thanks for the reply. thanks for helping
Deckard's System Scanner v20071014.68
Run by Harry on 2008-04-01 15:19:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
23: 2008-04-01 19:20:14 UTC - RP67 - Deckard's System Scanner Restore Point
22: 2008-03-30 23:14:11 UTC - RP66 - Installed Java 6 Update 5
21: 2008-03-30 22:17:44 UTC - RP65 - System Checkpoint
20: 2008-03-29 21:47:15 UTC - RP64 - System Checkpoint
19: 2008-03-28 21:13:42 UTC - RP63 - System Checkpoint
-- First Restore Point --
1: 2008-03-02 00:01:14 UTC - RP45 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Harry.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:46 PM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\COMODO\Firewall\cfp.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\AIM6\aim6.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\COMODO\Firewall\cmdagent.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Symantec AntiVirus\SavRoam.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\AIM6\aolsoftware.exe
D:\Documents and Settings\Harry\Desktop\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\Harry.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://sdlc-esd.sun....ows-i586-jc.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 7428 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - d:\windows\system32\drivers\adihdaud.sys (file missing)
S3 AEAudioService (AEAudio Service) - d:\windows\system32\drivers\aeaudio.sys (file missing)
S3 SenFiltService (SenFilt Service) - d:\windows\system32\drivers\senfilt.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "d:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "d:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Viewpoint Manager Service - "d:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&CF81C54&0&08F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&CF81C54&0&08F0
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-02-16 22:12:06 284 --a------ D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-03-01 and 2008-04-01 -----------------------------
2008-03-31 22:59:40 0 dr-h----- D:\Documents and Settings\Harry\Recent
2008-03-30 19:56:18 0 d-------- D:\Program Files\LimeWire
2008-03-30 19:16:24 0 d-------- D:\WINDOWS\Sun
2008-03-30 19:16:24 0 d-------- D:\Documents and Settings\Harry\Application Data\Sun
2008-03-27 17:59:07 0 d-------- D:\Program Files\World of Warcraft <WORLDO~1>
2008-03-26 22:45:12 0 d-------- D:\Documents and Settings\Harry\Application Data\LimeWire
2008-03-26 22:43:35 0 d-------- D:\Program Files\Java
2008-03-26 22:42:19 0 d-------- D:\Program Files\Common Files\Java
2008-03-24 03:45:17 2621440 --a------ D:\Documents and Settings\Harry\ntuser.dat
2008-03-20 22:45:51 0 d-------- D:\Documents and Settings\Harry\Application Data\Megaupload
2008-03-20 22:40:30 0 d-------- D:\Program Files\Megaupload
2008-03-20 22:31:51 0 d-------- D:\Program Files\MegauploadToolbar
2008-03-20 22:31:42 0 d-------- D:\Documents and Settings\Harry\Application Data\MegauploadToolbar
2008-03-16 18:28:35 0 d-------- D:\Documents and Settings\Harry\Application Data\ImgBurn
2008-03-16 18:27:41 0 d-------- D:\Program Files\ImgBurn
2008-03-02 01:42:44 0 d-------- D:\Documents and Settings\Harry\Application Data\Comodo
2008-03-02 01:42:42 0 d-------- D:\Documents and Settings\All Users\Application Data\comodo
2008-03-02 01:42:40 0 d-------- D:\Program Files\COMODO
-- Find3M Report ---------------------------------------------------------------
2008-04-01 15:10:32 0 d-------- D:\Program Files\Symantec AntiVirus
2008-03-28 15:09:25 0 d-------- D:\Program Files\Common Files\Blizzard Entertainment
2008-03-26 22:42:19 0 d-------- D:\Program Files\Common Files
2008-03-20 22:40:03 0 d--h----- D:\Program Files\InstallShield Installation Information
2008-02-28 23:20:39 0 d-------- D:\Documents and Settings\Harry\Application Data\SmartFTP
2008-02-28 23:20:13 0 d-------- D:\Program Files\SmartFTP Client
2008-02-28 23:19:33 0 d-------- D:\Program Files\SmartFTP Client 2.5 Setup Files
2008-02-28 16:38:27 4212 ---h----- D:\WINDOWS\system32\zllictbl.dat
2008-02-23 02:12:02 0 d-------- D:\Program Files\Trend Micro
2008-02-19 22:20:12 0 d-------- D:\Documents and Settings\Harry\Application Data\WinRAR
2008-02-18 23:49:38 0 d-------- D:\Documents and Settings\Harry\Application Data\QQ Games
2008-02-18 23:49:02 0 d-------- D:\Documents and Settings\Harry\Application Data\QQ Games Plugin
2008-02-18 23:48:57 0 d-------- D:\Documents and Settings\Harry\Application Data\acccore
