The reason I was at another computer was that it was taking 20 minutes to boot the computer. Once it finished loading everything, I was able to use. Here are the log files:
ComboFix 07-09-10.6 - "Donna Perrott" 2007-09-11 16:25:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.61 [GMT -7:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode
C:\DOCUME~1\DONNAP~1\STARTM~1\Programs\Startup.\TA_Start.lnk
C:\DOCUME~1\DONNAP~1\STARTM~1\Programs\Startup\ta_start.lnk
C:\DOCUME~1\DONNAP~1\STARTM~1\Programs\Startup\think-adz.lnk
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\network monitor
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\atmtd.dll.tmp
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\dwdsrngt.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\lioyrybl.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\SYSTEM32\wvvwa.bak1
C:\WINDOWS\SYSTEM32\wvvwa.ini
C:\WINDOWS\system32\zxdnt3d.cfg
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_NETWORK_MONITOR
((((((((((((((((((((((((( Files Created from 2007-08-11 to 2007-09-11 )))))))))))))))))))))))))))))))
.
2007-09-11 16:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-11 15:58 <DIR> d-------- C:\Deckard
2007-09-11 13:18 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-09-11 11:59 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-09-11 08:59 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-09-11 08:59 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-09-11 08:59 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
2007-09-10 10:19 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-08-31 10:01 <DIR> d-------- C:\VundoFix Backups
2007-08-30 13:29 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-30 13:29 <DIR> d-------- C:\DOCUME~1\DONNAP~1\APPLIC~1\Lavasoft
2007-08-30 10:29 <DIR> d-------- C:\WINDOWS\pss
2007-08-24 16:04 6,473 --ahs---- C:\WINDOWS\SYSTEM32\prutv.bak1
2007-08-24 14:54 6,473 --ahs---- C:\WINDOWS\SYSTEM32\ppqss.bak1
2007-08-24 13:38 6,473 --ahs---- C:\WINDOWS\SYSTEM32\ijkmp.bak1
2007-08-24 13:15 <DIR> d-------- C:\Program Files\Windows Defender
2007-08-24 09:17 <DIR> d-------- C:\viruses
2007-08-24 01:46 1,612,249 --ahs---- C:\WINDOWS\SYSTEM32\vybeg.bak2
2007-08-23 14:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\NtmsData
2007-08-23 10:40 94,480 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-08-23 10:39 <DIR> d-------- C:\DOCUME~1\DONNAP~1\APPLIC~1\HouseCall 6.6
2007-08-23 10:14 52,749 --a------ C:\WINDOWS\SYSTEM32\lkdsrngk.exe
2007-08-23 09:31 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Yahoo!
2007-08-23 09:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-08-22 13:45 1,589,403 --ahs---- C:\WINDOWS\SYSTEM32\vybeg.bak1
2007-08-22 13:34 <DIR> d--hs---- C:\WINDOWS\RG9ubmEgSiBIYXluZXM
2007-08-22 13:34 <DIR> d-------- C:\WINDOWS\SYSTEM32\temps1
2007-08-22 13:34 <DIR> d-------- C:\WINDOWS\SYSTEM32\IBD4
2007-08-22 13:34 <DIR> d-------- C:\WINDOWS\SYSTEM32\cofig32
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-11 10:38 --------- d-------- C:\DOCUME~1\DONNAP~1\APPLIC~1\OpenOffice.org2
2007-08-28 13:17 --------- d-------- C:\DOCUME~1\DONNAP~1\APPLIC~1\Corel
2007-08-24 13:46 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-08-23 14:47 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-23 14:46 --------- d-------- C:\Program Files\Dell
2007-08-23 09:21 --------- d-------- C:\Program Files\Yahoo!
