Here is what info I have so far, I finally got the Deckers System Scan thing to work, so here's some of of the info you've asked for already.....
Main.txt
Deckard's System Scanner v20070809.63
Run by Owner on 2007-08-17 at 23:57:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
15: 2007-08-18 06:57:14 UTC - RP15 - Deckard's System Scanner Restore Point
14: 2007-08-18 06:04:24 UTC - RP14 - ComboFix created restore point
13: 2007-08-17 04:30:02 UTC - RP13 - System Checkpoint
12: 2007-08-16 01:51:48 UTC - RP12 - System Checkpoint
11: 2007-08-15 01:41:54 UTC - RP11 - Deckard's System Scanner Restore Point
-- First Restore Point --
1: 2007-08-11 06:34:23 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 254 MiB (512 MiB recommended).
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:35 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wpabaln.exe
C:\PROGRA~1\COMMON~1\aol\118681~1\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1186815178\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D86D4C0-CA14-46FA-87EE-4BAA3ABB8D27}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)
--
End of file - 2343 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20070815-134701-132 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
backup-20070815-134701-184 O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1186815178\ee\AOLSoftware.exe
backup-20070815-134701-336 O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
backup-20070815-134701-369 O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
backup-20070815-134701-473 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
backup-20070815-134701-597 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20070815-134701-974 O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
backup-20070815-134702-640 O17 - HKLM\System\CCS\Services\Tcpip\..\{8D86D4C0-CA14-46FA-87EE-4BAA3ABB8D27}: NameServer = 205.188.146.145
backup-20070815-134702-776 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S0 srescan - c:\windows\system32\zonelabs\srescan.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 vsmon (TrueVector Internet Monitor) - c:\windows\system32\zonelabs\vsmon.exe -service (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2007-07-17 and 2007-08-17 -----------------------------
2007-08-17 07:19:56 0 d-------- C:\Program Files\MetaStream
2007-08-17 06:56:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-17 06:56:17 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-17 06:56:13 0 d-------- C:\WINDOWS\LastGood
2007-08-17 06:46:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2007-08-16 22:22:36 0 d-------- C:\Program Files\Alwil Software
2007-08-16 21:49:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-08-13 15:03:39 0 d-------- C:\Program Files\Trend Micro
2007-08-13 14:49:49 0 d---s---- C:\Documents and Settings\Owner\UserData
2007-08-11 23:39:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-08-11 23:37:43 0 d-------- C:\Program Files\Yahoo!
2007-08-10 23:56:57 0 d-------- C:\Documents and Settings\Owner\Application Data\AOL
2007-08-10 23:56:56 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-08-10 23:56:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2007-08-10 23:56:14 0 d-------- C:\Program Files\Common Files\aolback
2007-08-10 23:55:40 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-08-10 23:54:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-08-10 23:54:55 0 d-------- C:\Program Files\Viewpoint
2007-08-10 23:52:48 0 d-------- C:\Program Files\Common Files\aolshare
2007-08-10 23:52:48 0 d-------- C:\Program Files\Common Files\aol
2007-08-10 23:52:48 0 d-------- C:\Program Files\AOL 9.0
2007-08-10 23:52:48 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-08-10 23:52:18 335 --a------ C:\WINDOWS\nsreg.dat
2007-08-10 23:45:15 0 d--h----- C:\TEMP
2007-08-10 23:31:29 0 d-------- C:\WINDOWS\Prefetch
2007-08-10 23:13:11 0 d-------- C:\Program Files\Common Files\ODBC
2007-08-10 23:00:03 0 d-------- C:\WINDOWS\setup.pss
2007-08-10 22:24:21 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2007-08-10 19:33:00 0 d-------- C:\Program Files\Common Files\speechengines
2007-08-10 19:33:00 0 d-------- C:\Program Files\Common Files\mssoap
2007-08-10 19:32:59 0 d-------- C:\WINDOWS\system32\mui
2007-08-10 16:01:55 0 d-------- C:\WINDOWS\twain_32
2007-08-10 16:01:55 0 d-------- C:\WINDOWS\mui
2007-08-10 14:51:04 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-08-10 14:50:42 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-08-10 14:50:28 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-08-10 14:50:22 74396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-08-10 14:50:22 75932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-08-10 14:50:00 1189920 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-10 14:46:06 0 d-------- C:\Program Files\Java
2007-08-10 14:45:14 0 d-------- C:\Program Files\Common Files\Java
2007-08-10 14:34:50 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-08-10 14:19:35 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-08-10 14:18:39 0 d-------- C:\Program Files\Realtek AC97
2007-08-10 14:18:34 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2007-08-10 14:18:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-10 14:18:19 0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-10 13:58:22 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2007-08-10 13:57:56 0 d--h----- C:\Documents and Settings\Owner\Templates
2007-08-10 13:57:56 0 dr------- C:\Documents and Settings\Owner\Start Menu
2007-08-10 13:57:56 0 dr-h----- C:\Documents and Settings\Owner\SendTo
2007-08-10 13:57:56 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-08-10 13:57:56 0 d--h----- C:\Documents and Settings\Owner\PrintHood
2007-08-10 13:57:56 786432 --ah----- C:\Documents and Settings\Owner\NTUSER.DAT
2007-08-10 13:57:56 0 d--h----- C:\Documents and Settings\Owner\NetHood
2007-08-10 13:57:56 0 dr------- C:\Documents and Settings\Owner\My Documents
2007-08-10 13:57:56 0 d--h----- C:\Documents and Settings\Owner\Local Settings
2007-08-10 13:57:56 0 dr------- C:\Documents and Settings\Owner\Favorites
2007-08-10 13:57:56 0 d-------- C:\Documents and Settings\Owner\Desktop
2007-08-10 13:57:56 0 d---s---- C:\Documents and Settings\Owner\Cookies
2007-08-10 13:57:56 0 d--h----- C:\Documents and Settings\Owner\Application Data
2007-08-10 13:57:45 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-08-10 13:57:34 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-08-10 13:57:33 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-08-10 13:57:33 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-08-10 13:57:33 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-08-10 13:57:33 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-08-10 13:57:33 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-08-10 13:56:39 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-08-10 13:56:39 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-08-10 13:56:39 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-08-10 13:56:38 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-08-10 13:56:38 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-08-10 13:52:14 0 d-------- C:\WINDOWS\system32\xircom
