here is the MAIN
Deckard's System Scanner v20071014.68
Run by Candy on 2008-02-06 17:40:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2008-02-06 22:40:44 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 254 MiB (512 MiB recommended).-- HijackThis (run as Candy.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:18 PM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ups.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Candy\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Candy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.wsoctv.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video Access ActiveX Object\isamntr.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .wmv: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) -
http://166.82.142.62...ls/LTOCX14N.cabO16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
https://components.v...l?noreloadredirO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop...p/PCPitStop.CABO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?LinkID=39204O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) -
http://forms.real.co...ne_Inst_Win.cabO16 - DPF: {2A510DC8-C9B5-4269-B9BA-E5B04D47D981} (CPlayFirstDDSonicControl Object) -
http://www.shockwave...ic.1.0.0.92.cabO16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) -
http://wdownload.wea...Transporter.cab?
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} -
http://download.av.a...83/mcinsctl.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://photos.walmar...martActivia.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg...l_v1-0-3-36.cabO16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) -
http://www.worldwinn...ll/freecell.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1131150555218O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} -
http://mediaplayer.w...ler/install.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinn...ed/wwlaunch.cabO16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) -
https://accounting.q....292/qboax8.cabO16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -
http://a19.g.akamai....02/cpbrkpie.cabO16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) -
http://www.worldwinn...v46/wof/wof.cabO16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
http://www.sibelius....tiveXPlugin.cabO16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) -
http://www.worldwinn...man/hangman.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{8DCDBC5C-C019-4CF6-821B-0082969CC2CD}: NameServer = 85.255.114.55,85.255.112.21
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.55 85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.55 85.255.112.21
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: hemine - {9d6fac42-a7be-4702-87ef-75d8dc14249e} - C:\WINDOWS\system32\tahxqcj.dll (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9490 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT>
S2 DgiVecp - c:\windows\system32\drivers\dgivecp.sys (file missing)
S3 AvFlt (Antivirus Filter Driver) - c:\windows\system32\drivers\av5flt.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {E6ABB47D-8339-4C60-BE92-E9045FF5A33D}
Description: Intel® AIM External Flat Panel Driver 8
Device ID: DISPLAY\WADV11NT\4&309B7D48&2&8086300E&00&01
Manufacturer: Intel Corporation
Name: Intel® AIM External Flat Panel Driver 8
PNP Device ID: DISPLAY\WADV11NT\4&309B7D48&2&8086300E&00&01
Service: iAimFP8
Class GUID: {E6ABB47D-8339-4C60-BE92-E9045FF5A33D}
Description: Intel® AIM External Flat Panel Driver 7
Device ID: DISPLAY\WADV09NT\4&309B7D48&2&8086300C&00&01
Manufacturer: Intel Corporation
Name: Intel® AIM External Flat Panel Driver 7
PNP Device ID: DISPLAY\WADV09NT\4&309B7D48&2&8086300C&00&01
Service: iAimFP7
Class GUID: {E6ABB47D-8339-4C60-BE92-E9045FF5A33D}
Description: Intel® AIM External Flat Panel Driver 6
Device ID: DISPLAY\WADV08NT\4&309B7D48&2&8086300B&00&01
Manufacturer: Intel Corporation
Name: Intel® AIM External Flat Panel Driver 6
PNP Device ID: DISPLAY\WADV08NT\4&309B7D48&2&8086300B&00&01
Service: iAimFP6
Class GUID: {E6ABB47D-8339-4C60-BE92-E9045FF5A33D}
Description: Intel® AIM External Flat Panel Driver 5
Device ID: DISPLAY\WADV07NT\4&309B7D48&2&8086300A&00&01
Manufacturer: Intel Corporation
Name: Intel® AIM External Flat Panel Driver 5
PNP Device ID: DISPLAY\WADV07NT\4&309B7D48&2&8086300A&00&01
Service: iAimFP5
-- Scheduled Tasks -------------------------------------------------------------
2004-10-24 12:56:20 106 --a------ C:\WINDOWS\Tasks\UPS System Shutdown Program.job
-- Files created between 2008-01-06 and 2008-02-06 -----------------------------
2008-02-01 21:21:15 0 d-------- C:\Program Files\Trend Micro
2008-01-15 17:06:29 0 d-------- C:\Program Files\Common Files\ODBC
-- Find3M Report ---------------------------------------------------------------
Nothing modified in this timespan.
