I tried to use the Kapersky Online Scanner, but when it tried to intialize, it kept saying that the Liscence has expired.
DDS:
Deckard's System Scanner v20071014.68
Run by User for now on 2008-12-26 10:44:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 3 Restore Point(s) --
3: 2008-12-26 15:44:43 UTC - RP260 - Deckard's System Scanner Restore Point
2: 2008-12-26 02:36:53 UTC - RP259 - Installed SUPERAntiSpyware Free Edition
1: 2008-12-26 00:26:57 UTC - RP258 - Trying To Fix The Computer
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 511 MiB (512 MiB recommended).-- HijackThis (run as User for now.exe) ----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:36 AM, on 12/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
C:\Program Files\COGECO Security Services\Anti-Virus\FSGK32.EXE
C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\COGECO Security Services\Common\FSMB32.EXE
C:\Program Files\COGECO Security Services\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\COGECO Security Services\Common\FAMEH32.EXE
C:\Program Files\COGECO Security Services\Anti-Virus\fsqh.exe
C:\Program Files\COGECO Security Services\FSPC\fspc.exe
C:\Program Files\COGECO Security Services\FSAUA\program\fsaua.exe
C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\COGECO Security Services\Common\FSM32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\COGECO Security Services\FSAUA\program\fsus.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\COGECO Security Services\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fsav32.exe
C:\Documents and Settings\User for now\Desktop\Computer Reports\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\User for now.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\COGECO Security Services\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\COGECO Security Services\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Search -
http://kl.bar.need2f...earch.html?p=KLO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) -
http://support.f-sec...m/ols/fscax.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) -
http://67.15.101.33/...ds_2_0_0_77.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1181257522734O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1184058518015O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) -
http://www.cogeco.ca...ols21/fscax.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) -
http://support.f-sec...3beta/fscax.cabO17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\COGECO Security Services\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
--
End of file - 11243 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 COMMONFX.DLL - c:\windows\system32\commonfx.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
S3 CTEAPSFX.DLL - c:\windows\system32\cteapsfx.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
S3 CTSBLFX.DLL - c:\windows\system32\ctsblfx.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
S3 F-Secure Standalone Minifilter - c:\docume~1\userfo~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys (file missing)
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: System Interrupt Controller
Device ID: PCI\VEN_1106&DEV_5327&SUBSYS_00000000&REV_00\3&267A616A&0&05
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_1106&DEV_5327&SUBSYS_00000000&REV_00\3&267A616A&0&05
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-12-26 00:00:36 526 --a------ C:\WINDOWS\Tasks\Scheduled scanning task.job
2008-12-23 14:13:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-11-26 and 2008-12-26 -----------------------------
2008-12-26 09:41:43 0 d-------- C:\Program Files\Trend Micro
2008-12-25 23:40:41 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-12-25 23:05:15 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-12-25 21:37:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-25 21:36:54 0 d-------- C:\Program Files\SUPERAntiSpyware <SUPERA~1>
2008-12-25 21:36:54 0 d-------- C:\Documents and Settings\User for now\Application Data\SUPERAntiSpyware.com
2008-12-25 21:36:14 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-25 19:30:44 0 d-------- C:\Documents and Settings\User for now\Application Data\Grisoft
2008-12-23 16:37:28 0 dr-h----- C:\Documents and Settings\User for now\Recent
2008-12-22 17:22:09 0 d-------- C:\Documents and Settings\User for now\Application Data\Printer Info Cache
-- Find3M Report ---------------------------------------------------------------
2008-12-26 09:09:59 13594 --a------ C:\WINDOWS\system32\tablet.dat
2008-12-26 09:08:50 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000005-00000000-00000005-00001102-00000004-00531102}.dat
2008-12-26 09:08:50 24 --a------ C:\WINDOWS\system32\DVCState-{00000005-00000000-00000005-00001102-00000004-00531102}.dat
2008-12-26 00:19:15 0 d-------- C:\Program Files\QuickTime
2008-12-26 00:18:31 0 d-------- C:\Program Files\MSN Messenger
2008-12-26 00:17:46 0 d-------- C:\Program Files\Morpheus
2008-12-26 00:14:46 0 d-------- C:\Program Files\iTunes
2008-12-26 00:12:44 0 d-------- C:\Program Files\Google
2008-12-26 00:12:26 0 d-------- C:\Program Files\DAEMON Tools
2008-12-25 21:36:14 0 d-------- C:\Program Files\Common Files
2008-12-25 15:38:55 0 d-------- C:\Program Files\COGECO Security Services