2008-02-18 23:48:30 0 d-------- D:\Program Files\AIM6
2008-02-18 23:47:21 0 d-------- D:\Program Files\Tencent
2008-02-18 23:45:20 0 d-------- D:\Program Files\Viewpoint
2008-02-18 23:41:43 0 d-------- D:\Program Files\Common Files\AOL
2008-02-18 03:09:26 0 d-------- D:\Program Files\Common Files\ATI Technologies
2008-02-18 03:09:24 0 d-------- D:\Program Files\ATI Technologies
2008-02-17 00:41:15 0 d-------- D:\Documents and Settings\Harry\Application Data\Macromedia
2008-02-17 00:41:15 0 d-------- D:\Documents and Settings\Harry\Application Data\Adobe
2008-02-17 00:20:55 0 d-------- D:\Program Files\Common Files\Adobe
2008-02-16 22:14:11 0 d-------- D:\Documents and Settings\Harry\Application Data\Apple Computer
2008-02-16 22:13:46 0 d-------- D:\Program Files\iTunes
2008-02-16 22:13:37 0 d-------- D:\Program Files\iPod
2008-02-16 22:13:04 0 d-------- D:\Program Files\Bonjour
2008-02-16 22:12:52 0 d-------- D:\Program Files\QuickTime
2008-02-16 22:11:29 0 d-------- D:\Program Files\Apple Software Update
2008-02-16 22:10:28 0 d-------- D:\Program Files\Common Files\Apple
2008-02-16 21:53:22 0 d-------- D:\Documents and Settings\Harry\Application Data\Aim
2008-02-16 21:53:18 0 d-------- D:\Program Files\AIM
2008-02-16 21:49:48 0 d-------- D:\Program Files\AOD
2008-02-16 18:40:47 0 d-------- D:\Program Files\SpywareBlaster
2008-02-16 18:37:55 0 d-------- D:\Program Files\CCleaner
2008-02-16 18:24:03 0 d-------- D:\Program Files\Messenger
2008-02-16 18:11:07 0 d-------- D:\Documents and Settings\Harry\Application Data\Avant Profiles
2008-02-16 18:11:04 0 d-------- D:\Program Files\Avant Browser
2008-02-16 18:06:47 0 d-------- D:\Program Files\Combined Community Codec Pack
2008-02-16 17:56:13 0 d-------- D:\Documents and Settings\Harry\Application Data\ATI
2008-02-16 17:48:07 0 d-------- D:\Program Files\Common Files\InstallShield
2008-02-16 17:37:55 0 d-------- D:\Program Files\Common Files\Symantec Shared
2008-02-16 17:37:30 0 d-------- D:\Program Files\Symantec
2008-02-16 17:36:56 0 d-------- D:\Documents and Settings\Harry\Application Data\InstallShield
2008-02-16 17:34:05 0 d-------- D:\Program Files\Attansic
2008-02-16 17:32:18 0 d-------- D:\Program Files\Intel
2008-02-16 17:25:12 0 d-------- D:\Documents and Settings\Harry\Application Data\Identities
2008-02-16 17:21:27 0 d-------- D:\Program Files\microsoft frontpage
2008-02-16 17:20:12 0 d--h----- D:\Program Files\WindowsUpdate
2008-02-16 17:19:23 0 d-------- D:\Program Files\Common Files\MSSoap
2008-02-16 17:19:15 0 d-------- D:\Program Files\Movie Maker
2008-02-16 17:18:50 21640 --a------ D:\WINDOWS\system32\emptyregdb.dat
2008-02-16 17:18:11 0 d-------- D:\Program Files\Online Services
2008-02-16 17:18:03 0 d-------- D:\Program Files\MSN Gaming Zone
2008-02-16 17:17:55 0 d-------- D:\Program Files\Windows NT
2008-02-16 12:10:56 0 d-------- D:\Program Files\Common Files\ODBC
2008-02-16 12:10:54 0 d-------- D:\Program Files\Common Files\SpeechEngines
2008-02-16 12:10:28 62 --ahs---- D:\Documents and Settings\Harry\Application Data\desktop.ini
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [10/27/2004 04:21 PM D:\WINDOWS\system32\HdAShCut.exe]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 06:38 PM]
"vptray"="D:\PROGRA~1\SYMANT~1\VPTray.exe" [03/14/2007 08:49 PM]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [02/04/2008 03:18 PM]
"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [02/28/2006 08:00 AM]
"MSPY2002"="D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [02/28/2006 08:00 AM]
"PHIME2002ASync"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [02/28/2006 08:00 AM]
"PHIME2002A"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [02/28/2006 08:00 AM]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"COMODO Firewall Pro"="D:\Program Files\COMODO\Firewall\cfp.exe" [03/14/2008 09:04 PM]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [02/28/2006 08:00 AM]
"@"="" []
"StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 01:35 PM]
"Aim6"="D:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= D:\WINDOWS\system32\guard32.dll
-- End of Deckard's System Scanner: finished at 2008-04-01 15:22:36 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1023.11 MiB / 562.8 MiB
Pagefile Memory (total/avail): 2461.9 MiB / 2031.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1939.17 MiB
C: is Fixed (NTFS) - 38 GiB total, 15.97 GiB free.
D: is Fixed (NTFS) - 108.59 GiB total, 84.46 GiB free.
