Results 1 to 10 of 16

Thread: Fake Security Panel and Random Popups

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 2007-11-20, 04:28 #1
    Stoke
    Stoke is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    11

    Default Fake Security Panel and Random Popups

    I'm having a problem with task bar icons informing me of an infection and taking me to a pretty legit looking security panel. I also get occasional system pop ups and IE pop ups I couldn't run the Kaspersky online scan, the update kept failing. I have run Ad-Aware and Spybot, both in safe mode, restarts in between them.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:15:20 PM, on 11/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\system32\printer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\regsvr32.exe
    C:\Program Files\SecCenter\scprot4.exe
    C:\Windows\xpupdate.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Matthew\Application Data\F?nts\?ti2evxx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\COMMON~1\MCROSO~1.NET\wuauboot.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/notebookaccessories
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
    O4 - HKLM\..\Run: [ipmzopod] rundll32.exe "C:\Program Files\yfqhqbur\apghebiz.dll",Init
    O4 - HKLM\..\Run: [jsdyvenu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\jsdyvenu.dll"
    O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvzej.dll,startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Qcfri] "C:\Documents and Settings\Matthew\Application Data\F?nts\?ti2evxx.exe"
    O4 - HKCU\..\Run: [Tbsa] "C:\PROGRA~1\COMMON~1\MCROSO~1.NET\wuauboot.exe" -vt ndrv
    O4 - Startup: findfast.exe
    O4 - Global Startup: autorun.exe
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156092615015
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Freenet 0.7 darknet (freenet-darknet) - Unknown owner - C:\Program Files\freenet\bin\wrapper-windows-x86-32.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    --
    End of file - 6940 bytes
  2. 2007-11-20, 23:18 #2
    random/random
    random/random is offline
    Security Expert: Visiting Fellow
    Join Date
    Jul 2007
    Posts
    703

    Default

    Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
    1. Close all applications and windows.
    2. Double-click on dss.exe to run it, and follow the prompts.
    3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
  3. 2007-11-20, 23:58 #3
    Stoke
    Stoke is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    11

    Default

    Had to break them up as they were too long. Here is the first part of main.

    Deckard's System Scanner v20071014.68
    Run by Matthew on 2007-11-20 16:48:51
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    77: 2007-11-20 22:49:06 UTC - RP464 - Deckard's System Scanner Restore Point
    76: 2007-11-20 02:38:49 UTC - RP463 - Last known good configuration
    75: 2007-11-20 02:38:37 UTC - RP462 - Installed Ad-Aware 2007
    74: 2007-11-20 02:38:37 UTC - RP461 - System Checkpoint
    73: 2007-11-20 02:38:37 UTC - RP460 - System Checkpoint


    -- First Restore Point --
    1: 2007-11-20 02:38:14 UTC - RP388 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 383 MiB (512 MiB recommended).


    -- HijackThis (run as Matthew.exe) ---------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:50:25 PM, on 11/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\regsvr32.exe
    C:\Windows\xpupdate.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Matthew\Application Data\F?nts\?ti2evxx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Matthew\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Matthew.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/notebookaccessories
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Vgsliunk\cimcymfw.dll
    O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - C:\Program Files\wdrpuyag\sywxapur.dll
    O2 - BHO: (no name) - {4E8CC145-8682-4135-A5D8-3BC5B179459A} - C:\WINDOWS\system32\mljgf.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
    O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - C:\WINDOWS\system32\nnnonnn.dll
    O2 - BHO: (no name) - {EFDBD949-15F4-2E5A-8F58-31E6008F5894} - C:\WINDOWS\system32\erbjfxt.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
    O4 - HKLM\..\Run: [ipmzopod] rundll32.exe "C:\Program Files\yfqhqbur\apghebiz.dll",Init
    O4 - HKLM\..\Run: [jsdyvenu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\jsdyvenu.dll"
    O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvzej.dll,startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Qcfri] "C:\Documents and Settings\Matthew\Application Data\F?nts\?ti2evxx.exe"
    O4 - HKCU\..\Run: [Tbsa] "C:\PROGRA~1\COMMON~1\MCROSO~1.NET\wuauboot.exe" -vt ndrv
    O4 - Startup: findfast.exe
    O4 - Global Startup: autorun.exe
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156092615015
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O20 - Winlogon Notify: nnnonnn - C:\WINDOWS\SYSTEM32\nnnonnn.dll
    O20 - Winlogon Notify: wingdm32 - C:\WINDOWS\SYSTEM32\wingdm32.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Freenet 0.7 darknet (freenet-darknet) - Unknown owner - C:\Program Files\freenet\bin\wrapper-windows-x86-32.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    --
    End of file - 7726 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    S3 SQTECH905C (DualCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
    S3 UnlockerDriver4 (UnlockerDriver4 Driver) - c:\program files\unlocker\unlockerdriver4.sys


