Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0 Architecture: X86; Language: English CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ Percentage of Memory in Use: 34% Physical Memory (total/avail): 2941.82 MiB / 1926.75 MiB Pagefile Memory (total/avail): 6116.23 MiB / 5080.1 MiB Virtual Memory (total/avail): 2047.88 MiB / 1908.67 MiB C: is Fixed (NTFS) - 226.63 GiB total, 174.55 GiB free. D: is Fixed (NTFS) - 6.25 GiB total, 0.88 GiB free. E: is CDROM (UDF) F: is Removable (No Media) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) \\.\PHYSICALDRIVE0 - ST325082 0AS SCSI Disk Device - 232.88 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 226.63 GiB - C: \PARTITION1 - Installable File System - 6.25 GiB - D: \\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device \\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device \\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device \\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FW: COMODO Firewall Pro v3.0 (COMODO) AV: avast! antivirus 4.8.1201 [VPS 080614-1] v4.8.1201 (ALWIL Software) AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) AS: avast! antivirus 4.8.1201 [VPS 080614-1] v4.8.1201 (ALWIL Software) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\brightstar\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=BRIGHTSTAR-PC ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\brightstar LOCALAPPDATA=C:\Users\brightstar\AppData\Local LOGONSERVER=\\BRIGHTSTAR-PC NUMBER_OF_PROCESSORS=2 OnlineServices=Online Services OS=Windows_NT Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PCBRAND=Pavilion PLATFORM=HPD PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=4b02 ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public RoxioCentral=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\ SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\BRIGHT~1\AppData\Local\Temp TMP=C:\Users\BRIGHT~1\AppData\Local\Temp USERDOMAIN=brightstar-PC USERNAME=brightstar USERPROFILE=C:\Users\brightstar windir=C:\Windows -- User Profiles --------------------------------------------------------------- brightstar -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe" --> "C:\Program Files\HP Games\Bistro Stars\Uninstall.exe" --> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe" --> "C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe" --> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe" --> "C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe" --> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe" --> "C:\Program Files\HP Games\Carrie the Caregiver 3\Uninstall.exe" --> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe" --> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe" --> "C:\Program Files\HP Games\Dairy Dash\Uninstall.exe" --> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe" --> "C:\Program Files\HP Games\Family Feud\Uninstall.exe" --> "C:\Program Files\HP Games\FATE\Uninstall.exe" --> "C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe" --> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe" --> "C:\Program Files\HP Games\JEOPARDY\Uninstall.exe" --> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe" --> "C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe" --> "C:\Program Files\HP Games\Little Farm\Uninstall.exe" --> "C:\Program Files\HP Games\Mahjong Journey of Enlightenment\Uninstall.exe" --> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe" --> "C:\Program Files\HP Games\Mystery P.I. - The Vegas Heist\Uninstall.exe" --> "C:\Program Files\HP Games\Ocean Express\Uninstall.exe" --> "C:\Program Files\HP Games\Penguins!\Uninstall.exe" --> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe" --> "C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe" --> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe" --> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe" --> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe" --> "C:\Program Files\HP Games\Super Granny\Uninstall.exe" --> "C:\Program Files\HP Games\The Apprentice\Uninstall.exe" --> "C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe" --> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe" --> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe" --> "C:\Program Files\HP Games\Women's Murder Club - Death in Scarlet\Uninstall.exe" --> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe" Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\UninstFl.exe -q Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002} Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe Camp Funshine: Carrie the Caregiver 3 --> "C:\Program Files\Camp Funshine - Carrie the Caregiver 3\Uninstall.exe" COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u COMODO SafeSurf --> C:\Program Files\COMODO\SafeSurf\cssconfg.exe -u Dairy Dash --> "C:\Program Files\Dairy Dash\Uninstall.exe" DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u Escape From Paradise --> "C:\Program Files\Escape From Paradise\Uninstall.exe" First Class Flurry --> "C:\Program Files\First Class Flurry\Uninstall.exe" Hardware Diagnostic Tools --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe Hell's Kitchen --> "C:\Program Files\Hells Kitchen\Uninstall.exe" Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF} HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hoyle Enchanted Puzzles --> "C:\Program Files\Hoyle Enchanted Puzzles\Uninstall.exe" HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly HP Customer Feedback --> MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC} HP Easy Setup - Core --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9 HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly HP Picasso Media Center Add-In --> MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B} HP Total Care Advisor --> MsiExec.exe /X{0373779B-A362-4B2E-B8E9-7442F19F9394} HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134} Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} Jumpin' Jack --> "C:\Program Files\Jumpin Jack\Uninstall.exe" Live Search Club Toolbar --> MsiExec.exe /I{8154ADFC-B51E-493A-BDF5-2866B5B81279} Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA} Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B83A15A7-2BD5-4416-BC43-AF5F9A4B08A9}\setup.exe" -l0x9 My HP Games --> "C:\Program Files\HP Games\Uninstall.exe" My HP Games --> "C:\Program Files\HP Games\Uninstall.exe" Mystery Stories: Island of Hope --> "C:\Program Files\Mystery Stories - Island of Hope\Uninstall.exe" NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI OcxSetup --> MsiExec.exe /I{C3DC29BC-A8CF-4578-9DFC-37F049C44771} Python 2.4.3 --> MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313} Realtek High Definition Audio Driver --> RtlUpd.exe -r -m Roxio Creator Audio --> MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82} Roxio Creator Basic v9 --> MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} Roxio Creator Copy --> MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048} Roxio Creator Data --> MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87} Roxio Creator EasyArchive --> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B} Roxio Creator Tools --> MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF} Roxio Express Labeler 3 --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D} Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} The Secret of Margrave Manor --> "C:\Program Files\The Secret of Margrave Manor\Uninstall.exe" Tower Bloxx Deluxe --> "C:\Program Files\Tower Bloxx Deluxe\Uninstall.exe" Travel Agency --> "C:\Program Files\Travel Agency\Uninstall.exe" Virtual Farm --> "C:\Program Files\Virtual Farm\Uninstall.exe" Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66} Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D} Yahoo! Toolbar for Internet Explorer --> C:\PROGRA~1\Yahoo!\Common\unyt.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type1577 / Success Event Submitted/Written: 06/14/2008 11:43:14 AM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type1571 / Success Event Submitted/Written: 06/14/2008 11:41:37 AM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type1570 / Success Event Submitted/Written: 06/14/2008 11:41:36 AM Event ID/Source: 5615 / WinMgmt Event Description: Event Record #/Type1568 / Success Event Submitted/Written: 06/14/2008 11:41:12 AM Event ID/Source: 902 / Software Licensing Service Event Description: The Software Licensing service has started. Event Record #/Type1560 / Warning Event Submitted/Written: 06/14/2008 11:39:56 AM Event ID/Source: 1530 / profsvc Event Description: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-4178084007-1367516900-347216613-1000_Classes: Process 984 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4178084007-1367516900-347216613-1000_CLASSES -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type13898 / Warning Event Submitted/Written: 06/14/2008 01:23:49 PM Event ID/Source: 3004 / WinDefend Event Description: %brightstar-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %brightstar-PC27 can't undo changes that you allow. For more information please see the following: %brightstar-PC275 Scan ID: {1E5B30E6-981B-4ADA-84DF-4472ECF30AC5} User: brightstar-PC\brightstar Name: %brightstar-PC271 ID: %brightstar-PC272 Severity ID: %brightstar-PC273 Category ID: %brightstar-PC274 Path Found: %brightstar-PC276 Alert Type: %brightstar-PC278 Detection Type: 1.1.1600.02 Event Record #/Type13897 / Warning Event Submitted/Written: 06/14/2008 01:23:49 PM Event ID/Source: 3004 / WinDefend Event Description: %brightstar-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %brightstar-PC27 can't undo changes that you allow. For more information please see the following: %brightstar-PC275 Scan ID: {5C7768A3-3E6F-4B2F-8D3D-D1BF5F74F9BB} User: brightstar-PC\brightstar Name: %brightstar-PC271 ID: %brightstar-PC272 Severity ID: %brightstar-PC273 Category ID: %brightstar-PC274 Path Found: %brightstar-PC276 Alert Type: %brightstar-PC278 Detection Type: 1.1.1600.02 Event Record #/Type13896 / Warning Event Submitted/Written: 06/14/2008 01:23:49 PM Event ID/Source: 3004 / WinDefend Event Description: %brightstar-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %brightstar-PC27 can't undo changes that you allow. For more information please see the following: %brightstar-PC275 Scan ID: {C17E2492-DCC7-4BB5-9D7D-5AE6CC064FDE} User: brightstar-PC\brightstar Name: %brightstar-PC271 ID: %brightstar-PC272 Severity ID: %brightstar-PC273 Category ID: %brightstar-PC274 Path Found: %brightstar-PC276 Alert Type: %brightstar-PC278 Detection Type: 1.1.1600.02 Event Record #/Type13895 / Warning Event Submitted/Written: 06/14/2008 01:23:49 PM Event ID/Source: 3004 / WinDefend Event Description: %brightstar-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %brightstar-PC27 can't undo changes that you allow. For more information please see the following: %brightstar-PC275 Scan ID: {E0EF17E5-5F28-46DC-B796-311E3A8044A8} User: brightstar-PC\brightstar Name: %brightstar-PC271 ID: %brightstar-PC272 Severity ID: %brightstar-PC273 Category ID: %brightstar-PC274 Path Found: %brightstar-PC276 Alert Type: %brightstar-PC278 Detection Type: 1.1.1600.02 Event Record #/Type13894 / Warning Event Submitted/Written: 06/14/2008 01:23:49 PM Event ID/Source: 3004 / WinDefend Event Description: %brightstar-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %brightstar-PC27 can't undo changes that you allow. For more information please see the following: %brightstar-PC275 Scan ID: {A5C90832-F36B-42E0-AF55-907F4039BC19} User: brightstar-PC\brightstar Name: %brightstar-PC271 ID: %brightstar-PC272 Severity ID: %brightstar-PC273 Category ID: %brightstar-PC274 Path Found: %brightstar-PC276 Alert Type: %brightstar-PC278 Detection Type: 1.1.1600.02 -- End of Deckard's System Scanner: finished at 2008-06-14 13:25:39 ------------