2008-12-25 15:32:59 0 d-------- C:\Program Files\MorpheusBar
2008-12-24 22:48:58 0 d-------- C:\Documents and Settings\User for now\Application Data\Image Zone Express
2008-12-22 17:21:56 0 d-------- C:\Program Files\Common Files\HP
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/28/2007 11:43 PM]
"nwiz"="nwiz.exe" [06/28/2007 11:43 PM C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [04/09/2007 11:32 AM C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [04/09/2007 11:32 AM C:\WINDOWS\system32\Ctxfihlp.exe]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [08/01/2001 01:00 AM]
"UpdReg"="C:\WINDOWS\Updreg.exe" [05/11/2000 12:00 AM]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [09/14/2001 12:10 PM]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [04/20/2001 01:52 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 01:41 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/25/2007 05:14 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06/28/2007 11:43 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 12:10 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 03:27 PM]
"F-Secure Manager"="C:\Program Files\COGECO Security Services\Common\FSM32.exe" [11/01/2007 06:42 AM]
"F-Secure TNB"="C:\Program Files\COGECO Security Services\FSGUI\TNBUtil.exe" [11/01/2007 06:42 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskTray"="C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe" [06/29/2001 12:00 AM]
"Taskbar"="C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe" [09/20/2001 12:00 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 07:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/14/2008 12:50 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/24/2007 3:55:34 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 3:21:22 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [7/1/2007 6:26:03 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
-- Hosts -----------------------------------------------------------------------
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
7535 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-12-26 10:46:27 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Celeron® D CPU 3.06GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 510.36 MiB / 227.63 MiB
Pagefile Memory (total/avail): 1245.31 MiB / 642.49 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1902.55 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 76.68 GiB total, 40.8 GiB free.
D: is CDROM (No Media)
F: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - IC35L090AVV207-0 - 76.69 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.68 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: COGECO Security Services 7.03 v7.03 (F-Secure Corporation)
AV: COGECO Security Services 7.03 v7.03 (F-Secure Corporation)
Outdated[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Documents and Settings\\User for now\\Desktop\\wowclient-downloader.exe"="C:\\Documents and Settings\\User for now\\Desktop\\wowclient-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\User for now\\Desktop\\WoW-BurningCrusade-enUS-Installer-downloader.exe"="C:\\Documents and Settings\\User for now\\Desktop\\WoW-BurningCrusade-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Diablo\\Diablo.exe"="C:\\Program Files\\Diablo\\Diablo.exe:*:Enabled:Diablo"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\User for now\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER-46FB65DA73
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\User for now
LOGONSERVER=\\USER-46FB65DA73
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\USERFO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\USERFO~1\LOCALS~1\Temp
USERDOMAIN=USER-46FB65DA73
USERNAME=User for now
USERPROFILE=C:\Documents and Settings\User for now
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
User for now
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
--> "C:\Program Files\COGECO Security Services\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
--> C:\Program Files\Creative\SBAudigy\Program\Ctzapxx.EXE
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\News\CTNews.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\AudioHQ\AudioHQU.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Demo\AUDIGYDEMO.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Diagnose2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Midi.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\MiniDisc\MDC.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\PlayCenter2\Player2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Program\RDefault.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\QuickStart\QuickStart.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Recorder\Recorder.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Sound Blaster Audigy Manual\English\CTManual.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\SoundFont.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\SurMix2\SurMix2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Taskbar\Taskbar.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\WaveStudio\Wstudio.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
COGECO Security Services --> "C:\Program Files\COGECO Security Services\FSGUI\PostInstall.exe" /tUnInstall