2007-08-10 13:52:08 258048 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-08-10 13:52:03 0 d--h----- C:\WINDOWS\$hf_mig$
2007-08-10 13:51:41 0 -rahs---- C:\MSDOS.SYS
2007-08-10 13:51:41 0 -rahs---- C:\IO.SYS
2007-08-10 13:51:41 0 --a------ C:\CONFIG.SYS
2007-08-10 13:51:41 0 --a------ C:\AUTOEXEC.BAT
2007-08-10 13:49:44 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-08-10 13:49:28 0 dr------- C:\WINDOWS\Offline Web Pages
2007-08-10 13:49:28 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-08-10 13:49:08 0 d--h----- C:\Program Files\WindowsUpdate
2007-08-10 13:48:40 0 d-------- C:\WINDOWS\system32\DirectX
2007-08-10 13:48:06 0 d---s---- C:\WINDOWS\Tasks
2007-08-10 13:48:01 0 d-------- C:\WINDOWS\system32\Macromed
2007-08-10 13:48:01 0 d-------- C:\WINDOWS\srchasst
2007-08-10 13:47:45 0 d-------- C:\WINDOWS\system32\Restore
2007-08-10 13:47:22 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-08-10 13:46:59 0 d-------- C:\WINDOWS\Registration
2007-08-10 13:45:13 0 d-------- C:\Program Files\Windows NT
2007-08-10 13:45:10 0 d-------- C:\WINDOWS\system32\MsDtc
2007-08-10 13:45:09 0 d-------- C:\WINDOWS\system32\Com
2007-08-10 06:25:04 0 d--hs---- C:\WINDOWS\Installer
2007-08-10 06:24:58 0 dr------- C:\Program Files
2007-08-10 06:24:58 0 d-------- C:\Program Files\Common Files
2007-08-10 06:24:30 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-08-10 06:24:30 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-08-10 06:24:30 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-08-10 06:24:30 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-08-10 06:24:30 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-08-10 06:24:30 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-08-10 06:24:30 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-08-10 06:24:30 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-08-10 06:24:30 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-08-10 06:24:30 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-08-10 06:24:30 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-08-10 06:24:30 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-08-10 06:24:30 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-08-10 06:24:30 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-08-10 06:24:30 0 dr------- C:\Documents and Settings\All Users\Documents
2007-08-10 06:24:30 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-08-10 06:24:12 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-08-10 06:24:12 0 d-------- C:\WINDOWS\system32\CatRoot
2007-08-10 06:24:06 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-08-10 06:24:06 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-08-10 06:24:05 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-08-10 06:24:05 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-08-10 06:23:40 0 d--hs---- C:\System Volume Information
2007-08-10 06:23:40 0 d-------- C:\Documents and Settings
2007-08-10 06:15:48 0 d-------- C:\WINDOWS
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\WinSxS
2007-08-10 06:15:48 0 dr------- C:\WINDOWS\Web
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\wins
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\wbem
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\usmt
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\spool
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\ShellExt
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\Setup
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\ras
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\oobe
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\npp
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\inetsrv
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\IME
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\icsxml
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\ias
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\export
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\drivers
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-08-10 06:15:48 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\dhcp
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\config
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\3076
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\2052
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\1054
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\1042
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\1041
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\1037
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\1033
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\1031
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\1028
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\1025
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\security
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\Resources
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\repair
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\Provisioning
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\PeerNet
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\pchealth
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\msapps
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\msagent
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\Media
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\java
2007-08-10 06:15:48 0 d--h----- C:\WINDOWS\inf
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\ime
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\Help
2007-08-10 06:15:48 0 dr--s---- C:\WINDOWS\Fonts
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\Driver Cache
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\Debug
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\Cursors
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\Connection Wizard
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\Config
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\AppPatch
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\addins
-- Find3M Report ---------------------------------------------------------------
2007-08-10 06:24:30 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/27/2007 03:03 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [11/10/2006 06:16 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
-- End of Deckard's System Scanner: finished at 2007-08-18 at 00:00:39 ---------
Extra.txt
Deckard's System Scanner v20070809.63
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Celeron(R) CPU 1.80GHz
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 253.98 MiB / 68.84 MiB
Pagefile Memory (total/avail): 624.98 MiB / 410.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1970.53 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 72 GiB free.
