Hi, thanks again!
C:\WINDOWS\system32\winlogon.exe
Scan taken on 19 Apr 2007 15:15:16 (GMT) AntiVir
Found nothing ArcaVir
Found nothing Avast
Found nothing AVG Antivirus
Found nothing BitDefender
Found nothing ClamAV
Found nothing Dr.Web
Found nothing F-Prot Antivirus
Found nothing F-Secure Anti-Virus
Found Trojan.Win32.Patched.m Fortinet
Found WLHack.A!tr Kaspersky Anti-Virus
Found Trojan.Win32.Patched.m NOD32
Found nothing Norman Virus Control
Found nothing Panda Antivirus
Found nothing Rising Antivirus
Found nothing VirusBuster
Found nothing VBA32
Found nothing
C:\WINDOWS\system32\ws2_32(2).dll
Scan taken on 19 Apr 2007 15:25:06 (GMT) AntiVir
Found nothing ArcaVir
Found nothing Avast
Found nothing AVG Antivirus
Found nothing BitDefender
Found nothing ClamAV
Found nothing Dr.Web
Found nothing F-Prot Antivirus
Found nothing F-Secure Anti-Virus
Found nothing Fortinet
Found nothing Kaspersky Anti-Virus
Found nothing NOD32
Found nothing Norman Virus Control
Found nothing Panda Antivirus
Found nothing Rising Antivirus
Found nothing VirusBuster
Found nothing VBA32
Found nothing
C:\WINDOWS\system32\__c0016665.dat
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
C:\WINDOWS\system32\__c004F348.dat
Scan taken on 19 Apr 2007 15:30:47 (GMT) AntiVir
Found TR/Crypt.XPACK.Gen ArcaVir
Found nothing Avast
Found nothing AVG Antivirus
Found nothing BitDefender
Found nothing ClamAV
Found nothing Dr.Web
Found BACKDOOR.Trojan (probable variant) F-Prot Antivirus
Found nothing F-Secure Anti-Virus
Found nothing Fortinet
Found nothing Kaspersky Anti-Virus
Found nothing NOD32
Found nothing Norman Virus Control
Found nothing Panda Antivirus
Found nothing Rising Antivirus
Found nothing VirusBuster
Found nothing VBA32
Found nothing
C:\Documents and Settings\suzanne johnson\install.xat
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
C:\Documents and Settings\suzanne johnson\Application Data\0fdc4289-1671-4622-8195-0e4be519d163
Scan taken on 19 Apr 2007 15:36:36 (GMT) AntiVir
Found nothing ArcaVir
Found nothing Avast
Found nothing AVG Antivirus
Found nothing BitDefender
Found nothing ClamAV
Found nothing Dr.Web
Found nothing F-Prot Antivirus
Found nothing F-Secure Anti-Virus
Found nothing Fortinet
Found nothing Kaspersky Anti-Virus
Found nothing NOD32
Found nothing Norman Virus Control
Found nothing Panda Antivirus
Found nothing Rising Antivirus
Found nothing VirusBuster
Found nothing VBA32
Found nothing
OTMOVEIT RESULTS
File/Folder C:\WINDOWS\system32\__c0016665.dat not found.
File/Folder C:\WINDOWS\system32\__c0016665.dat not found.
C:\WINDOWS\system32\__c0055ea0.dat moved successfully.
C:\WINDOWS\system32\__c009151c.dat moved successfully.
File/Folder C:\Documents and Settings\Local Settings\Application Data\Install.dat not found.
C:\WINDOWS\system32\clcl3.exe moved successfully.
File/Folder C:\WINDOWS\system32\svehost.exe not found.
File/Folder c:\windows\system32\drivers\uzcx.exe not found.
File/Folder C:\WINDOWS\runtfs32.exe not found.
File/Folder C:\WINDOWS\System.exe not found.