Diablo --> C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Diablo --> C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EAX Goldmine --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Goldmine\Uninst.isu"
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Guitar Pro 5.0 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hoyle Board Games 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB1CCBED-FA66-4D30-BFD7-EF20AD0A81FE}\setup.exe" -l0x9
Hoyle Puzzle Games 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3EAB67E-9B37-4B74-AFE6-D418D5F6F3D4}\setup.exe" -l0x9
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
iPod for Windows 2005-02-07 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{78B50D1D-642C-4B89-BCC7-352EAE3614D7} /l1033
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
KKopy --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{E2F43AFC-95FF-43A3-95C2-8F55D41CDEC0}
LimeWire 4.14.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{B9966F27-9678-4620-9579-925E3084647E}
Microsoft Works 2004 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP D:\
Midi Maker --> C:\WINDOWS\iun506.exe C:\Program Files\Midi Maker\irunin.ini
Mozilla Firefox (1.5.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.12 (en-US)"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Power Tab Editor 1.7 --> MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Sound Blaster Audigy --> C:\Program Files\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tablet --> C:\Program Files\Tablet\Remove.exe /u
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinFast® Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x9 -removeonly
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft Trial --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft Trial\Uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type6222 / Error
Event Submitted/Written: 12/26/2008 00:17:46 AM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
2 2008-12-26 00:17:44-04:00 user-46fb65da73 USER-46FB65DA73\User for now F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: AdTool.Win32.MyWebSearch
Object: C:\Program Files\Morpheus\morpheustoolbar.exe
Event Record #/Type6221 / Error
Event Submitted/Written: 12/25/2008 11:37:19 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
1 2008-12-25 23:37:16-04:00 user-46fb65da73 USER-46FB65DA73\User for now F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\COGECO SECURITY SERVICES\FSAUA\SUBSCRIPTIONS\AVH_AVPE was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).
Event Record #/Type6216 / Error
Event Submitted/Written: 12/25/2008 10:51:38 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : RUNDLL32: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event
Event Record #/Type6215 / Error
Event Submitted/Written: 12/25/2008 10:26:06 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
1 2008-12-25 22:26:03-04:00 user-46fb65da73 USER-46FB65DA73\User for now F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: AdTool.Win32.MyWebSearch
Object: C:\Program Files\Morpheus\morpheustoolbar.exe
Event Record #/Type6209 / Error
Event Submitted/Written: 12/25/2008 08:05:56 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
1 2008-12-25 20:05:52-04:00 user-46fb65da73 USER-46FB65DA73\User for now F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQPPROP.EXE was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2561 / Error
Event Submitted/Written: 12/25/2008 09:30:48 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type2560 / Error
Event Submitted/Written: 12/25/2008 09:30:07 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Event Record #/Type2559 / Error
Event Submitted/Written: 12/25/2008 08:13:50 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
AVG Anti-Spyware Driver
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
WS2IFSL
Event Record #/Type2558 / Error
Event Submitted/Written: 12/25/2008 08:13:50 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31
Event Record #/Type2557 / Error
Event Submitted/Written: 12/25/2008 08:13:50 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31
-- End of Deckard's System Scanner: finished at 2008-12-26 10:46:27 ------------
rootchk:
********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
Fri 12/26/2008 10:51:29.53
NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-26 10:51:32
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:c8,72,bb,f8,f5,3a,ff,d3,b3,e2,d1,37,10,dd,47,af,49,03,72,8c,77,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e4,88,bd,7e,45,02,4c,17,84,ae,57,af,d8,f0,a9,89,aa,..
"khjeh"=hex:0e,01,5c,ea,66,d4,2c,11,47,45,1d,5f,1f,22,63,a3,2b,ea,51,ff,c7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fc,21,ea,bf,55,f2,59,d5,06,40,e4,af,e7,14,09,f8,47,ab,5a,7c,7f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:c8,72,bb,f8,f5,3a,ff,d3,b3,e2,d1,37,10,dd,47,af,49,03,72,8c,77,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e4,88,bd,7e,45,02,4c,17,84,ae,57,af,d8,f0,a9,89,aa,..
"khjeh"=hex:0e,01,5c,ea,66,d4,2c,11,47,45,1d,5f,1f,22,63,a3,2b,ea,51,ff,c7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fc,21,ea,bf,55,f2,59,d5,06,40,e4,af,e7,14,09,f8,47,ab,5a,7c,7f,..
scanning hidden registry entries ...
scanning hidden files ...
hidden processes: 0
hidden services: 0
hidden files: 0