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - SAMSUNG HD160JJ/P - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 - Extended w/Extended Int 13 - 108.59 GiB - D:
\PARTITION2 (bootable) - Installable File System - 38 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
FW: COMODO Firewall Pro v3.0 (COMODO)
AV: Symantec AntiVirus Corporate Edition v10.1.6.6000 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"="D:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"D:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="D:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"D:\\Program Files\\Avant Browser\\avant.exe"="D:\\Program Files\\Avant Browser\\avant.exe:*:Enabled:Avant Browser"
"D:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"="D:\\Program Files\\Tencent\\QQ Games\\QQGames.exe:*:Enabled:QQ Games"
"D:\\Program Files\\AIM6\\aim6.exe"="D:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"D:\\Program Files\\World of Warcraft\\Repair.exe"="D:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\Harry\Application Data
CLASSPATH=.;D:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=HARRY-707372E6E
ComSpec=D:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\Harry
LOGONSERVER=\\HARRY-707372E6E
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\System32\Wbem;D:\Program Files\ATI Technologies\ATI.ACE\Core-Static;D:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=040a
ProgramFiles=D:\Program Files
PROMPT=$P$G
QTJAVA=D:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\Harry\LOCALS~1\Temp
TMP=D:\DOCUME~1\Harry\LOCALS~1\Temp
USERDOMAIN=HARRY-707372E6E
USERNAME=Harry
USERPROFILE=D:\Documents and Settings\Harry
windir=D:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Harry
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AIM 6 --> D:\Program Files\AIM6\uninst.exe
Aim Plugin for QQ Games --> D:\Program Files\Tencent\QQ Games\Plugin\Uninstall.EXE
AOL Instant Messenger --> D:\Program Files\AIM\uninstll.exe -LOG= D:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> D:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 D:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
Attansic Giga Ethernet Utility --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9
Attansic L1 Gigabit Ethernet Driver --> rundll32.exe D:\WINDOWS\system32\Attansic\L1\atcInst.dll,AtcUninst D:\WINDOWS\system32\Attansic\L1 x86 1969 1048 L1
Avant Browser (remove only) --> "D:\Program Files\Avant Browser\uninst.exe"
AVIVO Codecs --> MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only) --> "D:\Program Files\CCleaner\uninst.exe"
Combined Community Codec Pack 2007-07-22 --> "D:\Program Files\Combined Community Codec Pack\unins000.exe"
COMODO Firewall Pro --> D:\Program Files\COMODO\Firewall\cfpconfg.exe -u
High Definition Audio Driver Package - KB888111 --> D:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ImgBurn --> "D:\Program Files\ImgBurn\uninstall.exe"
iTunes --> MsiExec.exe /I{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> D:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire PRO 4.16.2 --> "D:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.1 (Symantec Corporation) --> "D:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Mega Manager --> D:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Megaupload Toolbar --> D:\Program Files\MegauploadToolbar\uninstall.exe
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
QQ Bubble Arena --> D:\Program Files\Tencent\QQ Games\QQ Bubble Arena\Uninstall.EXE
QQ Games --> D:\Program Files\Tencent\QQ Games\Uninstall.EXE
QQ Match Master --> D:\Program Files\Tencent\QQ Games\QQ Match Master\Uninstall.EXE
QQ Pool --> D:\Program Files\Tencent\QQ Games\QQ Pool\Uninstall.EXE
QQ Robo --> D:\Program Files\Tencent\QQ Games\QQ Robo\Uninstall.EXE
QQ Treasure Hunter --> D:\Program Files\Tencent\QQ Games\QQ Treasure Hunter\Uninstall.EXE
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.5 Setup Files (remove only) --> D:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
SpywareBlaster v3.5.1 --> "D:\Program Files\SpywareBlaster\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{50E125D1-88E5-48CE-80AE-98EC9698E639}
Viewpoint Media Player --> D:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WinRAR archiver --> D:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> D:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type1366 / Error
Event Submitted/Written: 04/01/2008 03:21:23 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <
http://www.download....uthrootseq.txt> with error: This network connection does not exist.
Event Record #/Type1365 / Error
Event Submitted/Written: 04/01/2008 03:21:23 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <
http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.
Event Record #/Type1340 / Error
Event Submitted/Written: 03/30/2008 10:33:17 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application LimeWire.exe, version 1.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type1138 / Error
Event Submitted/Written: 03/21/2008 08:45:18 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application avant.exe, version 11.5.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type1137 / Error
Event Submitted/Written: 03/21/2008 08:44:57 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application avant.exe, version 11.5.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2416 / Warning
Event Submitted/Written: 03/27/2008 08:33:34 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type2412 / Warning
Event Submitted/Written: 03/27/2008 07:33:59 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type2402 / Warning
Event Submitted/Written: 03/27/2008 05:49:31 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type2401 / Warning
Event Submitted/Written: 03/27/2008 05:12:44 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type2374 / Warning
Event Submitted/Written: 03/27/2008 04:59:07 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
-- End of Deckard's System Scanner: finished at 2008-04-01 15:22:36 ------------