Created on 04/19/2007 10:46:30
AGV
"General properties",""
"Report name","Complete Test"
"Start time","4/19/2007 11:39:03 AM"
"End time","4/19/2007 12:47:51 PM (total: 1:08:47.2 hrs)"
"Launch method","Scanning launched manually"
"Scanning result","No threats found"
"Report status","Scanning completed successfully"
" ",""
"Object summary",""
"Scanned","91910"
"Threats Found","0"
"Cleaned","0"
"Moved to vault","0"
"Deleted","0"
"Errors","0"
"C:\WINDOWS\system32\drivers\etc\hosts","Change","Changed"
Deckard's System Scanner v20070411.38
Run by suzanne johnson on 2007-04-19 at 13:06:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 4 Restore Point(s) --
4: 2007-04-19 18:06:11 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2007-04-19 03:23:19 UTC - RP3 - Installed Java SE Runtime Environment 6 Update 1
2: 2007-04-18 18:47:34 UTC - RP2 - Software Distribution Service 2.0
1: 2007-04-18 12:35:44 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as suzanne johnson.exe) -------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 1:07:05 PM, on 4/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\suzanne johnson\Desktop\dss.exe
C:\hjt\suzanne johnson.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: __c004F348 - C:\WINDOWS\system32\__c004F348.dat
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
-- HijackThis Fixed Entries (C:\hjt\backups\) ----------------------------------
backup-20070418-133121-128 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
backup-20070418-133121-478 O20 - Winlogon Notify: __c004F348 - C:\WINDOWS\system32\__c004F348.dat
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 OMCI - c:\windows\system32\drivers\omci.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 ac97intc (Intel® 82801 Audio Driver Install Service (WDM)) - c:\windows\system32\drivers\ac97intc.sys
R3 AN983 (ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter) - c:\windows\system32\drivers\an983.sys
R3 HCF_MSFT - c:\windows\system32\drivers\hcf_msft.sys
R3 StillCam (Still Serial Digital Camera Driver) - c:\windows\system32\drivers\serscan.sys
S2 Ca533av (Icatch(IV) Video Camera Device) - c:\windows\system32\drivers\ca533av.sys
S3 ati2mpaa - c:\windows\system32\drivers\ati2mpaa.sys
S3 ati2mtaa - c:\windows\system32\drivers\ati2mtaa.sys
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 dot4 (MS IEEE-1284.4 Driver) - c:\windows\system32\drivers\dot4.sys
S3 Dot4 HPH09 - c:\windows\system32\drivers\hphid409.sys
S3 Dot4Print (Print Class Driver for IEEE-1284.4) - c:\windows\system32\drivers\dot4prt.sys
S3 Dot4Print HPH09 (Print Class Driver for IEEE-1284.4 HPH09) - c:\windows\system32\drivers\hphipr09.sys
S3 Dot4Storage HPH09 (Storage Class Driver for IEEE-1284.4 (HPH09)) - c:\windows\system32\drivers\hphs2k09.sys
S3 dot4usb (Dot4USB Filter Dot4USB Filter) - c:\windows\system32\drivers\dot4usb.sys
S3 Dot4Usb HPH09 - c:\windows\system32\drivers\hphius09.sys
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys
S3 USBCamera (Icatch(IV) Still Camera Device) - c:\windows\system32\drivers\bulk533.sys
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S4 AOLService (AOL Spyware Protection Service) - c:\progra~1\common~1\aol\aolspy~1\\aolserv.exe (file missing)
S4 Pml Driver - c:\windows\system32\hphipm09.exe
-- Scheduled Tasks -------------------------------------------------------------
2007-04-13 18:08:06 402 --ah----- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job<MPSCHE~2.JOB>
-- Files created between 2007-03-19 and 2007-04-19 -----------------------------
2007-04-18 22:23:31 0 d-------- C:\Program Files\Common Files\Java
2007-04-18 16:59:55 266766 --a------ C:\WINDOWS\system32\__c002B0C5.dat<__C002~1.DAT>
2007-04-18 12:42:25 0 d-------- C:\Documents and Settings\suzanne johnson\Report.txt
2007-04-18 12:10:14 0 d-------- C:\Documents and Settings\suzanne johnson\RunThis.bat
2007-04-18 08:15:38 0 d-------- C:\hjt