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    S2 freenet-darknet (Freenet 0.7 darknet) - "c:\program files\freenet\bin\wrapper-windows-x86-32.exe" -s ../wrapper.conf (file missing)
    S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>
    S3 InstallShield Licensing Service - "c:\program files\common files\installshield shared\service\installshield licensing service.exe" <Not Verified; Macrovision; FLEXnet Authentication Service>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Files created between 2007-10-20 and 2007-11-20 -----------------------------

    2007-11-19 21:13:35 0 d-------- C:\Program Files\Trend Micro
    2007-11-19 21:09:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-11-19 21:09:15 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-11-19 21:00:41 9728 --a------ C:\WINDOWS\shell.exe
    2007-11-19 20:40:25 0 d-------- C:\Program Files\CCleaner
    2007-11-19 20:38:02 432627 --ahs---- C:\WINDOWS\system32\fgjlm.ini2
    2007-11-19 20:37:50 329824 --a------ C:\WINDOWS\system32\mljgf.dll
    2007-11-19 19:40:13 0 d-------- C:\Program Files\Lavasoft
    2007-11-19 19:40:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-11-19 19:33:23 0 d-------- C:\Documents and Settings\Matthew\Application Data\F?nts
    2007-11-19 19:33:19 60928 --a------ C:\WINDOWS\system32\erbjfxt.dll
    2007-11-19 19:33:00 0 d-------- C:\Program Files\Common Files\M?crosoft.NET
    2007-11-19 19:32:56 15360 --a------ C:\WINDOWS\system32\drvzejr.dll
    2007-11-19 19:32:56 104448 --a------ C:\WINDOWS\system32\drvzej.dll
    2007-11-19 19:32:50 114688 --a------ C:\Documents and Settings\All Users\Application Data\jsdyvenu.dll
    2007-11-19 19:32:46 0 d-------- C:\Program Files\Vgsliunk
    2007-11-19 19:32:42 37376 --a------ C:\WINDOWS\system32\rqropnl.dll
    2007-11-19 19:32:37 0 d-------- C:\Program Files\yfqhqbur
    2007-11-19 18:33:44 0 d-------- C:\Program Files\wdrpuyag
    2007-11-19 18:33:42 19968 --a------ C:\WINDOWS\system32\xlibgfl254.dll
    2007-11-19 18:33:42 0 d-------- C:\Documents and Settings\Matthew\Application Data\ultra
    2007-11-19 18:21:59 9728 --a------ C:\WINDOWS\system32\spoolvs.exe
    2007-11-19 18:21:58 9728 --a------ C:\WINDOWS\system32\printer.exe
    2007-11-19 18:21:57 9728 -----n--- C:\Program Files\xloader10181.exe
    2007-11-19 18:15:40 0 d-------- C:\Program Files\E404 Helper
    2007-11-19 18:15:22 14900 --a------ C:\Program Files\3269.exe
    2007-11-19 18:09:14 15360 --a------ C:\WINDOWS\system32\drvzetr.dll
    2007-11-19 18:09:14 102912 --a------ C:\WINDOWS\system32\drvzet.dll
    2007-11-19 18:08:54 0 d-------- C:\Program Files\MalwareAlarm
    2007-11-19 18:08:52 0 d-------- C:\WINDOWS\system32\fibagbia
    2007-11-19 18:08:51 0 d-------- C:\Program Files\SecCenter
    2007-11-19 18:08:48 37376 --a------ C:\WINDOWS\system32\nnnonnn.dll
    2007-11-19 18:08:47 0 d-------- C:\Program Files\Uvxgulrx
    2007-11-19 18:08:45 1147424 --a------ C:\Install
    2007-11-19 18:08:44 0 d-------- C:\Program Files\tahmnkrq
    2007-11-19 18:08:41 20992 --a------ C:\WINDOWS\system32\wingdm32.dll


