Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel Pentium III processor Percentage of Memory in Use: 78% Physical Memory (total/avail): 254.3 MiB / 55.76 MiB Pagefile Memory (total/avail): 625.75 MiB / 164.27 MiB Virtual Memory (total/avail): 2047.88 MiB / 1935.98 MiB A: is Removable (No Media) C: is Fixed (FAT32) - 55.88 GiB total, 45.62 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - ST360015A - 55.9 GiB - 1 partition \PARTITION0 (bootable) - Unknown - 55.9 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AntivirusOverride is set. FW: COMODO Firewall Pro v3.0 (COMODO) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\drivers\\shellz\\winspector.exe"="C:\\WINDOWS\\system32\\drivers\\shellz\\winspector.exe:*:Enabled:Unspecified" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\LashBack\\LashBackControl.exe"="C:\\Program Files\\LashBack\\LashBackControl.exe:*:Enabled:LashBack Spam Control Panel" "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\\Program Files\\Family Tree Maker 2005\\Ftw.exe"="C:\\Program Files\\Family Tree Maker 2005\\Ftw.exe:*:Enabled:Family Tree Maker 2005" "C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\lxamSW32.EXE"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\lxamSW32.EXE:*:Enabled:Control Program" "C:\\WINDOWS\\system32\\drivers\\shellz\\winspector.exe"="C:\\WINDOWS\\system32\\drivers\\shellz\\winspector.exe:*:Enabled:Unspecified" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\WINDOWS\\System32\\LEXPPS.EXE"="C:\\WINDOWS\\System32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\WINDOWS\\System32\\mmc.exe"="C:\\WINDOWS\\System32\\mmc.exe:*:Disabled:Microsoft Management Console" "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM" "C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"="C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Deborah\Application Data CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=DEB ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Deborah LOGONSERVER=\\DEB NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 3, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0803 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Deborah\LOCALS~1\Temp TMP=C:\DOCUME~1\Deborah\LOCALS~1\Temp USERDOMAIN=DEB USERNAME=Deborah USERPROFILE=C:\Documents and Settings\Deborah windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Deborah [I](admin)[/I] Guest [I](new local, guest)[/I] -- Add/Remove Programs --------------------------------------------------------- --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\INSTALL.LOG CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Clear Cache feature for Internet Explorer --> MsiExec.exe /I{4E901875-0F15-44BA-89DE-94AA41A7F507} COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u Disk Cleaner (remove only) --> "C:\Program Files\Disk Cleaner\uninstall.exe" eMedia Beginner Guitar Lessons --> "C:\Program Files\eMedia Beginner Guitar Lessons\Uninstall.exe" "C:\Program Files\eMedia Beginner Guitar Lessons\install.log" EZMedia Box 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE8556FB-4A95-47FA-8E88-A1A18B52105C}\Setup.exe" -l0x9 Family Tree Maker 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B136E4A4-7660-4F15-9752-EF8E6BA7866D}\setup.exe" -l0x9 FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall IE7Pro --> C:\Program Files\IEPro\uninst.exe Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Lexmark 1200 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZUN5C.EXE -dLexmark 1200 Series LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Microsoft Baseline Security Analyzer 2.1 --> MsiExec.exe /I{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5} Microsoft Calculator Plus --> MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office 2000 Small Business --> MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7} Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9} Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} MyHeritage Family Tree Builder --> C:\Program Files\MyHeritage\Bin\Uninstall.exe Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu" Notepad++ --> C:\Program Files\Notepad++\uninstall.exe Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe" Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe" Symantec AntiVirus Client --> MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E} The Sims --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\The Sims\Uninst.isu" Wal-Mart Digital Photo Manager --> MsiExec.exe /X{C94C253C-069F-4C02-8E5B-C1D056827643} WebFldrs XP --> Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG -- Application Event Log ------------------------------------------------------- Event Record #/Type38124 / Warning Event Submitted/Written: 05/16/2008 00:52:19 PM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type38113 / Error Event Submitted/Written: 05/16/2008 00:14:00 PM Event ID/Source: 11 / crypt32 Event Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Event Record #/Type38112 / Error Event Submitted/Written: 05/16/2008 00:14:00 PM Event ID/Source: 11 / crypt32 Event Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Event Record #/Type38111 / Error Event Submitted/Written: 05/16/2008 00:14:00 PM Event ID/Source: 11 / crypt32 Event Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Event Record #/Type38110 / Error Event Submitted/Written: 05/16/2008 00:14:00 PM Event ID/Source: 11 / crypt32 Event Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type23325 / Warning Event Submitted/Written: 05/17/2008 02:01:31 AM Event ID/Source: 3004 / WinDefend Event Description: %DEB27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DEB27 can't undo changes that you allow. For more information please see the following: %DEB275 Scan ID: {11847D88-4F8E-4ED3-95F3-27BB8E2FDF5D} User: DEB\Deborah Name: %DEB271 ID: %DEB272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %DEB276 Alert Type: %DEB278 Detection Type: 1.1.1593.02 Event Record #/Type23324 / Warning Event Submitted/Written: 05/17/2008 02:01:31 AM Event ID/Source: 3004 / WinDefend Event Description: %DEB27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DEB27 can't undo changes that you allow. For more information please see the following: %DEB275 Scan ID: {269F1653-FEBC-470C-AB50-88925C194A28} User: DEB\Deborah Name: %DEB271 ID: %DEB272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %DEB276 Alert Type: %DEB278 Detection Type: 1.1.1593.02 Event Record #/Type23312 / Warning Event Submitted/Written: 05/16/2008 06:29:28 PM Event ID/Source: 1073 / USER32 Event Description: The attempt to unknown DEB failed Event Record #/Type23300 / Error Event Submitted/Written: 05/16/2008 02:23:45 PM Event ID/Source: 10010 / DCOM Event Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Event Record #/Type23299 / Error Event Submitted/Written: 05/16/2008 01:27:12 PM Event ID/Source: 10010 / DCOM Event Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. -- End of Deckard's System Scanner: finished at 2008-05-17 02:04:48 ------------