2007-04-17 21:43:01 0 d-------- C:\a5fa56e9cdaee2c83c98981b27aa<A5FA56~1>
2007-04-17 20:10:03 0 d--h----- C:\WINDOWS\PIF
2007-04-15 16:17:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-04-15 14:51:25 0 d-------- C:\WINDOWS\system32\runtime
2007-04-14 21:21:35 0 d-------- C:\Program Files\InterMute<INTERM~1>
2007-04-14 16:51:01 176128 --a------ C:\WINDOWS\system32\RcdScan.dll
2007-04-14 16:51:01 446464 -ra------ C:\WINDOWS\system32\hhactivex.dll<HHACTI~1.DLL>
2007-04-14 16:50:59 89360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-04-14 16:50:56 13632 -----n--- C:\WINDOWS\system32\drivers\omci.sys
2007-04-14 13:08:56 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-04-13 22:16:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab<KASPER~1>
2007-04-13 22:16:20 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-04-13 20:41:23 0 d-------- C:\Program Files\Lavasoft
2007-04-13 20:20:38 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-04-13 20:09:03 0 d-------- C:\Program Files\Google
2007-04-13 20:09:02 0 d-------- C:\Program Files\Microsoft Windows OneCare Live<MICROS~2>
2007-04-13 19:14:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2007-04-13 19:01:47 1185922 --a------ C:\Documents and Settings\LocalService\Application Data\Install.dat
2007-04-13 15:19:11 778 --a------ C:\Documents and Settings\suzanne johnson\Application Data\f697e00c-dca7-4539-a466-eb405ebd7eb8<F697E0~1>
2007-04-13 15:19:07 1042 --a------ C:\Documents and Settings\suzanne johnson\Application Data\35975506-ebdd-46b1-9e27-cb71cfa686f6<359755~1>
2007-04-13 15:19:06 778 --a------ C:\Documents and Settings\suzanne johnson\Application Data\ba7e5a6c-f825-480b-8304-43b9a5418df1<BA7E5A~1>
2007-04-13 15:19:06 955 --a------ C:\Documents and Settings\suzanne johnson\Application Data\0fdc4289-1671-4622-8195-0e4be519d163<0FDC42~1>
2007-04-11 17:10:34 11264 --a------ C:\WINDOWS\abc1006def.exe<ABC100~1.EXE>
2007-04-10 21:26:39 0 d-------- C:\Program Files\SilverCreekCommonFiles<SILVER~2>
2007-04-07 18:40:23 0 d-------- C:\Program Files\MySpace
2007-04-06 21:19:38 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-04-06 21:18:46 0 d-------- C:\Program Files\SUPERAntiSpyware<SUPERA~1>
2007-04-06 21:18:46 0 d-------- C:\Documents and Settings\suzanne johnson\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-04-06 16:39:50 0 d-------- C:\Documents and Settings\suzanne johnson\Application Data\Error Safe Free<ERRORS~1>
2007-04-05 17:36:26 0 d-------- C:\WINDOWS\system32\dlha
2007-04-05 17:36:21 7168 --a------ C:\WINDOWS\clntfs32.exe
2007-04-04 19:31:01 0 d-------- C:\WINDOWS\system32\bak
2007-04-03 20:05:21 31274 --a------ C:\xcrashdump.dat<XCRASH~1.DAT>
2007-03-30 09:25:51 30222 --a------ C:\WINDOWS\system32\__c004F348.dat<__C004~1.DAT>
2007-03-26 15:17:55 0 --a------ C:\WINDOWS\checkip.dat
2007-03-23 14:03:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-03-23 13:59:03 0 d-------- C:\WINDOWS\Cache
2007-03-23 13:56:47 159744 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-03-23 13:56:46 552960 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-03-23 13:56:46 8704 --a------ C:\WINDOWS\system32\vidccleaner.exe<VIDCCL~1.EXE>
2007-03-23 13:55:56 217088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2007-03-23 13:55:55 83968 --a------ C:\WINDOWS\system32\Skbase40.dll
2007-03-23 13:55:53 0 d-------- C:\Program Files\Samsung
-- Find3M Report ---------------------------------------------------------------
2007-04-19 11:39:03 0 d-------- C:\Documents and Settings\suzanne johnson\Application Data\AVG7
2007-04-18 22:25:06 0 d-------- C:\Program Files\Java
2007-04-18 17:04:58 0 d-------- C:\Program Files\Common Files\AOL
2007-04-18 12:20:14 0 d---s---- C:\Documents and Settings\suzanne johnson\Application Data\Microsoft<MICROS~1>
2007-04-18 07:21:10 0 d-------- C:\Documents and Settings\suzanne johnson\Application Data\Yahoo!
