Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Celeron(R) CPU 2.50GHz Percentage of Memory in Use: 59% Physical Memory (total/avail): 247.48 MiB / 99.33 MiB Pagefile Memory (total/avail): 606.52 MiB / 377.84 MiB Virtual Memory (total/avail): 2047.88 MiB / 1929.67 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 37.26 GiB total, 31.31 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - ST340015A - 37.27 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 37.26 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. FW: Defender Pro Internet Security v6.0.2.621 () [COLOR=RED]Disabled[/COLOR] AV: Defender Pro Internet Security v6.0.2.621 () [COLOR=RED]Disabled[/COLOR] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Defender Pro\\Defender Pro Internet Security 6.0\\avp.exe"="C:\\Program Files\\Defender Pro\\Defender Pro Internet Security 6.0\\avp.exe:*:Enabled:Defender Pro" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\badman420\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=ANNE-4085803EAE ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\badman420 LOGONSERVER=\\ANNE-4085803EAE NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0209 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\BADMAN~1\LOCALS~1\Temp TMP=C:\DOCUME~1\BADMAN~1\LOCALS~1\Temp USERDOMAIN=ANNE-4085803EAE USERNAME=badman420 USERPROFILE=C:\Documents and Settings\badman420 windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- Owner [I](admin)[/I] badman420 [I](admin)[/I] anne r [I](new local, admin)[/I] Anne Rutledge [I](admin)[/I] David [I](new local, admin)[/I] Administrator [I](admin)[/I] -- Add/Remove Programs --------------------------------------------------------- --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O ContextTool --> C:\Program Files\ContextTool\uninstall.exe Defender Pro Internet Security --> MsiExec.exe /I{D0DCD54F-C829-41A5-AF32-71E632BB0E2C} Defender Pro Internet Security --> MsiExec.exe /I{D0DCD54F-C829-41A5-AF32-71E632BB0E2C} Enhancement Browser Tools Gooochi --> C:\WINDOWS\system32\{44973b67-9c2a-1db7-cc23-2d175a5d5474}.dll-uninst.exe FrostWire 4.13.5 --> C:\Program Files\FrostWire\Uninstall.exe Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF} HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Intel(R) Extreme Graphics Driver Software --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562 Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MySidesearch Search Assistant Bfinding --> C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe Online Hold'em Inspector 2.41d4 --> C:\Program Files\HoldemInspector2\uninst.exe PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log" PartyPokerNet --> "C:\Program Files\PartyGaming.Net\PartyPokerNet\Uninstall.exe" "C:\Program Files\PartyGaming.Net\PartyPokerNet\install.log" PC-Cleaner --> C:\Program Files\PC-Cleaner\Uninstall.exe PlayMP3z --> C:\Program Files\PlayMP3z\uninstall.exe Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D} Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66} Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" winvi (remove only) --> "C:\Program Files\winvi\uninst.exe" -- Application Event Log ------------------------------------------------------- Event Record #/Type675 / Warning Event Submitted/Written: 05/08/2008 07:45:17 PM / 05/08/2008 07:45:18 PM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type669 / Warning Event Submitted/Written: 05/08/2008 03:48:00 PM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type665 / Error Event Submitted/Written: 05/08/2008 02:44:35 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application wupda.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x771c578e. Processing media-specific event for [wupda.exe!ws!] Event Record #/Type664 / Error Event Submitted/Written: 05/08/2008 02:44:12 PM / 05/08/2008 02:44:15 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x07171569. Processing media-specific event for [iexplore.exe!ws!] Event Record #/Type661 / Success Event Submitted/Written: 05/08/2008 02:43:43 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type3053 / Error Event Submitted/Written: 05/08/2008 11:01:39 PM Event ID/Source: 7000 / Service Control Manager Event Description: The Defender Pro Internet Security service failed to start due to the following error: %%1053 Event Record #/Type3052 / Error Event Submitted/Written: 05/08/2008 11:01:38 PM / 05/08/2008 11:01:39 PM Event ID/Source: 7009 / Service Control Manager Event Description: Timeout (30000 milliseconds) waiting for the Defender Pro Internet Security service to connect. Event Record #/Type3031 / Error Event Submitted/Written: 05/08/2008 10:13:20 PM Event ID/Source: 7000 / Service Control Manager Event Description: The Defender Pro Internet Security service failed to start due to the following error: %%1053 Event Record #/Type3030 / Error Event Submitted/Written: 05/08/2008 10:13:20 PM Event ID/Source: 7009 / Service Control Manager Event Description: Timeout (30000 milliseconds) waiting for the Defender Pro Internet Security service to connect. Event Record #/Type3027 / Error Event Submitted/Written: 05/08/2008 08:33:24 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} -- End of Deckard's System Scanner: finished at 2008-05-08 23:51:46 ------------