D: is CDROM (No Media)
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.
AV: avast! antivirus 4.7.1029 [VPS 000766-0] v4.7.1029 (ALWIL Software)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\HP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0103
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=HP
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Owner
(admin)
-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
AOL Registration --> "C:\Program Files\AOL\RC\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Realtek AC'97 Audio --> Alcrmv.exe -r -m
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event ID #252: Error
Event Submitted/Written: 08/16/2007 11:15:36 PM
Event Source: Application Hang
Event Description:
Hanging application ashSimpl.exe, version 4.7.1029.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event ID #245: Warning
Event Submitted/Written: 08/16/2007 09:49:15 PM
Event Source: Windows Product Activation
Event Description:
Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within 24 days.
Event ID #156: Error
Event Submitted/Written: 08/14/2007 06:42:11 PM
Event Source: Application Error
Event Description:
Faulting application dss.exe, version 3.2.4.9, faulting module dss.dll, version 0.0.0.0, fault address 0x000020c8.
Processing media-specific event for [dss.exe!ws!]
Event ID #155: Error
Event Submitted/Written: 08/14/2007 06:30:04 PM
Event Source: Application Error
Event Description:
Faulting application dss.exe, version 3.2.4.9, faulting module dss.dll, version 0.0.0.0, fault address 0x000020c8.
Processing media-specific event for [dss.exe!ws!]
Event ID #146: Error
Event Submitted/Written: 08/14/2007 02:22:57 PM
Event Source: Application Error
Event Description:
Faulting application dss.exe, version 3.2.4.9, faulting module dss.dll, version 0.0.0.0, fault address 0x000020c8.
Processing media-specific event for [dss.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event ID #7997: Error
Event Submitted/Written: 08/17/2007 11:05:23 PM
Event Source: W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.
Event ID #7996: Error
Event Submitted/Written: 08/17/2007 11:05:23 PM
Event Source: W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
Event ID #7995: Error
Event Submitted/Written: 08/17/2007 11:05:23 PM
Event Source: W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
Event ID #7994: Error
Event Submitted/Written: 08/17/2007 11:05:23 PM
Event Source: W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
Event ID #7993: Error
Event Submitted/Written: 08/17/2007 11:05:23 PM
Event Source: W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
-- End of Deckard's System Scanner: finished at 2007-08-18 at 00:00:39 ---------
ComboFix.txt
ComboFix 07-08-14.4 - "Owner" 2007-08-17 23:04:34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.93 [GMT -7:00]
* Created a new restore point
((((((((((((((((((((((((( Files Created from 2007-07-18 to 2007-08-18 )))))))))))))))))))))))))))))))
2007-08-17 23:01 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-17 07:19 <DIR> d-------- C:\Program Files\MetaStream
2007-08-17 06:56 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-17 06:56 <DIR> d-------- C:\WINDOWS\LastGood
2007-08-17 06:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-17 06:46 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
2007-08-16 22:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-16 22:23 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-16 22:23 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-16 22:23 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-16 22:23 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-16 22:23 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-16 22:22 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-16 22:22 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-08-16 22:22 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-16 21:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-08-14 14:14 <DIR> d-------- C:\Deckard
2007-08-13 15:03 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-13 14:49 <DIR> d---s---- C:\DOCUME~1\Owner\UserData
2007-08-11 23:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-08-11 23:37 <DIR> d-------- C:\Program Files\Yahoo!
2007-08-11 00:07 471,216 --a------ C:\Program Files\msgr8us.exe
2007-08-10 23:58 10,920 --a------ C:\aolconnfix.exe
2007-08-10 23:56 <DIR> d-------- C:\Program Files\Common Files\aolback
2007-08-10 23:56 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\AOL
2007-08-10 23:55 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2007-08-10 23:54 33,588 -ra------ C:\WINDOWS\system32\drivers\wanatw4.sys
2007-08-10 23:54 <DIR> d-------- C:\Program Files\Viewpoint
2007-08-10 23:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-08-10 23:52 335 --a------ C:\WINDOWS\nsreg.dat