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}]
C:\Program Files\Video Access ActiveX Object\isadd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/22/2007 09:30 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/06/2004 10:42 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"DW4"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [12/24/2007 06:48 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"user32.dll"=C:\Program Files\Video Access ActiveX Object\isamntr.exe
"rare"=C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9d6fac42-a7be-4702-87ef-75d8dc14249e}"= C:\WINDOWS\system32\tahxqcj.dll [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [01/19/2007 07:06 AM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdmxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 04/27/2007 07:04 AM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
backup=C:\WINDOWS\pss\APC UPS Status.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 1.0.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 1.0.lnk
backup=C:\WINDOWS\pss\Digimax Viewer 1.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lexmark X125 Settings Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lexmark X125 Settings Utility.lnk
backup=C:\WINDOWS\pss\Lexmark X125 Settings Utility.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Candy^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Candy\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1134057600\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Loader]
C:\WINDOWS\System\loader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff750e1c-3179-11dc-b653-00402b1d0c04}]
AutoRun\command- E:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2008-02-06 17:43:21 ------------
And here is the EXTRA
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Celeron CPU 1300MHz
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 253.98 MiB / 94.16 MiB
Pagefile Memory (total/avail): 625.52 MiB / 361.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.16 MiB
A: is Removable (No Media)
C: is Fixed (FAT32) - 37.26 GiB total, 24.4 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD400BB-00GFA0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 37.27 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AntivirusOverride is set.
AV: AVG 7.5.516 v7.5.516 (Grisoft)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1134057600\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1134057600\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1134057600\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1134057600\\ee\\aim6.exe:*:Enabled:AIM"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\BIN\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\BIN\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Disabled:AIM"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Candy\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC-YPCJMF4GBXNQ
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Candy
LOGONSERVER=\\PC-YPCJMF4GBXNQ
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 11 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Candy\LOCALS~1\Temp
TMP=C:\DOCUME~1\Candy\LOCALS~1\Temp
USERDOMAIN=PC-YPCJMF4GBXNQ
USERNAME=Candy
USERPROFILE=C:\Documents and Settings\Candy
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Candy
(admin)Travis
(admin)Administrator
(new local, admin)-- Add/Remove Programs ---------------------------------------------------------
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\INSTALL.LOG
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
-- Application Event Log -------------------------------------------------------
Event Record #/Type16471 / Error
Event Submitted/Written: 02/02/2008 02:22:41 AM
Event ID/Source: 100 / AVG7
Event Description:
2008-02-02 07:22:41,281 PC-YPCJMF4GBXNQ [001576:001632] ERROR 000 AVG7.WTS.CAvgAmWts ProcessIdToSessionId(3244) call failed with WIN32 error 87, returning session id is 0
Event Record #/Type16455 / Error
Event Submitted/Written: 01/30/2008 07:18:20 AM
Event ID/Source: 100 / AVG7
Event Description:
2008-01-30 12:18:20,468 PC-YPCJMF4GBXNQ [001308:001320] ERROR 000 AVG7.WTS.CAvgAmWts ProcessIdToSessionId(2260) call failed with WIN32 error 87, returning session id is 0
Event Record #/Type16444 / Error
Event Submitted/Written: 01/25/2008 04:22:27 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type16416 / Error
Event Submitted/Written: 01/16/2008 08:09:15 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16574, faulting module flash9d.ocx, version 9.0.47.0, fault address 0x0018af33.
Processing media-specific event for [iexplore.exe!ws!]
Event Record #/Type16415 / Error
Event Submitted/Written: 01/16/2008 05:18:08 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: The data is invalid.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type37078 / Error
Event Submitted/Written: 02/06/2008 05:30:53 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {00020906-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Event Record #/Type37062 / Error
Event Submitted/Written: 02/06/2008 05:28:05 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The DgiVecp service failed to start due to the following error:
%%2
Event Record #/Type37061 / Error
Event Submitted/Written: 02/06/2008 05:27:13 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.0.5 for the Network Card with network address 00402B1D0C04 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
Event Record #/Type37041 / Error
Event Submitted/Written: 02/06/2008 09:45:10 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The DgiVecp service failed to start due to the following error:
%%2
Event Record #/Type37035 / Error
Event Submitted/Written: 02/04/2008 05:55:03 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
-- End of Deckard's System Scanner: finished at 2008-02-06 17:43:21 ------------