    -- Find3M Report ---------------------------------------------------------------

    2007-11-19 22:28:01 0 d-------- C:\Program Files\PeerGuardian2
    2007-11-19 21:01:43 0 d-------- C:\Program Files\Common Files\M?crosoft.NET
    2007-11-19 20:34:15 0 d-------- C:\Program Files\Common Files
    2007-11-19 19:37:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-19 19:33:23 0 d-------- C:\Documents and Settings\Matthew\Application Data\F?nts
    2007-11-19 19:22:57 0 d-------- C:\Documents and Settings\Matthew\Application Data\OpenOffice.org2
    2007-11-18 17:56:56 0 d-------- C:\Documents and Settings\Matthew\Application Data\Azureus
    2007-11-16 20:17:35 0 d-------- C:\Program Files\FlashGet
    2007-11-11 14:18:26 0 d-------- C:\Program Files\Guild Wars
    2007-11-08 15:41:13 0 d-------- C:\Program Files\陽射しの中のリアル
    2007-11-08 15:39:34 0 d-------- C:\Program Files\eMule
    2007-11-08 15:38:52 0 d-------- C:\Program Files\BrainWave Generator
    2007-11-08 15:37:48 0 d-------- C:\Program Files\IDoser v4
    2007-10-20 17:06:47 0 d-------- C:\Documents and Settings\Matthew\Application Data\Vidalia
    2007-10-20 16:57:07 0 d-------- C:\Documents and Settings\Matthew\Application Data\Tor
    2007-10-20 10:00:24 0 d-------- C:\Program Files\mIRC
    2007-10-12 18:00:02 0 d-------- C:\Program Files\OpenOffice.org 2.3
    2007-10-12 17:58:45 0 d-------- C:\Program Files\OpenOffice.org 2.0
    2007-10-12 17:55:48 0 d-------- C:\Program Files\Java
    2007-09-20 14:03:17 0 d-------- C:\Program Files\Last.fm


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}]
    11/19/2007 07:32 PM 114688 --a------ C:\Program Files\Vgsliunk\cimcymfw.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}]
    11/19/2007 06:37 PM 110592 --a------ C:\Program Files\wdrpuyag\sywxapur.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E8CC145-8682-4135-A5D8-3BC5B179459A}]
    11/19/2007 08:37 PM 329824 --a------ C:\WINDOWS\system32\mljgf.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED203331-9C33-49D8-8714-D24A366A04EC}]
    11/19/2007 06:08 PM 37376 --a------ C:\WINDOWS\system32\nnnonnn.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFDBD949-15F4-2E5A-8F58-31E6008F5894}]
    11/01/2007 07:44 AM 60928 --a------ C:\WINDOWS\system32\erbjfxt.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08/01/2005 03:07 PM]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07/28/2005 05:26 PM]
    "Printer"="C:\WINDOWS\system32\printer.exe" [03/25/2005 06:23 AM]
    "ipmzopod"="C:\Program Files\yfqhqbur\apghebiz.dll" [11/19/2007 07:32 PM]
    "jsdyvenu"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\jsdyvenu.dll" []
    "SC2"="C:\Program Files\SecCenter\scprot4.exe" [11/19/2007 07:32 PM]
    "CTDrive"="C:\WINDOWS\system32\drvzej.dll" [11/19/2007 07:32 PM]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/27/2005 08:55 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spoolsv"="C:\WINDOWS\system32\spoolvs.exe" [03/25/2005 06:23 AM]
    "Windows update loader"="C:\Windows\xpupdate.exe" [11/19/2007 07:32 PM]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:00 AM]
    "Qcfri"="C:\Documents and Settings\Matthew\Application Data\F?nts\?ti2evxx.exe" [11/01/2007 07:45 AM]
    "Tbsa"="C:\PROGRA~1\COMMON~1\MCROSO~1.NET\wuauboot.exe" [11/19/2007 09:01 PM]

    C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\
    findfast.exe [3/25/2005 6:23:35 AM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    autorun.exe [3/25/2005 6:23:35 AM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=1 (0x1)
    "DisableTaskMgr"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "Wallpaper"=

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoActiveDesktop"=0 (0x0)
    "ForceActiveDesktopOn"=0 (0x0)
    "NoControlPanel"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\nnnonnn.dll [11/19/2007 06:08 PM 37376]
  4. 2007-11-21, 00:01 #4
    Stoke
    Stoke is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    11