2007-08-10 23:52 <DIR> d-------- C:\Program Files\Common Files\aolshare
2007-08-10 23:52 <DIR> d-------- C:\Program Files\Common Files\aol
2007-08-10 23:52 <DIR> d-------- C:\Program Files\AOL 9.0
2007-08-10 23:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-08-10 23:45 <DIR> d--h----- C:\TEMP
2007-08-10 23:34 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2007-08-10 23:31 <DIR> d-------- C:\WINDOWS\Prefetch
2007-08-10 23:29 86,073 --a--c--- C:\WINDOWS\system32\dllcache\voicesub.dll
2007-08-10 23:29 48,256 --a--c--- C:\WINDOWS\system32\dllcache\w32.dll
2007-08-10 23:29 426,041 --a--c--- C:\WINDOWS\system32\dllcache\voicepad.dll
2007-08-10 23:29 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2007-08-10 23:29 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2007-08-10 23:29 18,944 --a--c--- C:\WINDOWS\system32\dllcache\vmmreg32.dll
2007-08-10 23:28 9,728 --a--c--- C:\WINDOWS\system32\dllcache\query.exe
2007-08-10 23:28 8,704 --a--c--- C:\WINDOWS\system32\dllcache\snmptrap.exe
2007-08-10 23:28 79,872 --a--c--- C:\WINDOWS\system32\dllcache\rwia330.dll
2007-08-10 23:28 79,872 --a--c--- C:\WINDOWS\system32\dllcache\rwia001.dll
2007-08-10 23:28 76,288 --a--c--- C:\WINDOWS\system32\dllcache\uniime.dll
2007-08-10 23:28 70,144 --a--c--- C:\WINDOWS\system32\dllcache\pintlphr.exe
2007-08-10 23:28 7,168 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll
2007-08-10 23:28 67,584 --a--c--- C:\WINDOWS\system32\dllcache\pmigrate.dll
2007-08-10 23:28 6,144 --a--c--- C:\WINDOWS\system32\dllcache\snmpmib.dll
2007-08-10 23:28 6,144 --a--c--- C:\WINDOWS\system32\dllcache\pmxgl.dll
2007-08-10 23:28 57,856 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
2007-08-10 23:28 53,760 --a--c--- C:\WINDOWS\system32\dllcache\pintlcsd.dll
2007-08-10 23:28 5,632 --a--c--- C:\WINDOWS\system32\dllcache\smimsgif.dll
2007-08-10 23:28 5,632 --a--c--- C:\WINDOWS\system32\dllcache\smierrsy.dll
2007-08-10 23:28 456,704 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2007-08-10 23:28 455,168 --a--c--- C:\WINDOWS\system32\dllcache\tintsetp.exe
2007-08-10 23:28 44,032 --a--c--- C:\WINDOWS\system32\dllcache\tintlphr.exe
2007-08-10 23:28 40,448 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
2007-08-10 23:28 38,912 --a--c--- C:\WINDOWS\system32\dllcache\sm9aw.dll
2007-08-10 23:28 36,927 --a--c--- C:\WINDOWS\system32\dllcache\padrs411.dll
2007-08-10 23:28 358,400 --a--c--- C:\WINDOWS\system32\dllcache\snmpincl.dll
2007-08-10 23:28 32,768 --a--c--- C:\WINDOWS\system32\dllcache\snmp.exe
2007-08-10 23:28 31,744 --a--c--- C:\WINDOWS\system32\dllcache\smb6w.dll
2007-08-10 23:28 31,744 --a--c--- C:\WINDOWS\system32\dllcache\sma3w.dll
2007-08-10 23:28 30,208 --a--c--- C:\WINDOWS\system32\dllcache\sm87w.dll
2007-08-10 23:28 30,208 --a--c--- C:\WINDOWS\system32\dllcache\sm81w.dll
2007-08-10 23:28 29,184 --a--c--- C:\WINDOWS\system32\dllcache\sm8cw.dll
2007-08-10 23:28 26,624 --a--c--- C:\WINDOWS\system32\dllcache\sm93w.dll
2007-08-10 23:28 26,624 --a--c--- C:\WINDOWS\system32\dllcache\sm92w.dll
2007-08-10 23:28 26,624 --a--c--- C:\WINDOWS\system32\dllcache\rw330ext.dll
2007-08-10 23:28 26,112 --a--c--- C:\WINDOWS\system32\dllcache\sm90w.dll
2007-08-10 23:28 26,112 --a--c--- C:\WINDOWS\system32\dllcache\sm8dw.dll
2007-08-10 23:28 26,112 --a--c--- C:\WINDOWS\system32\dllcache\sm8aw.dll
2007-08-10 23:28 26,112 --a--c--- C:\WINDOWS\system32\dllcache\sm89w.dll
2007-08-10 23:28 26,112 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_seos.dll
2007-08-10 23:28 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll
2007-08-10 23:28 25,088 --a--c--- C:\WINDOWS\system32\dllcache\sm59w.dll
2007-08-10 23:28 24,576 --a--c--- C:\WINDOWS\system32\dllcache\rw001ext.dll
2007-08-10 23:28 236,544 --a--c--- C:\WINDOWS\system32\dllcache\smi2smir.exe
2007-08-10 23:28 23,040 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
2007-08-10 23:28 21,896 --a--c--- C:\WINDOWS\system32\dllcache\tdipx.sys
2007-08-10 23:28 20,736 --a--c--- C:\WINDOWS\system32\dllcache\ramdisk.sys
2007-08-10 23:28 19,464 --a--c--- C:\WINDOWS\system32\dllcache\tdspx.sys
2007-08-10 23:28 188,416 --a--c--- C:\WINDOWS\system32\dllcache\snmpsmir.dll
2007-08-10 23:28 185,344 --a--c--- C:\WINDOWS\system32\dllcache\thawbrkr.dll
2007-08-10 23:28 18,944 --a--c--- C:\WINDOWS\system32\dllcache\simptcp.dll
2007-08-10 23:28 175,104 --a--c--- C:\WINDOWS\system32\dllcache\pintlcsa.dll
2007-08-10 23:28 16,384 --a--c--- C:\WINDOWS\system32\dllcache\quser.exe
2007-08-10 23:28 15,872 --a--c--- C:\WINDOWS\system32\dllcache\smierrsm.dll
2007-08-10 23:28 15,872 --a--c--- C:\WINDOWS\system32\dllcache\padrs404.dll
2007-08-10 23:28 15,360 --a--c--- C:\WINDOWS\system32\dllcache\padrs804.dll
2007-08-10 23:28 143,422 --a--c--- C:\WINDOWS\system32\dllcache\softkey.dll
2007-08-10 23:28 14,848 --a--c--- C:\WINDOWS\system32\dllcache\register.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-17 22:21 5859 --a------ C:\Program Files\wipeout.zip