2007-04-17 20:52:16 0 d-------- C:\Program Files\Yahoo!
2007-04-17 16:32:44 0 d-------- C:\Program Files\Common Files\Scanner
2007-04-17 16:29:43 0 d-------- C:\Program Files\Real
2007-04-16 21:21:16 82944 --a------ C:\WINDOWS\system32\ws2_32.dll
2007-04-14 16:50:57 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-14 16:46:34 502272 --a------ C:\WINDOWS\system32\winlogon.exe
2007-04-13 13:26:45 0 d-------- C:\Program Files\MyEmoticons<MYEMOT~1>
2007-04-12 06:39:03 82944 --a------ C:\WINDOWS\system32\ws2_32(2).dll<WS2_32~1.DLL>
2007-04-11 17:10:54 1213164 --a------ C:\Documents and Settings\suzanne johnson\Application Data\Install.xat
2007-04-10 21:26:39 0 d-------- C:\Program Files\Hardwood Spades<HARDWO~2>
2007-04-06 19:35:26 0 d-------- C:\Program Files\LimeWire
2007-04-06 19:35:21 0 d-------- C:\Program Files\Hardwood Hearts<HA7AC8~1>
2007-04-06 19:35:21 0 d-------- C:\Program Files\Hardwood Euchre<HARDWO~1>
2007-04-06 19:26:54 0 d-------- C:\Program Files\Atari
2007-04-06 19:09:50 0 d-------- C:\Documents and Settings\suzanne johnson\Application Data\Atari
2007-04-06 19:05:46 0 d--h----- C:\Documents and Settings\suzanne johnson\Application Data\Move Networks<MOVENE~1>
2007-04-06 09:36:47 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-03-27 00:25:33 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-18 17:10:16 0 d-------- C:\Program Files\Silver Creek Installer<SILVER~1>
2007-03-18 17:10:15 0 d-------- C:\Program Files\Hardwood Backgammon<HARDWO~4>
2007-03-18 17:10:02 0 d-------- C:\Program Files\Hardwood Solitaire III<HARDWO~3>
2007-03-17 08:43:01 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 10:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 10:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 10:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 08:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-01 00:12:18 0 d-------- C:\Documents and Settings\suzanne johnson\Application Data\Viewpoint<VIEWPO~1>
2007-02-28 00:13:37 0 d-------- C:\Documents and Settings\suzanne johnson\Application Data\MySpace
2007-02-25 14:01:55 0 d-------- C:\Program Files\USB Disk Win98 Driver<USBDIS~1>
2007-02-17 13:46:32 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll<CMDLIN~2.DLL>
2007-02-05 15:17:02 185344 --a----c- C:\WINDOWS\system32\upnphost.dll
2007-01-27 01:32:57 2472 --a------ C:\clean.bat
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"location"="Common Startup"
"item"="America Online 9.0 Tray Icon"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Google Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOOGLE~1.EXE -systray -startup"
"item"="Google Updater"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\SpySubtract.lnk"
"backup"="C:\\WINDOWS\\pss\\SpySubtract.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERM~1\\SPYSUB~1\\SpySub.exe -autostart"
"item"="SpySubtract"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Hpi_Monitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_Monitor.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb04"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphmon03"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hphmon03.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPHSend"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mimboot"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimboot.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mm_tray.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MySpaceIM"
"hkey"="HKCU"
"command"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PortAOL"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegScanKing.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegScanKing"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\HP Share-to-Web\\hpgs2wnd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SUPERAntiSpyware"
"hkey"="HKCU"
"command"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Res"
"hkey"="HKLM"
"command"="C:\\Program Files\\USB Disk Win98 Driver\\Res.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YAHOOM~1"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOLService"=dword:00000002
"CryptSvc"=dword:00000003
"gusvc"=dword:00000002
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001
"NoCDBurning"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c004F348
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
-- End of Deckard's System Scanner: finished at 2007-04-19 at 13:07:42 ---------
Deckard's System Scanner v20070411.38
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 1.60GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 511.01 MiB / 297.71 MiB
Pagefile Memory (total/avail): 673.85 MiB / 494.99 MiB
Virtual Memory (total/avail): 2047.88 MiB / 2004.84 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 18.61 GiB total, 5.39 GiB free.