    Default

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Shell"="Explorer.exe C:\WINDOWS\shell.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnonnn]
    nnnonnn.dll 11/19/2007 06:08 PM 37376 C:\WINDOWS\system32\nnnonnn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingdm32]
    wingdm32.dll 11/19/2007 06:08 PM 20992 C:\WINDOWS\system32\wingdm32.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljgf.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autorun.exe]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
    backup=C:\WINDOWS\pss\autorun.exeCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
    backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
    backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^findfast.exe]
    path=C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\findfast.exe
    backup=C:\WINDOWS\pss\findfast.exeStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^Freenet.lnk]
    path=C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\Freenet.lnk
    backup=C:\WINDOWS\pss\Freenet.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^Kremlin Sentry.lnk]
    path=C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\Kremlin Sentry.lnk
    backup=C:\WINDOWS\pss\Kremlin Sentry.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
    path=C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
    C:\Program Files\HPQ\Default Settings\cpqset.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
    "C:\Program Files\D-Tools\daemon.exe" -lang 1033

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fepkrytk]
    regsvr32 /u "C:\Documents and Settings\All Users\Application Data\fepkrytk.dll"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fojmvqzo]
    regsvr32 /u "C:\Documents and Settings\All Users\Application Data\fojmvqzo.dll"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gbqzkfsh]
    regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gbqzkfsh.dll"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gxutgbyz]
    regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gxutgbyz.dll"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
    C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jcncpula]
    regsvr32 /u "C:\Documents and Settings\All Users\Application Data\jcncpula.dll"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsbqxgfg]
    regsvr32 /u "C:\Documents and Settings\All Users\Application Data\lsbqxgfg.dll"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
    c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Printer]
    C:\WINDOWS\system32\printer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
    C:\Program Files\SecCenter\scprot4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spoolsv]
    C:\WINDOWS\system32\spoolvs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tahmnkrq]
    rundll32.exe "C:\Program Files\tahmnkrq\tszyjyhs.dll",Init

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
    C:\Program Files\Norton Internet Security\UrlLstCk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
    "C:\Program Files\Vidalia\vidalia.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wbwhypkd]
    regsvr32 /u "C:\Documents and Settings\All Users\Application Data\wbwhypkd.dll"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xafcbkhm]
    regsvr32 /u "C:\Documents and Settings\All Users\Application Data\xafcbkhm.dll"




    -- Hosts -----------------------------------------------------------------------

    10.18.250.4 ad.doubleclick.net
    10.18.250.4 ad.fastclick.net
    10.18.250.4 ads.fastclick.net
    10.18.250.4 atdmt.com
    10.18.250.4 awaps.net
    10.18.250.4 banner.fastclick.net
    10.18.250.4 banners.fastclick.net
    10.18.250.4 click.atdmt.com
    10.18.250.4 clicks.atdmt.com
    10.18.250.4 engine.awaps.net

    8 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2007-11-20 16:52:33 ------------

    End of main, extra coming.
  5. 2007-11-21, 00:03 #5
    Stoke
    Stoke is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    11

    Default

    This was a few over the limit as well.

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Home Edition (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: AMD Turion(tm) 64 Mobile Technology ML-37
    Percentage of Memory in Use: 72%
    Physical Memory (total/avail): 382.48 MiB / 106.45 MiB
    Pagefile Memory (total/avail): 919.35 MiB / 677.3 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1940.66 MiB

    C: is Fixed (NTFS) - 55.88 GiB total, 14.87 GiB free.
    D: is CDROM (No Media)
    E: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - TOSHIBA MK6025GAS - 55.89 GiB - 1 partition
    \PARTITION0 (bootable) - Installable File System - 55.88 GiB - C:



    -- Security Center -------------------------------------------------------------

    AUOptions is disabled.
    Windows Internal Firewall is disabled.

    FirstRunDisabled is set.


