\CooLSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
O23 - Service: YOS - Unknown owner - C:\DOCUME~1\Brandon\LOCALS~1\Temp\YOS.exe (file missing)


-- HijackThis Fixed Entries (C:\HJT\backups\) ----------------------------------

backup-20070422-093835-104 O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
backup-20070502-203440-327 O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
backup-20070502-203440-244 O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
backup-20070502-203440-419 O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZCfox000

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "D:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Vax347b - c:\windows\system32\drivers\vax347b.sys
R0 Vax347s - c:\windows\system32\drivers\vax347s.sys
R1 ntiowp - c:\windows\system32\drivers\ntiowp.sys <Not Verified; ; NT IO driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 int15.sys - c:\acer\empowering technology\erecovery\int15.sys
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

S0 AmdAcpi (AmdAcpi Bus Filter Driver) - c:\windows\system32\drivers\amdacpi.sys (file missing)
S3 amdtools (AMD Special Tools Driver) - c:\windows\system32\drivers\amdtools.sys (file missing)
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
S3 PCTINDIS5 (PCTINDIS5 NDIS Protocol Driver) - c:\windows\system32\pctindis5.sys (file missing)
S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CPUCooLServer (CPUCooLServer Service) - "d:\program files\cpucool\coolsrv.exe"

S2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe (file missing)
S2 WMPNetworkSvc (Windows Media Player Network Sharing Service) - c:\program files\windows media player\wmpnetwk.exe (file missing)
S3 AAYGOBRY - c:\docume~1\brandon\locals~1\temp\aaygobry.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 YOS - c:\docume~1\brandon\locals~1\temp\yos.exe (file missing)


-- Scheduled Tasks -------------------------------------------------------------

2007-06-13 14:52:20 424 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AE08E49E-5FA3-4003-B3E2-CC95A8B793B6}.job


-- Files created between 2007-05-14 and 2007-06-14 -----------------------------

2007-06-12 06:09:43 0 dr-h----- C:\Documents and Settings\Amanda\Recent
2007-06-12 02:05:17 0 dr-h----- C:\Documents and Settings\Brandon\Recent
2007-06-10 15:55:46 0 d-------- C:\Documents and Settings\Amanda\Application Data\uTorrent
2007-06-10 04:28:32 0 d-------- C:\Program Files\NCH Swift Sound
2007-06-09 23:58:32 0 d--hs---- C:\FOUND.037
2007-05-28 04:09:16 0 d--hs---- C:\FOUND.036
2007-05-24 06:14:11 0 d-------- C:\Program Files\EA SPORTS
2007-05-22 18:30:18 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-22 03:49:31 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-05-22 02:18:15 0 d-------- C:\Program Files\Bonjour
2007-05-22 02:06:18 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-05-20 02:14:42 0 d-------- C:\Program Files\FileZilla


-- Find3M Report ---------------------------------------------------------------

2007-06-12 00:47:08 2508 --a------ C:\Documents and Settings\Brandon\Application Data\$_hpcst$.hpc
2007-04-28 04:49:44 1 --a------ C:\WINDOWS\system32\exp16sys.dll
2007-04-26 03:33:26 0 d-------- C:\Program Files\Common Files\Macromedia
2007-04-23 06:37:26 0 d-------- C:\Documents and Settings\Brandon\Application Data\Microsoft Web Folders
2007-04-15 00:23:48 0 d-------- C:\Documents and Settings\Brandon\Application Data\Cakewalk
2007-04-09 01:19:00 335 --a------ C:\WINDOWS\nsreg.dat
2007-03-29 23:59:38 103511 --a------ C:\WINDOWS\hpoins04.dat
2007-03-26 02:20:52 3 --a------ C:\WINDOWS\system32\acsc20.dll
2007-03-21 20:54:16 69632 --a------ C:\WINDOWS\system32\TWUNK_32.EXE <Not Verified; Twain Working Group; Twain Thunker>
2007-03-21 20:54:16 48560 --a------ C:\WINDOWS\system32\TWUNK_16.EXE <Not Verified; Twain Working Group; Twain Thunker>
2007-03-21 20:54:16 77312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL <Not Verified; Twain Working Group; Twain_32 Source Manager>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LaunchApp"="Alaunch"
"AGRSMMSG"="AGRSMMSG.exe"
"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
"SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"
"LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\Communications_Helper.exe\""
"LVCOMSX"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\LVComSX.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"SpeedswitchXP"="D:\\Program Files\\SpeedswitchXP\\SpeedswitchXP.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"=dword:00000000
"NoStrCmpLogical"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=dword:00000000
"MemCheckBoxInRunDlg"=dword:00000000
"NoViewOnDrive"=dword:00000000
"NoLogoff"=dword:00000000
"NoWindowsUpdate"=dword:00000000
"StartMenuLogOff"=dword:00000000
"NoStrCmpLogical"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RestrictRun]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\setupSNK.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I]
Shell\AutoRun\command I:\RunGame.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06b05fd2-b417-11db-a452-ba04fea8b9b2}]
Shell\AutoRun\command F:\RunGame.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a9172c9-4289-11db-a2c3-806d6172696f}]
Shell\AutoRun\command D:\setupSNK.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0c21c04-c085-11db-a4a7-c13834903086}]
Shell\AutoRun\command G:\bootcd\wintools\autorun.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_INT15.SYS