D: is CDROM (CDFS)
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AV: AVG 7.5.446 v7.5.446 (GRISOFT)
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\suzanne johnson\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SUZANNE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\suzanne johnson
LOGONSERVER=\\SUZANNE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\\system32;C:\WINDOWS;C:\WINDOWS\\system32\\wbem;C:\WINDOWS\\system32;C:\WINDOWS;C:\WINDOWS\\system32\\wbem;C:\Program Files\ATI Technologies\ATI.ACE
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SUZANN~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SUZANN~1\LOCALS~1\Temp
USERDOMAIN=SUZANNE
USERNAME=suzanne johnson
USERPROFILE=C:\Documents and Settings\suzanne johnson
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
suzanne johnson
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\USBToolbox\setup.exe
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35B8CC58-F128-4169-82EB-0E6CB0C3AFE6}\setup.exe" -l0x9 -uninst
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Charter Pipeline® Self-Installation --> "C:\Program Files\Support.com\unins000.exe"
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Digimax Master --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly
Digital Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1205500-2179-11D7-B0B9-0000E24D4B29}\setup.exe"
Digital Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D00353E1-9A80-11D8-A6E6-0000E24CCC1B}\setup.exe"
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
Hardwood Euchre --> C:\Program Files\Hardwood Euchre\Euchre.exe -Uninstall
Hardwood Hearts --> C:\Program Files\Hardwood Hearts\Hearts.exe -Uninstall
Hardwood Spades --> C:\Program Files\Hardwood Spades\Spades.exe -Uninstall
HijackThis 1.99.1 --> C:\DOCUME~1\SUZANN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe /uninstall
HP Photo Imaging Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll
HP Photo Printing Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
hp photosmart printer series (Remove only) --> C:\Program Files\hp photosmart\printer\hphuni03.exe
HP Share-to-Web --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\Setup.exe" --MAIN -l9
Icatch(IV) Camera Driver --> Rundll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\CA533A.ini, Ca533AUnInstall
Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.12.4 --> "C:\Program Files\LimeWire\uninstall.exe"
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Ruckus Buck's Dangerous Mines --> C:\Program Files\Ruckus Buck's Dangerous Mines\DangerousMines.exe -Uninstall
S500/S600 USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{514DF7BB-D192-417C-BB60-58BF1FD34253}\Setup.exe" anything
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Third Grade Adventures --> C:\WINDOWS\uninst.exe -fC:\TLCWIN\3RDADV\uninstal\DeIsL1.isu
Ultimate Family Tree 3.0 --> C:\WINDOWS\IsUninst.exe -fC:\UFT\Uninst.isu
USB Disk Win98 Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}\Setup.exe"
USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8F7C1E5-0150-11D6-A96C-00D05908F85D}\Setup.exe" -l0x9
USB Mass Storage Toolbox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62B002C5-1AB3-11D8-8092-00E018B21FC0}\Setup.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Win-Family 6.0 --> C:\WINDOWS\wf6remov.exe
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Safety Scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Mail --> C:\WINDOWS\system32\regsvr32.exe /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-- End of Deckard's System Scanner: finished at 2007-04-19 at 13:07:42 ---------