2007-07-16 11:53 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-07-16 11:53 --------- d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-05-09 14:18 173941 --a------ C:\Program Files\CA14C7DX.pdf
2007-05-07 11:36 105738 --a------ C:\Program Files\PrintViewDoc.pdf
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D10A71DE-B2C5-49FD-921F-4B2548C2ABAA}]
C:\WINDOWS\system32\jkhff.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4843D15-1A10-491C-8D9B-6BAB4CB5D090}]
C:\Program Files\Windows NT\wohuraki.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-06 22:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-06 22:07]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 12:47]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 20:35]
"DwlClient"="c:\Program Files\Common Files\Dell\EUSW\Support.exe" [2003-10-07 14:21]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-12-14 10:17]
"\\DONNA\EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.exe" [2004-05-19 14:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"{63-39-93-37-ZN}"="C:\windows\system32\lkdsrngk.exe" [2007-08-23 10:14]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]
C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]
C:\DOCUME~1\DONNAP~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\awvvw
R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS
.
Contents of the 'Scheduled Tasks' folder
"2004-07-13 22:09:44 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2007-09-11 23:38:48 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2006-12-23 04:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
"2007-09-11 23:41:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-09-11 16:40:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\dwdsrngt.exe
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\DONNA\\EPSON Stylus Photo RX620 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9HA.EXE /P39 \"\\\\DONNA\\EPSON Stylus Photo RX620 Series\" /O6 \"USB002\" /M \"Stylus Photo RX620\""
.
Completion time: 2007-09-11 16:46:14 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-11 16:45
.
--- E O F ---
Deckard's System Scanner v20070905.67
Run by Donna Perrott on 2007-09-11 15:58:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
88: 2007-09-11 22:59:04 UTC - RP364 - Deckard's System Scanner Restore Point
87: 2007-09-11 22:16:41 UTC - RP363 - Windows Defender Checkpoint
86: 2007-09-11 19:03:06 UTC - RP362 - Windows Defender Checkpoint
85: 2007-09-11 17:33:58 UTC - RP361 - Last known good configuration
84: 2007-09-11 17:33:02 UTC - RP360 - Windows Defender Checkpoint
-- First Restore Point --
1: 2007-09-11 17:31:16 UTC - RP277 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 254 MiB (512 MiB recommended).-- HijackThis (run as Donna Perrott.exe) ---------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-09-11 15:59:49
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)
Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\BRSVC01A.EXE
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\BRSS01A.EXE
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\SYSTEM32\fxssvc.exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATI9HA.EXE
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SYSTEM32\lkdsrngk.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Donna Perrott\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywayR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapp.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapp...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapp...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\MSN Gaming Zone\Windows\HRTZZM.EXE"
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://home.peoplepc.com/searchR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL
O2 - BHO: (no name) - {D10A71DE-B2C5-49FD-921F-4B2548C2ABAA} - C:\WINDOWS\system32\jkhff.dll (file missing)
O2 - BHO: (no name) - {DFA6AE74-0BB0-4871-BADF-B97FC42BFBBA} - C:\WINDOWS\SYSTEM32\awvvw.dll
O2 - BHO: 0 - {E4843D15-1A10-491C-8D9B-6BAB4CB5D090} - C:\Program Files\Windows NT\wohuraki.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKEY_LOCAL_MACHINE\..\Run: [\\DONNA\EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P39 "\\DONNA\EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKEY_LOCAL_MACHINE\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKEY_LOCAL_MACHINE\..\Run: [{63-39-93-37-ZN}] C:\windows\system32\lkdsrngk.exe CHD003
O4 - HKEY_LOCAL_MACHINE\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\lkdsrngk.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\pwinlmdt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://fpdownload.ma...director/sw.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1170882246093O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () -
http://fpdownload.ma...t/ultrashim.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.ma...ash/swflash.cabO18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - "C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe"
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 BrPar - c:\windows\system32\drivers\brpar.sys <Not Verified; Brother Industries Ltd.; Brother Parallel Class Driver>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 rtl8180 (Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver) - c:\windows\system32\drivers\rtl8180.sys <Not Verified; Realtek Semiconductor Corporation; Realtek RTL8180 Wireless LAN (Mini-)PCI NIC>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 Avg7Alrt (AVG7 Alert Manager Server) - c:\progra~1\grisoft\avg7\avgamsvr.exe (file missing)
S2 AVGEMS (AVG E-mail Scanner) - c:\progra~1\grisoft\avg7\avgemc.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Service: bcm4sbxp
-- Scheduled Tasks -------------------------------------------------------------
2007-09-11 16:01:00 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-09-11 15:22:39 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2006-12-22 21:00:00 564 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
2004-07-13 15:09:44 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job
-- Files created between 2007-08-11 and 2007-09-11 -----------------------------
2007-09-11 13:27:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-09-11 13:18:45 0 d-------- C:\Documents and Settings\Donna Perrott\Application Data\Grisoft
2007-09-11 11:59:41 0 d-------- C:\Program Files\SpywareBlaster
2007-09-11 10:38:55 6448 ---hs---- C:\WINDOWS\system32\wvvwa.bak1
2007-09-11 10:33:59 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMonitor
2007-09-11 10:31:46 0 d-------- C:\Program Files\Common Files\WinAntiSpyware 2007
2007-09-11 10:31:37 0 d-------- C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007
2007-09-11 10:30:51 244832 --a------ C:\WINDOWS\system32\awvvw.dll
2007-09-11 08:59:38 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-09-11 08:59:38 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-09-11 08:59:38 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-09-11 08:59:38 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-09-11 08:59:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-09-11 08:59:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-09-11 08:59:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-09-11 08:59:38 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-09-11 08:59:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-09-11 08:59:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-09-11 08:59:37 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-09-11 08:59:37 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-09-11 08:59:37 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-09-11 08:59:37 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-09-11 08:59:37 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-09-11 08:59:37 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-09-11 08:59:37 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-09-11 08:59:37 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-09-11 08:59:36 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-09-10 10:19:38 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-31 10:01:45 0 d-------- C:\VundoFix Backups
2007-08-30 13:29:59 0 d-------- C:\Documents and Settings\Donna Perrott\Application Data\Lavasoft
2007-08-30 13:29:44 0 d-------- C:\Program Files\Lavasoft
2007-08-30 10:29:01 0 d-------- C:\WINDOWS\pss
2007-08-30 09:08:15 75328 --a------ C:\WINDOWS\system32\lioyrybl.exe <Not Verified; ; DDC>
2007-08-28 11:30:49 0 d-------- C:\Program Files\Network Monitor
2007-08-24 16:04:14 6473 ---hs---- C:\WINDOWS\system32\prutv.bak1
2007-08-24 14:54:52 6473 ---hs---- C:\WINDOWS\system32\ppqss.bak1
2007-08-24 13:38:24 6473 ---hs---- C:\WINDOWS\system32\ijkmp.bak1
2007-08-24 13:15:26 0 d-------- C:\Program Files\Windows Defender
2007-08-24 11:55:46 0 dr-h----- C:\Documents and Settings\Donna Perrott\Recent
2007-08-24 09:17:02 0 d-------- C:\viruses
2007-08-24 01:46:43 1612249 ---hs---- C:\WINDOWS\system32\vybeg.bak2
2007-08-23 14:57:12 0 d-------- C:\WINDOWS\system32\NtmsData
2007-08-23 10:39:13 0 d-------- C:\Documents and Settings\Donna Perrott\Application Data\HouseCall 6.6
2007-08-23 10:14:00 52749 --a------ C:\WINDOWS\system32\lkdsrngk.exe <Not Verified; ; Browser Driver>