2007-08-11 14:03 2378 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2007-08-11 14:02 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2007-08-10 23:30 4676 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-04-26 06:37 728624 --a------ C:\Program Files\aolsetup.exe
2007-04-26 06:37 4424 --a------ C:\Program Files\aolsetup.bin
2007-04-26 06:37 1896 --a------ C:\Program Files\main.ini
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 15:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [2006-11-10 06:16]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-08-17 23:09:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-17 23:12:58
--- E O F ---
Kaspersky Log
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, August 17, 2007 10:37:48 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 18/08/2007
Kaspersky Anti-Virus database records: 384790
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 24101
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:43:40
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\SNMaster.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\SunknTresr\MyDB.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\SunknTresr\toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\CACHE\SunknTresr00 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\SunknTresr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\SunknTresr.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\SunknTresr.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\ncoc Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\server.lock Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0\IDB\Apps.Lst Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0\IDB\art.idx Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0\IDB\sap.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0\IDB\spool.lst Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0\IDB\sysnews.lst Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\fla19.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B742FF32-8D29-4D46-81D6-AFB4D49AD34C}\RP13\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{2874307C-840A-4C71-99F3-E4692F40B497}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{6E46967B-FB70-466F-BBDC-17F934B0E2DC}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_4d0.dat Object is locked skipped
C:\WINDOWS\Temp\_av_proI.tm~a03240\dld1.tmp Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
I also found this log on my desktop but I have no idea where it came from (which scan).....
VETlog.txt
---------------------------------------------------------------------------------------------------------------
OS Date: 08/17/07
OS Time: 23:02:22
Process Id: 4028
Process File: C:\Program Files\AOL 9.0\waol.exe
Command line: -Brestart
Thread Id: 3192(0xc78)
Module handle: 0x14800000
Module File: C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
Module version: MTS: 3,5,0,13; Dll: 3.5.0.13
Processor Intel Pentium Family 15 Model 1 Stepping 3 (1 Processor(s))
OS 344158752 Build 2600 Service Pack 2
Normal Boot
1 Monitor(s) Primary resolution is 1024 x 768
EXCEPTION_ACCESS_VIOLATION: The thread attempted to read from or write to a virtual address for which it does not have the appropriate access.
Stack:
AOLUserShell.dll! 0x20c00000 + 0x14ff6()
AOLUserShell.dll! 0x20c00000 + 0x487c6()
AOLUserShell.dll! 0x20c00000 + 0x392e7()
AOLUserShell.dll! 0x20c00000 + 0x378f8()
AOLUserShell.dll! 0x20c00000 + 0x12672()
AxMetaStream_0305000D.dll! 0x14800000 + 0x1278()
AxMetaStream_0305000D.dll! 0x14800000 + 0xe1b3()
AxMetaStream_0305000D.dll! 0x14800000 + 0xe065()
AxMetaStream_0305000D.dll! 0x14800000 + 0xeb4b()
AxMetaStream_0305000D.dll! 0x14800000 + 0x4aa4()
OLEAUT32.dll! 0x77120000 + 0x79e0()
AxMetaStream_0305000D.dll! 0x14800000 + 0x4fe1()
vbscript.dll! 0x73300000 + 0x13a78()
vbscript.dll! 0x73300000 + 0x139f6()
vbscript.dll! 0x73300000 + 0x4b01()
vbscript.dll! 0x73300000 + 0x4f5a()
vbscript.dll! 0x73300000 + 0x1e55()
vbscript.dll! 0x73300000 + 0x4dba()
vbscript.dll! 0x73300000 + 0x1e55()
vbscript.dll! 0x73300000 + 0x3a76()
vbscript.dll! 0x73300000 + 0xbe2a()
vbscript.dll! 0x73300000 + 0xd572()
vbscript.dll! 0x73300000 + 0xd3b8()
actvx.rct! 0x6a100000 + 0x992a()
actvx.rct! 0x6a100000 + 0x1bc1()
actvx.rct! 0x6a100000 + 0x75eb()
supersub.dll! 0x60580000 + 0x58d2()
supersub.dll! 0x60580000 + 0x5835()
supersub.dll! 0x60580000 + 0x164ad()
supersub.dll! 0x60580000 + 0x1644b()
supersub.dll! 0x60580000 + 0x16070()
supersub.dll! 0x60580000 + 0x15c0f()
supersub.dll! 0x60580000 + 0x17333()
supersub.dll! 0x60580000 + 0x58d2()
supersub.dll! 0x60580000 + 0x5835()
supersub.dll! 0x60580000 + 0x164ad()
supersub.dll! 0x60580000 + 0x1644b()
supersub.dll! 0x60580000 + 0x16070()
supersub.dll! 0x60580000 + 0x15ee8()
supersub.dll! 0x60580000 + 0x15a2a()
supersub.dll! 0x60580000 + 0x156ca()
Stop displaying stack!!