-- End of Deckard's System Scanner: finished at 2007-06-14 at 04:42:47 ---------


It also gave me an extra log file called "extra.txt". Not sure if you wanted this posted as well but here it is just in case:


Deckard's System Scanner v20070611.50
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 Mobile Technology ML-32
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 446.48 MiB / 156.03 MiB
Pagefile Memory (total/avail): 1620.22 MiB / 1350.11 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1974.64 MiB

C: is Fixed (FAT32) - 26.22 GiB total, 11.2 GiB free.
D: is Fixed (FAT32) - 26.71 GiB total, 16.07 GiB free.
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

AV: avast! antivirus 4.7.1001 [VPS 000748-5] v4.7.1001 (ALWIL Software)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Program Files\\uTorrent\\utorrent.exe"="D:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"D:\\Program Files\\CoffeeCup Software\\Coffee.exe"="D:\\Program Files\\CoffeeCup Software\\Coffee.exe:*:Enabled:CoffeeCup HTML Editor 2007"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:YServer Module"
"C:\\WINDOWS\\System32\\dpvsetup.exe"="C:\\WINDOWS\\System32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\System32\\RUNDLL32.EXE"="C:\\WINDOWS\\System32\\RUNDLL32.EXE:*:Enabled:Run a DLL as an App"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\42exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\42exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\5exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\5exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\14exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\14exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\82exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\82exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\32exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\32exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\59exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\59exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\62exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\62exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\44exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\44exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\91exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\91exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\87exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\87exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\65exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\65exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\28exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\28exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\4exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\4exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\45exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\45exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\52exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\52exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\47exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\47exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\6exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\6exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\43exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\43exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\21exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\21exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\63exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\63exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\1exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\1exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\76exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\76exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\78exinjs.a5.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\78exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\52exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\52exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\74exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\74exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\66exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\66exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\30exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\30exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\23exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\23exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\99exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\99exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\78exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\78exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\22exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\22exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\6exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\6exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\80exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\80exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\7exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\7exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\14exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\14exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\62exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\62exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\10exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\10exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\29exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\29exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\37exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\37exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\47exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\47exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\50exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\50exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\30exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\30exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\74exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\74exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\3exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\3exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\21exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\21exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\16exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\16exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\56exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\56exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\36exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\36exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\71exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\71exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\54exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\54exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\55exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\55exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\62exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\62exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\16exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\16exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\26exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\26exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\95exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\95exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\32exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\32exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\26exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\26exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\36exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\36exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\82exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\82exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\75exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\75exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\77exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\77exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\73exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\73exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\89exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\89exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\18exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\18exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\5exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\5exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\27exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\27exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\93exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\93exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\13exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\13exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\58exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\58exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\42exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\42exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\95exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\95exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\18exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\18exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\25exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\25exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\89exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\89exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\20exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\20exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\42exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\42exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\5exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\5exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\12exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\12exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\15exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\15exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\49exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\49exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\48exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\48exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\40exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\40exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\91exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\91exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\63exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\63exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\84exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\84exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\86exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\86exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\61exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\61exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\33exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\33exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\52exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\52exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\46exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\46exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\28exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\28exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\35exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\35exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\83exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\83exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\91exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\91exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\45exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\45exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\69exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\69exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\19exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\19exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\28exinjs.a6.exe"="C:\\DOCUME~1\\Amanda\\LOCALS~1\\Temp\\28exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\76exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\76exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\96exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\96exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\49exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\49exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\40exinjs.a6.exe"="C:\\DOCUME~1\\Brandon\\LOCALS~1\\Temp\\40exinjs.a6.exe:*:Enabled:Microsoft Update"
"D:\\Program Files\\AVG Anti-Spyware 7.5\\avgas.exe"="D:\\Program Files\\AVG Anti-Spyware 7.5\\avgas.exe:*:Enabled:AVG Anti-Spyware"
"C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"="C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE:*:Enabled:Mozilla Firefox"
"D:\\Program Files\\CoffeeCup Software\\CoffeeCup Google SiteMapper\\SiteMapper.exe"="D:\\Program Files\\CoffeeCup Software\\CoffeeCup Google SiteMapper\\SiteMapper.exe:*:Enabled:CoffeeCup Google SiteMapper"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Brandon\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ACER-2E68C49B20
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Brandon
LOGONSERVER=\\ACER-2E68C49B20
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2402
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Brandon\LOCALS~1\Temp
TMP=C:\DOCUME~1\Brandon\LOCALS~1\Temp
USERDOMAIN=ACER-2E68C49B20
USERNAME=Brandon
USERPROFILE=C:\Documents and Settings\Brandon
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Amanda (admin)
Brandon (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "D:\Program Files\uTorrent\uninstall.exe"
Acer eManager for Notebook --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Acer GridVista --> C:\WINDOWS\UnInst32.exe GridV.UNI
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Agere Systems AC'97 Modem --> agrsmdel
Arcade 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> D:\Program Files\AVG Anti-Spyware 7.5\Uninstall.exe
Broadcom 802.11 Network Adapter --> C:\WINDOWS\system32\BCMWLU00.exe verbose
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CoffeeCup HTML Editor 2007 --> D:\PROGRA~1\COFFEE~2\UNWISE.EXE D:\PROGRA~1\COFFEE~2\INSTALL.LOG
CPUCooL (remove only) --> "C:\Program Files\CPUCooL\CPUCooL-uninst.exe"
Express Burn --> C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"
Game Accelerator (remove only) --> C:\Program Files\Game Accelerator\Uninst.exe
HijackThis 1.99.1 --> C:\HJT\HijackThis.exe /uninstall
HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam --> MsiExec.exe /X{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Madden NFL 07 --> C:\Program Files\EA SPORTS\Madden NFL 07\EAUninstall.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.3) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.4) --> C:\Progra

#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 15 June 2007 - 05:46 AM

Check the settings for the BITS service.

Click the start button then click RUN...
Type in services.msc then ok

Scroll down the list to Background Intelligent Transfer Service and double click it to open the properties box.
On the general tab, the start up type should be set to manual or automatic.
Click the Log On tab, "log on as:" should be Local system account.
Below that in the hardware profile box under service, it should say enabled, if not click the enable button.
Apply and ok, then exit services.


If that doesn't help, the following article has several possible solutions listed.
Re-installing the BITS service on Windows XP SP2 when it has been corrupted
DETAILED INFORMATION HERE.
http://www.botmanfam...reinstall.shtml
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 brandonasu85

brandonasu85

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 20 June 2007 - 05:23 PM

I checked the BITS service, and it appears that all of the settings are exactly what you had said they should be. Should I assume that the BITS service is still corrupted and in need of re-installation? Thanks.

Brandon

#13 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 21 June 2007 - 07:22 AM

You may have to re-install BITS but before you do run this scan.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Wait for further Instructions.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#14 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 02 July 2007 - 08:53 AM

Due to the lack of feedback this Topic is closed.

[Reopened]

Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#15 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 July 2007 - 10:29 AM

Reopened at request of topic owner.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#16 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 18 July 2007 - 06:54 AM

I'm listening.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#17 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 30 July 2007 - 06:44 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button