2007-08-23 09:49:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-08-23 09:44:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-23 09:44:02 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-08-23 09:31:59 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2007-08-23 09:30:55 0 dr------- C:\Documents and Settings\LocalService\Favorites
2007-08-23 09:25:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-08-22 13:45:58 1589403 --ahs---- C:\WINDOWS\system32\vybeg.bak1
2007-08-22 13:34:47 932 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-08-22 13:34:39 0 d--hs---- C:\WINDOWS\RG9ubmEgSiBIYXluZXM
2007-08-22 13:34:03 0 d-------- C:\WINDOWS\system32\cofig32
2007-08-22 13:34:02 0 d-------- C:\WINDOWS\system32\temps1
2007-08-22 13:34:02 0 d-------- C:\WINDOWS\system32\IBD4
2007-08-22 13:33:57 52742 --a------ C:\WINDOWS\system32\dwdsrngt.exe <Not Verified; ; Browser Driver>
2007-08-22 13:33:40 0 d-------- C:\WINDOWS\system32\f02WtR
-- Find3M Report ---------------------------------------------------------------
2007-09-11 15:21:54 0 d-------- C:\Program Files\Common Files
2007-09-11 10:38:33 0 d-------- C:\Documents and Settings\Donna Perrott\Application Data\OpenOffice.org2
2007-08-28 13:17:15 0 d-------- C:\Documents and Settings\Donna Perrott\Application Data\Corel
2007-08-24 09:19:13 0 d-------- C:\Program Files\Windows NT
2007-08-23 14:47:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-23 14:46:25 0 d-------- C:\Program Files\Dell
2007-08-23 09:21:21 0 d-------- C:\Program Files\Yahoo!
2007-07-16 11:53:52 0 d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D10A71DE-B2C5-49FD-921F-4B2548C2ABAA}]
C:\WINDOWS\system32\jkhff.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DFA6AE74-0BB0-4871-BADF-B97FC42BFBBA}]
09/11/2007 10:30 AM 244832 --a------ C:\WINDOWS\system32\awvvw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4843D15-1A10-491C-8D9B-6BAB4CB5D090}]
C:\Program Files\Windows NT\wohuraki.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [04/06/2003 10:19 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/06/2003 10:07 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/09/2006 12:47 PM]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [12/11/2003 08:35 PM]
"DwlClient"="c:\Program Files\Common Files\Dell\EUSW\Support.exe" [10/07/2003 02:21 PM]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [03/18/2004 10:33 AM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [12/14/2006 10:17 AM]
"\\DONNA\EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.exe" [05/19/2004 02:00 PM]
"@"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"{63-39-93-37-ZN}"="C:\windows\system32\lkdsrngk.exe" [08/23/2007 10:14 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\Donna Perrott\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 7:00:00 AM]
TA_Start.lnk - C:\WINDOWS\SYSTEM32\lkdsrngk.exe [8/23/2007 10:14:00 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\awvvw
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
*Newly Created Service* - GTNDIS5
-- End of Deckard's System Scanner: finished at 2007-09-11 16:03:47 ------------
Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 2.66GHz
Percentage of Memory in Use: 79%
Physical Memory (total/avail): 254 MiB / 53.13 MiB
Pagefile Memory (total/avail): 622.04 MiB / 262.33 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1974.67 MiB
C: is Fixed (NTFS) - 37.21 GiB total, 21.49 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD400BB-75FJA1 - 37.25 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
FW: Norton Internet Security v2004 (Symantec Corporation)
DisabledAV: AVG 7.5.484 v7.5.484 (GRISOFT)
AV: Norton AntiVirus v2004 (Symantec Corporation)
Outdated[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\WINDOWS\\system32\\ksppkpor.exe"="C:\\WINDOWS\\system32\\ksp"
"C:\\WINDOWS\\system32\\udnpmylf.exe"="C:\\WINDOWS\\system32\\udn"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Donna Perrott\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FRONT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Donna Perrott
LOGONSERVER=\\FRONT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DONNAP~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DONNAP~1\LOCALS~1\Temp
USERDOMAIN=FRONT
USERNAME=Donna Perrott
USERPROFILE=C:\Documents and Settings\Donna Perrott
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Donna Perrott
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Broadcom Management Programs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
Brother HL-5170DN --> "C:\Program Files\Brother\BRHL5170\IsUninst.exe" -f"C:\Program Files\Brother\BRHL5170\DeIsL1.isu" -cbruninst.dll