    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\xloader10181.exe"="C:\\Program Files\\xloader10181.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\Documents and Settings\\Matthew\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Matthew\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
    "%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\Documents and Settings\\Matthew\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Matthew\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\Documents and Settings\\Matthew\\Application Data\\ppldr.exe"="C:\\Documents and Settings\\Matthew\\Application Data\\ppldr.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\Documents and Settings\\Matthew\\Application Data\\trant.exe"="C:\\Documents and Settings\\Matthew\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019"

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Disabled:Earthlink"
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\ABC\\abc.exe"="C:\\Program Files\\ABC\\abc.exe:*:Enabled:abc"
    "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\iView MediaPro3\\IVIEW_MP.exe"="C:\\Program Files\\iView MediaPro3\\IVIEW_MP.exe:*:Enabled:iView Multimedia"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
    "C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
    "C:\\DOCUME~1\\Matthew\\LOCALS~1\\Temp\\win293.exe"="C:\\DOCUME~1\\Matthew\\LOCALS~1\\Temp\\win293.exe:*:Enabled:win293"
    "C:\\Program Files\\xloader10181.exe"="C:\\Program Files\\xloader10181.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\Documents and Settings\\Matthew\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Matthew\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
    "%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\Documents and Settings\\Matthew\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Matthew\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\Documents and Settings\\Matthew\\Application Data\\ppldr.exe"="C:\\Documents and Settings\\Matthew\\Application Data\\ppldr.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\Documents and Settings\\Matthew\\Application Data\\trant.exe"="C:\\Documents and Settings\\Matthew\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\TEMP\\win3C.exe"="C:\\WINDOWS\\TEMP\\win3C.exe:*:Enabled:win3C"


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Matthew\Application Data
    CLASSPATH=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=MATTLAPTOP
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Matthew
    LOGONSERVER=\\MATTLAPTOP
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\GTK\2.0\bin
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=2402
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Matthew\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Matthew\LOCALS~1\Temp
    USERDOMAIN=MATTLAPTOP
    USERNAME=Matthew
    USERPROFILE=C:\Documents and Settings\Matthew
    windir=C:\WINDOWS
    __COMPAT_LAYER=EnableNXShowUI


    -- User Profiles ---------------------------------------------------------------

    Matthew (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
    --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
    Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
    Adobe Reader Japanese Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-705000000001}
    AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
    Aquarius Soft PC Alarm Clock Professional --> "C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe" -r
    Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
    ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
    Azureus --> C:\Program Files\Azureus\Uninstall.exe
    Better File Rename 4.9.5 --> "C:\Program Files\Better File Rename\unins000.exe"
    CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
    CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
    Celestia 1.4.1 --> "C:\Program Files\Celestia\unins000.exe"
    CGoban 2 --> C:\WINDOWS\system32\javaws.exe -uninstall "http://kgs.kiseido.com/javaBin/cgoban.jnlp"
    Combined Community Codec Pack 2007-02-22 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
    Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.inf
    DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
    Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C\HXFSETUP.EXE -U -IVEN_1002&DEV_4378&SUBSYS_3091103C
    DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Duplicate Image Finder --> MsiExec.exe /I{8E73635A-C9F2-446F-BAC9-C4BDA395289A}
    DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
    FlashGet(JetCar) --> C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
    FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
    Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
    GTK+ 2.8.9 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\unins000.exe"
    Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
    HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
    HP User Guides 0001 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06ECCCF4-9295-468E-851C-9529A7C181E8}\setup.exe" -l0x9 -removeonly
    HP Wireless Assistant 1.01 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
    InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
    InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
    IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
    iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} /l1033
    iView MediaPro3 (remove only) --> C:\Program Files\iView MediaPro3\Uninst.exe
    J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
    J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
    J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    Japanese Learning Suite --> MsiExec.exe /I{379EF672-10D2-4A25-9D86-EAD49CBC34E2}
    Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    KanjiBrowze 2006.1 --> C:\PROGRA~1\MINDDA~1\KANJIB~1.1\Setup.exe /remove
    Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    Kremlin --> C:\PROGRA~1\MACH5S~1\Kremlin\UNWISE.EXE C:\PROGRA~1\MACH5S~1\Kremlin\INSTALL.LOG
    Last.fm 1.3.2.13 --> "C:\Program Files\Last.fm\unins000.exe"
    Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    MetaFrame Presentation Server Web Client for Win32 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
    Microsoft Office Professional 2007 Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
    Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
    Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    OpenOffice.org 2.3 --> MsiExec.exe /I{83C03FBE-4492-4133-BBAB-421CD88ADA32}
    Opera --> C:\PROGRA~1\Opera\uninst\unwise.exe C:\PROGRA~1\Opera\uninst\install.log
    PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
    Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
    Privoxy 3.0.6 --> "C:\Program Files\Privoxy\privoxy_uninstall.exe"
    Quick Launch Buttons 5.10 B2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
    QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Safari --> MsiExec.exe /X{3F9EFA28-D2FE-44B7-8896-0B0FF8DF5517}
    Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Shareaza version 2.2.5.0 --> "C:\Program Files\Shareaza\Uninstall\unins000.exe"
    SmartGo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACFE681D-1E4B-4EAA-A097-EAD32A43F23B}\setup.exe" -l0x9 -removeonly
    Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
    Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
    Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
    Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Steam --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
    StuffIt Standard --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}
    Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{612DC38A-B36A-4699-88EB-12C7394DE2FC} /l1033
    The GIMP 2.2.11 --> "C:\Program Files\GIMP-2.0\unins000.exe"
    Tor 0.1.2.14 --> "C:\Program Files\Tor\Uninstall.exe"
    Ultra soft --> C:\Documents and Settings\Matthew\Application Data\ultra\uninstall.bat
    Unlocker 1.3 --> C:\Program Files\Unlocker\uninst.exe
    Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
    Vidalia 0.0.11 --> "C:\Program Files\Vidalia\uninstall.exe"
    VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
    Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
    Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
  6. 2007-11-21, 00:04 #6
    Stoke
    Stoke is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    11