Additional parameters:
0x1
0x3d088889
Registers context:
EDI: 0x76756964
ESI: 0x3d088889
EBX: 0xc78
EDX: 0xc
ECX: 0x0
EAX: 0x0
EBP: 0x22d540
EIP: 0x20c14ff6
ESP: 0x22d3ec
AxMetaStream_0305000D.dll 3.5.0.13
ComponentMgr.dll 3.5.0.28
AOLArt.dll 3.0.7.36
AOLShell.dll 3.0.11.26
AOLUserShell.dll 3.2.2.26
Cursors.dll 3.4.0.67
DataTracking.dll 3.0.8.201
GifReader.dll 3.2.2.26
JpegReader.dll 3.2.2.26
LensFlares.dll 3.2.2.26
Mts3Reader.dll 3.2.2.26
ObjectMovie.dll 3.2.2.26
SceneComponent.dll 3.5.0.28
ServiceComponent.dll 3.2.2.26
SreeDMMX.dll 3.4.0.67
SWFView.dll 3.2.2.26
VectorView.dll 3.2.2.26
VMPAudio.dll 3.2.2.26
VMPExtras.dll 3.0.7.36
VMPSpeech.dll 3.2.2.26
VMPVideo.dll 3.2.2.26
VMPVideo2.dll 3.4.0.67
WaveletReader.dll 3.2.2.26
ZoomView.dll 3.2.2.26
Where: DoCommandInternal
---------------------------------------------------------------------------------------------------------------
OS Date: 08/17/07
OS Time: 23:06:08
Process Id: 4028
Process File: C:\Program Files\AOL 9.0\waol.exe
Command line: -Brestart
Thread Id: 3192(0xc78)
Module handle: 0x14800000
Module File: C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
Module version: MTS: 3,5,0,13; Dll: 3.5.0.13
Processor Intel Pentium Family 15 Model 1 Stepping 3 (1 Processor(s))
OS 344158752 Build 2600 Service Pack 2
Normal Boot
1 Monitor(s) Primary resolution is 1024 x 768
EXCEPTION_ACCESS_VIOLATION: The thread attempted to read from or write to a virtual address for which it does not have the appropriate access.
Stack:
AOLUserShell.dll! 0x20c00000 + 0x14ff6()
AOLUserShell.dll! 0x20c00000 + 0x487c6()
AOLUserShell.dll! 0x20c00000 + 0x392e7()
AOLUserShell.dll! 0x20c00000 + 0x378f8()
AOLUserShell.dll! 0x20c00000 + 0x12672()
AxMetaStream_0305000D.dll! 0x14800000 + 0x1278()
AxMetaStream_0305000D.dll! 0x14800000 + 0xe1b3()
AxMetaStream_0305000D.dll! 0x14800000 + 0xe065()
AxMetaStream_0305000D.dll! 0x14800000 + 0xeb4b()
AxMetaStream_0305000D.dll! 0x14800000 + 0x4aa4()
OLEAUT32.dll! 0x77120000 + 0x79e0()
AxMetaStream_0305000D.dll! 0x14800000 + 0x4fe1()
vbscript.dll! 0x73300000 + 0x13a78()
vbscript.dll! 0x73300000 + 0x139f6()
vbscript.dll! 0x73300000 + 0x4b01()
vbscript.dll! 0x73300000 + 0x4f5a()
vbscript.dll! 0x73300000 + 0x1e55()
vbscript.dll! 0x73300000 + 0x4dba()
vbscript.dll! 0x73300000 + 0x1e55()
vbscript.dll! 0x73300000 + 0x3a76()
vbscript.dll! 0x73300000 + 0xbe2a()
vbscript.dll! 0x73300000 + 0xd572()
vbscript.dll! 0x73300000 + 0xd3b8()
actvx.rct! 0x6a100000 + 0x992a()
actvx.rct! 0x6a100000 + 0x1bc1()
actvx.rct! 0x6a100000 + 0x75eb()
supersub.dll! 0x60580000 + 0x58d2()
supersub.dll! 0x60580000 + 0x5835()
supersub.dll! 0x60580000 + 0x164ad()
supersub.dll! 0x60580000 + 0x1644b()
supersub.dll! 0x60580000 + 0x16070()
supersub.dll! 0x60580000 + 0x15c0f()
supersub.dll! 0x60580000 + 0x17333()
supersub.dll! 0x60580000 + 0x58d2()
supersub.dll! 0x60580000 + 0x5835()
supersub.dll! 0x60580000 + 0x164ad()
supersub.dll! 0x60580000 + 0x1644b()
supersub.dll! 0x60580000 + 0x16070()
supersub.dll! 0x60580000 + 0x15ee8()
supersub.dll! 0x60580000 + 0x15a2a()
supersub.dll! 0x60580000 + 0x156ca()
Stop displaying stack!!
Additional parameters:
0x1
0x3d088889
Registers context:
EDI: 0x76756964
ESI: 0x3d088889
EBX: 0xc78
EDX: 0x1
ECX: 0x0
EAX: 0x0
EBP: 0x22cdc4
EIP: 0x20c14ff6
ESP: 0x22cc70
AxMetaStream_0305000D.dll 3.5.0.13
ComponentMgr.dll 3.5.0.28
AOLArt.dll 3.0.7.36
AOLShell.dll 3.0.11.26
AOLUserShell.dll 3.2.2.26
Cursors.dll 3.4.0.67
DataTracking.dll 3.0.8.201
GifReader.dll 3.2.2.26
JpegReader.dll 3.2.2.26
LensFlares.dll 3.2.2.26
Mts3Reader.dll 3.2.2.26
ObjectMovie.dll 3.2.2.26
SceneComponent.dll 3.5.0.28
ServiceComponent.dll 3.2.2.26
SreeDMMX.dll 3.4.0.67
SWFView.dll 3.2.2.26
VectorView.dll 3.2.2.26
VMPAudio.dll 3.2.2.26
VMPExtras.dll 3.0.7.36
VMPSpeech.dll 3.2.2.26
VMPVideo.dll 3.2.2.26
VMPVideo2.dll 3.4.0.67
WaveletReader.dll 3.2.2.26
ZoomView.dll 3.2.2.26
Where: DoCommandInternal
---------------------------------------------------------------------------------------------------------------
OS Date: 08/17/07
OS Time: 23:13:43
Process Id: 2616
Process File: C:\Program Files\AOL 9.0\waol.exe
Command line: -Brestart
Thread Id: 2128(0x850)
Module handle: 0x14800000
Module File: C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
Module version: MTS: 3,5,0,13; Dll: 3.5.0.13
Processor Intel Pentium Family 15 Model 1 Stepping 3 (1 Processor(s))
OS 344158752 Build 2600 Service Pack 2
Normal Boot
1 Monitor(s) Primary resolution is 1024 x 768
EXCEPTION_ACCESS_VIOLATION: The thread attempted to read from or write to a virtual address for which it does not have the appropriate access.
Stack:
AOLUserShell.dll! 0x20c00000 + 0x14ff6()
AOLUserShell.dll! 0x20c00000 + 0x487c6()
AOLUserShell.dll! 0x20c00000 + 0x392e7()
AOLUserShell.dll! 0x20c00000 + 0x378f8()
AOLUserShell.dll! 0x20c00000 + 0x12672()
AxMetaStream_0305000D.dll! 0x14800000 + 0x1278()
AxMetaStream_0305000D.dll! 0x14800000 + 0xe1b3()
AxMetaStream_0305000D.dll! 0x14800000 + 0xe065()
AxMetaStream_0305000D.dll! 0x14800000 + 0xeb4b()
AxMetaStream_0305000D.dll! 0x14800000 + 0x4aa4()
OLEAUT32.dll! 0x77120000 + 0x79e0()
AxMetaStream_0305000D.dll! 0x14800000 + 0x4fe1()
vbscript.dll! 0x73300000 + 0x13a78()
vbscript.dll! 0x73300000 + 0x139f6()
vbscript.dll! 0x73300000 + 0x4b01()
vbscript.dll! 0x73300000 + 0x4f5a()
vbscript.dll! 0x73300000 + 0x1e55()
vbscript.dll! 0x73300000 + 0x4dba()
vbscript.dll! 0x73300000 + 0x1e55()
vbscript.dll! 0x73300000 + 0x3a76()
vbscript.dll! 0x73300000 + 0xbe2a()
vbscript.dll! 0x73300000 + 0xd572()
vbscript.dll! 0x73300000 + 0xd3b8()
actvx.rct! 0x6a100000 + 0x992a()
actvx.rct! 0x6a100000 + 0x1bc1()
actvx.rct! 0x6a100000 + 0x75eb()
supersub.dll! 0x60580000 + 0x58d2()
supersub.dll! 0x60580000 + 0x5835()
supersub.dll! 0x60580000 + 0x164ad()
supersub.dll! 0x60580000 + 0x1644b()
supersub.dll! 0x60580000 + 0x16070()
supersub.dll! 0x60580000 + 0x15c0f()
supersub.dll! 0x60580000 + 0x17333()
supersub.dll! 0x60580000 + 0x58d2()
supersub.dll! 0x60580000 + 0x5835()
supersub.dll! 0x60580000 + 0x164ad()
supersub.dll! 0x60580000 + 0x1644b()
supersub.dll! 0x60580000 + 0x16070()
supersub.dll! 0x60580000 + 0x15ee8()
supersub.dll! 0x60580000 + 0x15a2a()
supersub.dll! 0x60580000 + 0x156ca()
Stop displaying stack!!
Additional parameters:
0x1
0x3d088889
Registers context:
EDI: 0x76756964
ESI: 0x3d088889
EBX: 0x850
EDX: 0xa
ECX: 0x0
EAX: 0x0
EBP: 0x22d540
EIP: 0x20c14ff6
ESP: 0x22d3ec
AxMetaStream_0305000D.dll 3.5.0.13
ComponentMgr.dll 3.5.0.28
ZoomView.dll 3.2.2.26
WaveletReader.dll 3.2.2.26
VMPVideo2.dll 3.4.0.67
VMPVideo.dll 3.2.2.26
VMPSpeech.dll 3.2.2.26
VMPExtras.dll 3.0.7.36
VMPAudio.dll 3.2.2.26
VectorView.dll 3.2.2.26
SWFView.dll 3.2.2.26
SreeDMMX.dll 3.4.0.67
ServiceComponent.dll 3.2.2.26
SceneComponent.dll 3.5.0.28
ObjectMovie.dll 3.2.2.26
Mts3Reader.dll 3.2.2.26
LensFlares.dll 3.2.2.26
JpegReader.dll 3.2.2.26
GifReader.dll 3.2.2.26
DataTracking.dll 3.0.8.201
Cursors.dll 3.4.0.67
AOLUserShell.dll 3.2.2.26
AOLShell.dll 3.0.11.26
AOLArt.dll 3.0.7.36
Where: DoCommandInternal
---------------------------------------------------------------------------------------------------------------
OS Date: 08/18/07
OS Time: 09:56:09
Process Id: 464
Process File: C:\PROGRA~1\AOL9~1.0\waol.exe
Command line:
Thread Id: 2864(0xb30)
Module handle: 0x14800000
Module File: C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
Module version: MTS: 3,5,0,13; Dll: 3.5.0.13
Processor Intel Pentium Family 15 Model 1 Stepping 3 (1 Processor(s))
OS 344158752 Build 2600 Service Pack 2
Normal Boot
1 Monitor(s) Primary resolution is 1024 x 768
EXCEPTION_ACCESS_VIOLATION: The thread attempted to read from or write to a virtual address for which it does not have the appropriate access.
Stack:
AOLUserShell.dll! 0x20c00000 + 0x14ff6()
AOLUserShell.dll! 0x20c00000 + 0x487c6()
AOLUserShell.dll! 0x20c00000 + 0x392e7()
AOLUserShell.dll! 0x20c00000 + 0x378f8()
AOLUserShell.dll! 0x20c00000 + 0x12672()
AxMetaStream_0305000D.dll! 0x14800000 + 0x1278()
AxMetaStream_0305000D.dll! 0x14800000 + 0xe1b3()
AxMetaStream_0305000D.dll! 0x14800000 + 0xe065()
AxMetaStream_0305000D.dll! 0x14800000 + 0xeb4b()
AxMetaStream_0305000D.dll! 0x14800000 + 0x4aa4()
OLEAUT32.dll! 0x77120000 + 0x79e0()
AxMetaStream_0305000D.dll! 0x14800000 + 0x4fe1()
vbscript.dll! 0x73300000 + 0x13a78()
vbscript.dll! 0x73300000 + 0x139f6()
vbscript.dll! 0x73300000 + 0x4b01()
vbscript.dll! 0x73300000 + 0x4f5a()
vbscript.dll! 0x73300000 + 0x1e55()
vbscript.dll! 0x73300000 + 0x4dba()
vbscript.dll! 0x73300000 + 0x1e55()
vbscript.dll! 0x73300000 + 0x3a76()
vbscript.dll! 0x73300000 + 0xbe2a()
vbscript.dll! 0x73300000 + 0xd572()
vbscript.dll! 0x73300000 + 0xd3b8()
actvx.rct! 0x6a100000 + 0x992a()
actvx.rct! 0x6a100000 + 0x1bc1()
actvx.rct! 0x6a100000 + 0x75eb()
supersub.dll! 0x60580000 + 0x58d2()
supersub.dll! 0x60580000 + 0x5835()
supersub.dll! 0x60580000 + 0x164ad()
supersub.dll! 0x60580000 + 0x1644b()
supersub.dll! 0x60580000 + 0x16070()
supersub.dll! 0x60580000 + 0x15c0f()
supersub.dll! 0x60580000 + 0x17333()
supersub.dll! 0x60580000 + 0x58d2()
supersub.dll! 0x60580000 + 0x5835()
supersub.dll! 0x60580000 + 0x164ad()
supersub.dll! 0x60580000 + 0x1644b()
supersub.dll! 0x60580000 + 0x16070()
supersub.dll! 0x60580000 + 0x15ee8()
supersub.dll! 0x60580000 + 0x15a2a()
supersub.dll! 0x60580000 + 0x156ca()
Stop displaying stack!!
Additional parameters:
0x1
0x3d088889
Registers context:
EDI: 0x76756964
ESI: 0x3d088889
EBX: 0xb30
EDX: 0x6
ECX: 0x0
EAX: 0x0
EBP: 0x22d540
EIP: 0x20c14ff6
ESP: 0x22d3ec
AxMetaStream_0305000D.dll 3.5.0.13
ComponentMgr.dll 3.5.0.28
ZoomView.dll 3.2.2.26
WaveletReader.dll 3.2.2.26
VMPVideo2.dll 3.4.0.67
VMPVideo.dll 3.2.2.26
VMPSpeech.dll 3.2.2.26
VMPExtras.dll 3.0.7.36
VMPAudio.dll 3.2.2.26
VectorView.dll 3.2.2.26
SWFView.dll 3.2.2.26
SreeDMMX.dll 3.4.0.67
ServiceComponent.dll 3.2.2.26
SceneComponent.dll 3.5.0.28
ObjectMovie.dll 3.2.2.26
Mts3Reader.dll 3.2.2.26
LensFlares.dll 3.2.2.26
JpegReader.dll 3.2.2.26
GifReader.dll 3.2.2.26
DataTracking.dll 3.0.8.201
Cursors.dll 3.4.0.67
AOLUserShell.dll 3.2.2.26
AOLShell.dll 3.0.11.26
AOLArt.dll 3.0.7.36
Where: DoCommandInternal
Anything else you need from me???