CC_ccProxyMSI --> MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support --> MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
Enhanced Ads by Think-Adz removal --> C:\WINDOWS\system32\pwinlmdt.exe -UPop
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
HouseCall 6.6 --> "C:\Documents and Settings\Donna Perrott\Application Data\HouseCall 6.6\uninstaller.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Lexmark Software Uninstall --> C:\Program Files\Lexmark_HostCD\Install\Uninstall.exe
Linksys Wireless-G PCI Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x9
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Microsoft Encarta Encyclopedia Standard 2004 --> MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Internet Security (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton Spyware Scan provided by Yahoo! --> C:\PROGRA~1\Yahoo!\Common\unynss.exe
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
OpenOffice.org 2.0 --> MsiExec.exe /I{75852F49-2CAF-443F-B7C2-53DE5847DE56}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PC Rater --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9AEEA40-F590-4EB5-B0CE-566E40931621}\setup.exe" -l0x9 removeall
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Stamps.com --> "C:\Documents and Settings\All Users\Application Data\{093493DE-0BEE-430B-B715-9C7066583472}\stamps.exe" REMOVE=TRUE MODIFY=FALSE
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
The Print Shop 12 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DD1FE66-5536-41E3-B786-70068887B3F4}\setup.exe" -l0x9 anything
Think-Adz Search Assistant removal --> C:\WINDOWS\system32\pwinlmdt.exe -USearch
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
WinFSC Commerce West California --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11 \Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B941B400-7AC7-4B1E-9FED-49CF12C87EA1}\SETUP.exe" -l0x9 -uninst -removeonly
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type3379 / Warning
Event Submitted/Written: 09/11/2007 03:17:54 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type3365 / Warning
Event Submitted/Written: 09/11/2007 03:03:07 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type3364 / Warning
Event Submitted/Written: 09/11/2007 03:02:36 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 80080005.
Event Record #/Type3362 / Error
Event Submitted/Written: 09/11/2007 03:01:21 PM / 09/11/2007 03:01:22 PM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
mptelemetry8024402cendsearchsearch1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL
Event Record #/Type3348 / Warning
Event Submitted/Written: 09/11/2007 01:24:11 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type15636 / Error
Event Submitted/Written: 09/11/2007 04:01:22 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the WMP54Gv4SVC service.
Event Record #/Type15634 / Warning
Event Submitted/Written: 09/11/2007 04:00:49 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%FRONT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %FRONT27 can't undo changes that you allow.
For more information please see the following:
%FRONT275
Scan ID: {A1939CB5-89AB-4677-AB5F-A6FA1931B85A}
User: FRONT\Donna Perrott
Name: %FRONT271
ID: %FRONT272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %FRONT276
Alert Type: %FRONT278
Detection Type: 1.1.1593.02
Event Record #/Type15633 / Warning
Event Submitted/Written: 09/11/2007 04:00:49 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%FRONT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %FRONT27 can't undo changes that you allow.
For more information please see the following:
%FRONT275
Scan ID: {E60F117C-D8D7-46F5-B94F-44544934991F}
User: FRONT\Donna Perrott
Name: %FRONT271
ID: %FRONT272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %FRONT276
Alert Type: %FRONT278
Detection Type: 1.1.1593.02
Event Record #/Type15632 / Warning
Event Submitted/Written: 09/11/2007 04:00:49 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%FRONT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %FRONT27 can't undo changes that you allow.
For more information please see the following:
%FRONT275
Scan ID: {1CE2C2D3-9059-4EE7-A1D5-F04ECE87122C}
User: FRONT\Donna Perrott
Name: %FRONT271
ID: %FRONT272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %FRONT276
Alert Type: %FRONT278
Detection Type: 1.1.1593.02
Event Record #/Type15630 / Error
Event Submitted/Written: 09/11/2007 04:00:49 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.
-- End of Deckard's System Scanner: finished at 2007-09-11 16:03:47 ------------