    Default

    -- Application Event Log -------------------------------------------------------

    Event Record #/Type2817 / Error
    Event Submitted/Written: 11/19/2007 07:33:12 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application iexplore.exe, version 7.0.5730.11, faulting module , version 0.0.0.0, fault address 0x00000000.
    Processing media-specific event for [iexplore.exe!ws!]

    Event Record #/Type2808 / Error
    Event Submitted/Written: 11/19/2007 06:36:24 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application iexplore.exe, version 7.0.5730.11, faulting module xafcbkhm.dll, version 0.0.0.0, fault address 0x0000e2cb.
    Processing media-specific event for [iexplore.exe!ws!]

    Event Record #/Type2807 / Error
    Event Submitted/Written: 11/19/2007 06:34:53 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application iexplore.exe, version 7.0.5730.11, faulting module , version 0.0.0.0, fault address 0x00000000.
    Processing media-specific event for [iexplore.exe!ws!]

    Event Record #/Type2806 / Error
    Event Submitted/Written: 11/19/2007 06:32:21 PM / 11/19/2007 06:32:22 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application iexplore.exe, version 7.0.5730.11, faulting module xafcbkhm.dll, version 0.0.0.0, fault address 0x0000e2cb.
    Processing media-specific event for [iexplore.exe!ws!]

    Event Record #/Type2805 / Error
    Event Submitted/Written: 11/19/2007 06:28:05 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application iexplore.exe, version 7.0.5730.11, faulting module xafcbkhm.dll, version 0.0.0.0, fault address 0x0000e2cb.
    Processing media-specific event for [iexplore.exe!ws!]



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type25289 / Error
    Event Submitted/Written: 11/20/2007 10:38:47 AM
    Event ID/Source: 7034 / Service Control Manager
    Event Description:
    The Ad-Aware 2007 Service service terminated unexpectedly. It has done this 1 time(s).

    Event Record #/Type25275 / Error
    Event Submitted/Written: 11/20/2007 10:37:32 AM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    The Freenet 0.7 darknet service failed to start due to the following error:
    %%3

    Event Record #/Type25255 / Error
    Event Submitted/Written: 11/19/2007 10:57:30 PM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    The Freenet 0.7 darknet service failed to start due to the following error:
    %%3

    Event Record #/Type25239 / Warning
    Event Submitted/Written: 11/19/2007 09:13:53 PM
    Event ID/Source: 8021 / BROWSER
    Event Description:
    The browser was unable to retrieve a list of servers from the browser master \\GRANDMA on the network \Device\NetBT_Tcpip_{279EFEA2-AB86-4425-A925-FBE0224869E8}.
    The data is the error code.

    Event Record #/Type25224 / Error
    Event Submitted/Written: 11/19/2007 09:01:09 PM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    The Freenet 0.7 darknet service failed to start due to the following error:
    %%3



    -- End of Deckard's System Scanner: finished at 2007-11-20 16:52:33 ------------

    Ok that's both the scans. Thanks for taking the time to help me.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules